Chargeback and Fraud Monitoring Programs
SHOPLINE Payments must comply with financial obligations to card networks, which requires us to control potential chargeback and fraud risks to keep them within acceptable levels. Card networks like Visa and Mastercard set thresholds for these risks. If a merchant exceeds these thresholds, they may be placed in the card network's monitoring program. During this period, merchants may face penalties, additional fees, or even the loss of eligibility to use the card network's services until their chargeback or fraud levels drop to acceptable limits.
Once enrolled in a monitoring program, merchants can take corrective actions to reduce their chargeback or fraud rates below the threshold, helping them avoid further restrictions.
Visa Monitoring Programs
VAMP (Visa Acquirer Monitoring Program)
The Visa Acquirer Monitoring Program (VAMP) is a monitoring framework used by Visa to evaluate the fraud and dispute performance of acquirers and merchants. It applies to card-not-present (CNP) transactions processed through VisaNet, including both domestic and cross-border transactions.
VAMP Ratio
Definition
The VAMP Ratio is the core metric used to measure fraud and dispute risk based on transaction volume.
VAMP Ratio = (Number of fraud transactions + Number of dispute transactions) ÷ Number of cleared transactions
Scope and Exclusions
The following transactions are excluded from the VAMP Ratio calculation:
- Disputes resolved through Pre-Chargeback solutions
- Fraud transactions reported under TC40 that meet the criteria of Compelling Evidence 3.0 (CE 3.0)
Thresholds
Acquirer Thresholds
Acquirers are evaluated based on the following VAMP Ratio thresholds:
- ≥ 0.5%: Classified as Above Standard
- ≥ 0.7%: Classified as Excessive
Minimum monthly volume requirements:
- AP, Canada, EU, US, LAC: At least 1,500 fraud and dispute transactions
- CEMEA (Central & Eastern Europe, Middle East, and Africa):
- At least 150 transactions, and
- A total amount of USD 75,000 or more
Merchant Thresholds (Effective April 1, 2026)
If an acquirer is not classified as Above Standard or Excessive, the following merchant-level thresholds apply:
| Region | VAMP Ratio Threshold | Monthly Fraud + Dispute Volume |
| AP, Canada, EU, US, LAC | ≥ 1.5% | ≥ 1,500 transactions |
| CEMEA | ≥ 2.2% | ≥ 150 transactions and ≥ USD 75,000 |
VAMP Enumeration Ratio
Compliance Requirements
Acquirers are required to implement proactive risk control measures to prevent merchants from exceeding the defined enumeration thresholds.
Definition
The VAMP Enumeration Ratio is used to identify card testing (BIN attack) activity:
Enumeration Ratio = Number of enumerated authorization transactions ÷ Total authorization transactions
(Both approved and declined transactions are included.)
Thresholds
Merchants may be subject to enforcement if both of the following thresholds are met:
- Enumeration Ratio ≥ 20% (2000 basis points)
- Enumeration transaction volume ≥ 300,000 transactions
Mastercard Monitoring Programs
ECP (Mastercard Excessive Chargeback Program)
Evaluation Criteria
Mastercard monitors merchants' chargeback activity through the Excessive Chargeback Program (ECP). The program classifies merchants into two categories:
- Excessive Chargeback Merchant (ECM): Applies to merchants with a high volume of chargebacks.
- High Excessive Chargeback Merchant (HECM): Targets merchants with even higher chargeback rates, subject to stricter penalties and increased monitoring.
A merchant is placed in the ECP if they meet or exceed both of the following monthly thresholds:
- Total chargebacks: The total number of chargebacks within the month.
- Chargeback rate: The ratio of chargebacks to successful transactions from the previous month.
Evaluation Period
Mastercard evaluates chargeback trends on a monthly basis, calculating the chargeback rate as: (Total chargebacks ÷ Successful transactions from the previous month)
Penalty Criteria
ECM: Mastercard Excessive Chargeback Merchant
| Disputes | Chargeback rate | Fine |
| 100-299 | 1.5-2.99% | Fines start after two months and increase monthly. See the timeline below for details. |
Once a merchant is enrolled in the card organization's monitoring program, the following fine schedule applies:
| Monitoring months | Fine | Issuing bank recovery assessment |
| 1 | USD 0 | No |
| 2-3 | USD 1,000 | No |
| 4-6 | USD 5,000 | Yes |
| 7-11 | USD 25,000 | Yes |
| 12-18 | USD 50,000 | Yes |
| 19+ | USD 100,000 | Yes |
Additional Fees: Merchants exceeding 300 chargebacks in a month will incur an additional $5 per chargeback. For example, if a merchant has 400 chargebacks in the fourth month under ECM, their total fee would be: $5,500 = ($5,000 + (400 - 300) * $5)
HECM: Mastercard High Excessive Chargeback Merchant
| Disputes | Chargeback rate | Fine |
| 300+ | 3% | Fines start after two months and increase monthly. See the timeline below for details. |
Once a merchant is enrolled in the card organization's monitoring program, the following fine schedule applies:
| Monitoring months | Fine | Issuing bank recovery assessment |
| 1 | USD 0 | No |
| 2 | USD 1,000 | No |
| 3 | USD 2,000 | No |
| 4-6 | USD 10,000 | Yes |
| 7-11 | USD 50,000 | Yes |
| 12-18 | USD 100,000 | Yes |
| 19+ | USD 200,000 | Yes |
EFM (Mastercard Excessive Fraud Merchant Compliance Program)
Evaluation Criteria
Merchants may be placed in Mastercard's Excessive Fraud Merchant Compliance Program (EFM) if they meet the following thresholds:
- Transaction volume: At least 1,000 Mastercard e-commerce transactions.
