Visa VAMP & Network Chargeback Monitoring Programs

You're probably already in the window before you get the notice

Network monitoring programs don't announce themselves in real time. By the time your acquirer forwards a placement notice — whether for Visa VAMP or Mastercard ECM — the ratio that triggered it was calculated on transaction data from four to six weeks earlier. The month you're currently in is already being measured. That lag is the first operational trap: merchants who receive a notice and treat it as the start of the problem are already a month or more behind on remediation.

Open Shopify Admin → Orders → Disputes and sort by the last 60 days. That view won't give you a network-formatted ratio, but it will show you whether dispute volume is concentrated in a product line, a fulfillment method, or a customer acquisition channel — which is where remediation actually starts. The ratio calculation happens at your acquirer and flows up to the network; the root cause almost always lives in your order data.

What VAMP actually is — and what it replaced

Visa ran two separate merchant-facing programs for most of the past decade: VDMP (Visa Dispute Monitoring Program) for chargeback ratios and VFMP (Visa Fraud Monitoring Program) for fraud ratios. They had separate thresholds, separate fee schedules, and separate remediation tracks. Effective April 2025, Visa consolidated both into VAMP — the Visa Acquirer Monitoring Program. The name change matters operationally: VAMP enforces at the acquirer level rather than directly at the merchant level, which means your acquirer absorbs the network fees and then passes them through to you, often with their own markup or internal consequence layered on top.

The VAMP ratio is a blended calculation combining dispute and fraud activity. Confirm the exact current formula with your acquirer — Visa has adjusted the methodology as part of the April 2025 rollout, and some acquirers are still updating their internal reporting to reflect the consolidated metric. What hasn't changed: the program has a standard tier and an excessive tier, with meaningfully higher fees at the excessive level. As of the consolidation, the standard threshold sits around 0.9% and the excessive threshold around 1.8%, but treat those as directional — verify the current figures with your acquirer before building a remediation target.

One structural shift worth flagging: because VAMP enforces at the acquirer level, your acquirer now has more direct financial exposure when you breach thresholds. That changes the conversation. Acquirers who previously sent informal warnings may now move faster to formal remediation requirements or account review because the fee liability lands on them first.

Mastercard ECM runs on a different clock entirely

Mastercard's Excessive Chargeback Merchant program predates Visa's consolidation and operates independently. ECM has two tiers: the standard ECM tier triggers at a 1.5% chargeback-to-transaction ratio with a minimum of 100 chargebacks in the measurement month; the High ECM tier triggers at 3.0% with at least 300 chargebacks. Both thresholds are confirm-with-your-acquirer figures — Mastercard has adjusted them before and the minimums matter, because low-volume merchants can have a high ratio without hitting the absolute count floor.

ECM fees are assessed monthly and escalate the longer you remain in the program. Mastercard also runs a separate Excessive Fraud Merchant (EFM) program for fraud-specific ratios, which can run concurrently with ECM if both thresholds are breached. Being in both simultaneously is not uncommon for merchants with a high-fraud product category and a slow dispute response rate — the fraud generates the disputes, and the disputes generate the ECM placement, and the EFM placement follows from the fraud volume that started it.

The exit criteria for ECM require three consecutive months below the threshold. One month of improvement resets the clock only if it's followed by two more. Mastercard does not grant early exit for partial improvement.

How the ratio is calculated — and where merchants misread it

Both networks calculate ratios as chargebacks (or fraud) received in a given month divided by transactions processed in that same month. The mismatch that catches merchants: a chargeback filed in October on a September transaction counts against October's ratio, not September's. If you had a high-volume promotion in September and the disputes roll in during October and November, your October and November ratios spike even if your current transaction volume is normal or declining.

This means a merchant who has already fixed the underlying problem — stopped a bad acquisition channel, tightened fraud screening, revised a misleading product description — can still breach thresholds for two months after the fix because the dispute tail from the old volume hasn't cleared. Remediation plans that don't account for this lag routinely underestimate how long it takes to see ratio improvement in the numbers the network actually measures.

Acquirers calculate your ratio using their own transaction count, which may differ slightly from what Shopify Payments surfaces. If you're tracking your own ratio using Shopify Admin data, treat it as a directional proxy, not a network-accurate figure. For merchants processing through a third-party acquirer connected to Shopify, the gap between what Shopify shows and what the acquirer reports can be meaningful — especially if you have multiple sales channels feeding the same MID.

