What Happens When You’re in a Fraud Monitoring Program?

A major driving factor in merchants' desire to prevent fraud is the fraud monitoring programs implemented by the main credit card networks, namely the Visa Fraud Monitoring Program (VFMP) and MasterCard’s Excessive Fraud Merchant Compliance Program (EFM). These programs are designed to help companies develop plans to tackle their fraud problems, but they also tack on hefty fees to penalize merchants who don’t have their house in order.
by Ronen Shnidman
Share this post
Published: August 26, 2021
Table of Contents
Contents
hello world!
visa and mastercard Monitoring Program

A major driving factor in merchants' desire to prevent fraud is the fraud monitoring programs implemented by the main credit card networks, namely the Visa Fraud Monitoring Program (VFMP) and MasterCard’s Excessive Fraud Merchant Compliance Program (EFM). These programs are designed to help companies develop plans to tackle their fraud problems, but they also tack on hefty fees to penalize merchants who don’t have their house in order.



VFMP thresholds


Visa uses fraud-related chargebacks and TC40 data to decide which merchants should be placed in VFMP. An early warning is given to merchants and their acquirers when their ratio of fraud to total sales exceeds 0.65 percent and overall fraud is greater than $50,000 per month.

It should be noted that Visa only counts the first ten fraudulent transactions from a single cardholder. That means that if you have dozens of fraud chargebacks in a specific month due to one bad card, only the first ten of those transactions will count towards your fraud ratio.


Merchants are placed in VFMP when the ratio of the dollar value of fraudulent transactions to total amount of transactions exceeds 0.9 percent and total fraud is greater than $75,000 per month. When the fraud rate climbs above 1.8 percent and $250,000 in total fraud, merchants are placed in the excessive level of VFMP. You can be transferred from a standard VFMP to an excessive-risk VFMP but not vice versa. Also, merchants in high-risk Merchant Category Codes (MCCs) are automatically placed in the excessive VFMP when they exceed standard fraud levels. The only way to get out of the excessive level program is to reduce your fraud rate to compliant levels.


VFMP timeline


During the first month of both standard and excessive VFMP, the acquirer must notify the merchant that they’ve exceeded thresholds. Months two through four are the workout period. The merchant’s acquirer must begin to work with their merchant to implement a fraud remediation plan. Months five through 12 are the enforcement period. The acquirer must ensure the plan is working or make adjustments until the merchant’s fraud levels are below VFMP thresholds. After 12 months in either the standard or excessive programs, Visa may exercise their right to take away the merchant’s ability to process Visa payments.



While in VFMP, merchants will automatically receive chargebacks under reason code 10.5: fraud monitoring program for fraud related disputes. This is even true if you use 3-D Secure, which normally shifts liability to the issuer

Merchants can get out of the VFMP by staying below the standard fraud threshold of 0.9% for three consecutive months.


VFMP Standard


ROW LAYOUT: table_component

VFMP Excessive


ROW LAYOUT: table_component

Mastercard’s EFM program


MasterCard uses fraud-related chargebacks and SAFE report data to determine which merchants should be placed in the EFM program. Specifically, chargebacks due to reason codes 4837 (No Cardholder Authorization) and 4863 (Cardholder Does Not Recognize -- Potential Fraud) are counted. To be placed in the EFM one must have in a calendar month:

  • A minimum of 1,000 eCommerce transactions processed in the preceding month
  • Fraud volume greater than $50,000 
  • The ratio of the number of fraud chargebacks to sales is greater than 0.5 percent
  • Total 3DS payments less than 10 percent of total Mastercard payments in a non-regulated (i.e. lacking strong consumer authentication requirement) country or less than 50 percent of total MasterCard payments in a regulated country.

ROW LAYOUT: table_component


To be removed from the EFM program, a merchant must be in compliance for three consecutive months, meaning the account did not meet the criteria listed above to be flagged in the program. Once a merchant exits the EFM program, any subsequent flagging would start over at Month 1 again. While enabling 3D Secure is not a requirement of the EFM program, it is recommended to help mitigate fraud by authenticating transactions.


Invest in prevention


An ounce of prevention is worth a pound of cure. In general, a merchant should invest in anti-fraud tools to avoid being placed in a fraud monitoring program in the first place. If your fraud rate is rising dangerously close to the threshold or you’ve already breached it and need to develop a mediation plan, feel free to contact us for impartial advice on fraud solutions on the market.


Contact us to find out more

Fraud Monitoring Program FAQs


What is chargeback monitoring?

It is the way card networks track merchants’ activity by continually checking if those merchants meet the stipulated chargeback rate thresholds.

How is the fraud ratio calculated?

The fraud ratio is calculated by dividing the total number of fraud alerts in a month by the transaction volume in the same month.

What is a chargeback ratio?

It’s the number of chargebacks a merchant receives in a calendar month divided by the number of transactions in the same or preceding month, depending on the card network. Read more!

What is TC40 data?

It is information collected by a Visa issuing bank when a cardholder disputes a fraudulent transaction. Although TC40 reports don’t prevent fraud or chargebacks directly, they may provide merchants with valuable and actionable insight when shared by their acquirer.

What are high-risk merchants?

A high-risk merchant is a business that has a high risk of chargebacks. General indicators of high-risk merchants include:

  • Monthly sales volume of over $20,000
  • An average transaction value over  $500
  • Sells services or products to countries flagged for high fraud levels
  • Excessive chargebacks and bad credit history
What happens if a merchant doesn’t have a good fraud ratio?

If a merchant cannot lower their fraud levels below the set thresholds over 12 months in the program, they may be barred from accepting credit cards altogether.

How do I exit VFMP?

Merchants can exit the VFMP by maintaining a dispute ratio below 0.9% for three consecutive months.

Is VFMP the same as VDMP?

VFMP is designed for merchants with unacceptably high fraud rates, while  VDMP is for merchants with excessive chargeback ratios. Aside from this, the two differ in their standards of compliance.


Contact us to find out more
Written by
Ronen Shnidman
Ex-journalist and major fan of fintech and OSINT, I write regularly for leading industry outlets in finance and fraud prevention. Outlets I contribute to include Payments Dive, Finextra, and Merchant Fraud Journal, and I have been cited by PYMNTS.com
Sign up for our newsletter
2024 Justt Ltd. All rights reserved.