- Net fraud amount: Fraud-related chargebacks (dispute reason codes 4837 or 4863) exceed $50,000 (or $15,000 in Australia).
- Fraud chargeback rate: The percentage of fraud-related chargebacks compared to total transactions in the previous month exceeds 0.50% (or 0.20% in Australia).
- 3D Secure (3DS) verification rate: The percentage of Mastercard transactions verified via 3D Secure (3DS) must meet one of the following:
- Non-regulated countries: ≤ 10% of total Mastercard transactions
- Regulated countries: ≤ 50% of total Mastercard transactions
Evaluation Period
Mastercard reviews fraud metrics on a monthly basis, calculating the fraud chargeback rate as: (Fraud chargebacks ÷ Total successful transactions from the previous month)
Penalty Criteria
| Monitoring months | Fine |
| 1 | USD 0 |
| 2 | USD 500 |
| 3 | USD 1,000 |
| 4-6 | USD 5,000 |
| 7-11 | USD 25,000 |
| 12-18 | USD 50,000 |
| 19+ | USD 100,000 |
AusPayNet Monitoring Programs
The AusPayNet (APN) CNP Fraud Mitigation Program aims to mitigate card-not-present (CNP) fraud within the Australian payment industry. It applies to both Australian merchants and cardholders.
FMP (APN Fraud Monitoring Program)
Merchants will be included in the program if they meet or exceed the following two quarterly thresholds:
- Fraudulent chargeback amount: The total value of fraudulent chargebacks received in the quarter exceeds AUD 50,000.
- Fraud chargeback rate: The ratio of fraudulent chargebacks to total sales for the quarter exceeds 0.20%.
If a merchant's CNP transactions fall below the FMP thresholds in a quarter, they may be exempt from FMP and SCA obligations.
| Number of quarters above the FMP threshold | Corrective measures |
| 1 | Merchants must implement fraud controls to reduce fraudulent chargebacks. It is recommended to apply Strong Customer Authentication (SCA) to a subset of CNP transactions defined as high-risk. |
| 2 | Merchants must perform one or more of the following actions:
|
| 3 | Merchants must forward all CNP transactions to the cardholder's issuing bank for SCA. Otherwise, they can only opt out. |
| 4+ | Merchants may have lost eligibility to use the service. |
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication (SCA) is a security protocol that requires merchants to verify a cardholder's identity using at least two of the following authentication factors:
- Something they know: Information only the cardholder knows, such as a password or PIN.
- Something they have: An item or device the cardholder possesses, such as a mobile phone or security token.
- Something they are: Biometric data such as a fingerprint or facial recognition.
Cartes Bancaires Monitoring Program
The Cartes Bancaires (CB) Monitoring Program is a France-specific monitoring framework that evaluates merchant performance for card-not-present (CNP) transactions processed through the Cartes Bancaires network.
It monitors dispute and fraud activity at the merchant registration number level on a monthly basis, based on the original transaction date.
Disputes Monitoring Program
The CNP Disputes Monitoring Program tracks dispute activity monthly based on the original transaction date.
For example, for transactions in January:
- Dispute count: Total number of disputes received for transactions captured in January
- Dispute-to-sales ratio: Number of disputes for January transactions ÷ Total number of transactions captured in January
Evaluation Criteria
The chargeback rate for month M is calculated at the end of month M+3. A merchant may enter the Disputes Monitoring Program if the following thresholds are met for four consecutive months:
- Chargeback rate > 2%
- At least 200 chargebacks per month
Exit Criteria
A merchant exits the program if the following conditions are met over six consecutive months within the observation period:
- Chargeback rate (CTR) < 1%,
OR - Fewer than 100 chargebacks per month
Fraud Monitoring Program
The CNP Fraud Monitoring Program tracks fraud activity monthly based on the original transaction date.
For example, for transactions in January:
- Fraud amount: Total value of fraudulent transactions from January
- Fraud-to-sales ratio: Total value of fraudulent transactions in January ÷ Total value of transactions captured in January
Evaluation Criteria
The fraud rate for month M is calculated at the end of month M+2. A merchant may enter the Fraud Monitoring Program if the following thresholds are met for four consecutive months:
- Fraud rate > 0.30%
- At least EUR 20,000 in fraudulent transactions per month
Exit Criteria
A merchant exits the program when both of the following conditions are met:
- The required action plan has been completed
- During an observation period of six consecutive months, the fraud transaction rate (FTR) remains below 0.30% each month