Decision point: respond to the notice yourself or engage your acquirer's risk team first

When a monitoring program placement notice arrives, you have two paths, and the choice affects both timeline and outcome.

Path A: Submit a remediation plan directly to your acquirer's risk team within 5–7 business days. Most acquirers require a written remediation plan as a condition of continued processing. Submitting proactively — before they follow up — signals operational control and typically buys more time before escalation. The plan needs to be specific: named changes, measurable targets, and a timeline. A vague "we're working on it" response is treated as no response by most acquirer risk teams.

Path B: Wait for the acquirer to send a formal remediation request before responding. This path costs you 10–14 days of remediation runway and often results in stricter requirements in the formal plan, because the acquirer's risk team has now escalated internally. Some acquirers interpret delayed response as a sign that the merchant doesn't have operational control of the issue. If you're already in the excessive tier, waiting is almost never the right call — the fee exposure compounds monthly and the acquirer's tolerance for delay is lower.

The practical default: respond within one week of receiving the notice, even if your remediation plan is preliminary. A short acknowledgment with a committed delivery date for the full plan is better than silence.

Building the remediation plan — what it actually needs to contain

Acquirer risk teams read a lot of remediation plans. The ones that work share a structure: they identify the specific source of the elevated ratio, describe the operational change already made or in progress, and commit to a measurable outcome with a timeline. Generic plans — "we will improve our fraud screening and customer communication" — are filed and forgotten. Specific plans create a paper trail that protects you if the acquirer later claims you failed to remediate.

A workable internal structure for the plan:

• Root cause identification: Which product category, acquisition channel, or fulfillment method is generating the elevated disputes or fraud? Pull the last 90 days of dispute data from Admin → Orders → Disputes, group by reason code, and identify whether the concentration is in unauthorized transactions (fraud-sourced), item not received, or not as described. Each has a different fix.
• Changes already implemented: Date-stamped. If you've already tightened AVS requirements, added 3DS authentication, revised a product description, or paused a high-dispute SKU, say so with the implementation date.
• Changes in progress: Specific, with owner and completion date. "Implementing velocity rules on new card enrollments by [date]" is usable. "Improving fraud detection" is not.
• Projected ratio impact: Based on the dispute tail lag described above, when do you expect the ratio to begin declining in the network's measurement? This shows the acquirer you understand the mechanics, not just the symptoms.
• Monthly check-in commitment: Offer to provide a monthly ratio update. Acquirers who receive proactive updates are less likely to escalate to account suspension.

Sample internal note for the remediation file:

VAMP placement confirmed [date]. Root cause: unauthorized transaction disputes concentrated in [product line], representing 67% of dispute volume in [month]. AVS hard decline implemented [date] for non-matching billing ZIP. 3DS2 enrollment in progress, target completion [date]. Dispute tail from pre-fix volume expected to clear by [month+2]. Remediation plan submitted to [acquirer contact] on [date]. Next ratio check: [date].

That note is for your records, not the acquirer — but having it means that if the acquirer later claims you didn't act, you have a timestamped internal record of exactly what you did and when.

The fee structure and why the excessive tier is a different problem

Standard-tier fees are painful but survivable for most merchants — they're assessed monthly and, while they add up, they don't typically threaten processing continuity on their own. The excessive tier is different in kind, not just degree. Visa's excessive-tier fees under VAMP are substantially higher per month, and more importantly, acquirers who are absorbing those fees at the network level have direct financial incentive to terminate the merchant relationship rather than continue absorbing the liability. Mastercard's High ECM tier operates similarly.

The practical consequence: a merchant who enters the excessive tier and doesn't show measurable improvement within 60–90 days is at genuine risk of account termination, not just ongoing fees. Account termination at this stage means placement on the MATCH list (Mastercard Alert to Control High-Risk Merchants), which effectively blocks you from opening a new merchant account with most acquirers for five years. That outcome is avoidable, but only if remediation starts immediately and produces visible ratio movement within the first two measurement months after placement.

Confirm the current fee schedule with your acquirer — both Visa and Mastercard adjust fee amounts periodically, and the figures that circulate in industry forums are often a version or two out of date.

What "exiting" a program actually requires

Exit from both VAMP and ECM requires sustained performance below the threshold — not a single good month. Visa's standard exit requirement under VAMP is three consecutive months below the standard threshold. Mastercard ECM uses the same three-month consecutive standard. If you breach the threshold again in month two of your exit window, the clock resets.

