When Visa’s redesigned VAMP framework went live on April 1, 2025, it quietly brought the biggest shift in card-network oversight in more than a decade. Many merchants and acquirers had grown accustomed to Visa’s older monitoring programs — systems where fraud, chargebacks, and unusual activity were tracked separately, each with its own thresholds, processes, and escalation paths. The new VAMP replaces all of that with a single, unified structure that operates much more aggressively and consistently across the entire payments ecosystem.

The headline change is consolidation. Under the old regime, merchants dealt with the Visa Fraud Monitoring Program (VFMP) for fraud and the Visa Dispute Monitoring Program (VDMP) for chargebacks. These programs ran in parallel but rarely interacted, meaning a business could have manageable dispute levels yet still be flagged for fraud, or vice versa. The redesign merges both categories — along with card-testing and enumeration activity — into one combined lens. Every month, Visa evaluates acquirers and, by extension, their merchants using one blended performance metric. This universal approach dramatically increases the visibility of problematic behavior and eliminates the silos that once allowed certain patterns to slip through unnoticed.

Another major difference lies in how transactions are counted. Previously, fraud alerts and customer disputes lived in separate reporting worlds. Under VAMP, they sit side by side in the same calculation, which means a single transaction can have a greater impact than merchants are used to. If a compromised card triggers a fraud alert and later becomes a dispute, that pairing now carries more weight than under the old model. The new structure also standardizes global oversight, applying consistent evaluation criteria to card-not-present activity in all regions — a stark contrast to the patchwork of regional variances that once existed.

The program also introduces something many merchants rarely thought about: enumeration. Card-testing attacks — rapid-fire authorization attempts used by bots to validate stolen cards — are now a formal part of VAMP monitoring. While this type of activity was previously handled through scattered security measures, Visa now treats it as a compliance risk. Acquirers whose authorization streams show signs of attack are monitored more closely and may be forced to intervene with the merchants generating the suspicious traffic. This new scrutiny brings technical and operational considerations to the forefront, particularly for platforms or gateways that handle high-volume CNP traffic.

Thresholds have evolved too. Under the prior system, merchants typically monitored “disputes per thousand transactions” or raw chargeback counts. VAMP shifts to a percentage-based model that scales with volume. The result is a far more sensitive system. Large merchants who once took comfort in the fact that high transaction counts kept their ratios low now face tighter tolerances. Even small percentage increases in disputes or fraud can push them toward remediation. For acquirers, the stakes are higher still: the revised thresholds begin around half a percent, and many risk teams expect that Visa will continue tightening over time.

The enforcement environment is very different as well. Under previous programs, a merchant with elevated numbers might face targeted remediation but could often remain in processing for months while they corrected issues. VAMP compresses the timeline. Because the risks are measured at the acquirer level, a handful of problematic merchants can drag a whole portfolio toward non-compliance. The result is increased pressure on acquirers to intervene earlier, more decisively, and more broadly than before. In practice, merchants may find themselves facing steeper reserves, stricter underwriting, or even sudden offboarding — not because of unusual behavior on their part, but because the acquirer must protect its overall ratio.

This shift also changes the nature of operational responsibility. In the past, a merchant might treat fraud prevention and dispute management as secondary tasks handled by back-office teams or outsourced vendors. Under VAMP, the consequences of poor performance are shared across the ecosystem, meaning acquirers, payment facilitators, and gateways all have incentives to embed stronger controls. Many are rolling out real-time dashboards, automated alerts, and more aggressive authentication requirements to keep ratios in check. Merchants, in turn, must strengthen everything from checkout flows and fraud screening to billing descriptors and customer-service protocols.

Perhaps the biggest cultural change is that VAMP eliminates the ability to “hide” inside a large volume of transactions. Under the old programs, high-volume merchants often had ratios that appeared healthy despite generating a large number of disputes. VAMP’s weighting makes that far harder. The new framework rewards consistency, clarity, and operational discipline — not scale.

In effect, VAMP turns fraud and dispute management into a continuous, portfolio-wide metric rather than a fragmented set of separate compliance checks. It widens the lens, tightens the thresholds, and brings previously overlooked behaviors into sharp focus. For merchants and payment platforms, the message is clear: the standards of the past no longer apply. The new rules require a level of transparency, discipline, and proactivity that many organizations are experiencing for the first time.

Those who adapt early — by upgrading their controls, improving communication with customers, and tightening their internal risk operations — will find the transition manageable. Those who continue operating under assumptions from the pre-VAMP world may find themselves facing a more abrupt awakening.

If you'd like, I can also produce a complementary one-page “Old System vs VAMP” explainer for internal or partner education.