This has a direct implication for how you sequence remediation changes. If you have multiple contributing factors — a high-fraud product line, a slow dispute response workflow, and a misleading subscription cancellation flow — you need all three addressed before your first measurement month in the exit window, not phased in over the three months. A partial fix that gets you to 1.1% when the threshold is 0.9% doesn't start your exit clock; it just keeps you in the program at a lower fee tier.

Some acquirers will informally acknowledge that you're "trending toward exit" before the three months complete, which can affect how aggressively they're monitoring your account. That informal acknowledgment is worth getting in writing — an email from your acquirer risk contact confirming your current ratio trajectory is useful documentation if there's ever a dispute about the timeline.

Shopify-specific operational steps during an active monitoring period

While you're in a monitoring program, your dispute response workflow needs to run at higher than normal efficiency — every winnable dispute you lose during this period adds to the ratio that's already elevated. A few specific actions:

In Shopify Admin → Orders → Disputes, set a daily review cadence rather than the default weekly or ad-hoc check. Monitoring program months are not the time to let disputes age toward their response deadline. Most acquirers give you 7–20 days to respond depending on the reason code and network; losing a day or two to a slow internal review process when you're already ratio-sensitive is avoidable.

For Shopify Payments merchants, the Disputes tab surfaces the response deadline directly. For merchants using a third-party processor, the deadline may only appear in the acquirer portal — not in Shopify — so confirm where your deadlines are actually visible and build your review process around that source, not around Shopify's interface.

If you're using DisputeDesk or a similar tool to manage dispute responses, the monitoring period is when consistent evidence assembly matters most. Automation improves consistency, not certainty — but during a monitoring period, consistency is exactly what you need, because a missed deadline or an incomplete submission on a winnable case has ratio consequences beyond the individual dispute loss.

One specific Shopify surface worth checking: Admin → Settings → Payments → Fraud prevention. If you're on Shopify Payments, the fraud filter settings here affect which orders get flagged for review before fulfillment. Tightening these settings during a monitoring period — accepting slightly more false positives in exchange for fewer fraudulent orders reaching fulfillment — is a reasonable tradeoff when your ratio is already elevated. The cost of a declined legitimate order is recoverable; the cost of a fulfilled fraudulent order that generates a chargeback is not, especially when you're already in a program.

The acquirer relationship during monitoring — what most merchants get wrong

Most merchants treat the acquirer as an adversary during a monitoring program. That framing is counterproductive. The acquirer's risk team has discretion in how aggressively they escalate, how much time they give you between check-ins, and whether they advocate internally for continued processing while you remediate. Merchants who communicate proactively, submit specific plans, and hit their self-committed milestones get materially better treatment than merchants who go quiet and hope the ratio improves on its own.

A short, direct email to your acquirer risk contact at the start of each measurement month — summarizing your current estimated ratio, the changes in effect, and your projected trajectory — costs almost nothing and creates a paper trail of good-faith engagement. It also means that if you do breach the threshold again in month two, you have documented context for why, rather than appearing to have done nothing.

Sample acquirer communication line:

"Following up on our remediation plan submitted [date]. Our internal dispute count for [month] is tracking at approximately [X] disputes on [Y] transactions, which we estimate puts our ratio at roughly [Z]% — below the [threshold]% standard tier. The AVS hard-decline rule implemented [date] has reduced unauthorized transaction disputes by approximately [%] month-over-month. We'll send a full update at month close. Let us know if you need anything in the interim."

That message is specific, shows you're tracking the right metrics, and demonstrates operational control. It's the kind of communication that keeps an acquirer risk team from escalating internally while you're still in the remediation window.

The ratio improvement that doesn't show up when you expect it

One failure mode that derails otherwise solid remediation plans: a merchant implements the right fixes in month one, sees internal dispute volume drop, and expects the network ratio to reflect that improvement immediately. It doesn't, for two reasons. First, the dispute tail from pre-fix transactions continues to arrive for 60–120 days depending on the reason code and network rules — cardholders have up to 120 days from the transaction date to file a dispute on most Visa reason codes, and up to 540 days in some cases involving recurring billing. Second, the network measures disputes received in the calendar month against transactions processed in that same month, so even if your new transaction volume is clean, the old tail keeps hitting your ratio.

This means a merchant who fixes the root cause in October should not expect their October or November ratios to show full improvement. December or January is more realistic, depending on the average dispute lag for their transaction type. Build that lag into your remediation timeline when you communicate with your acquirer — presenting a realistic projection that accounts for the tail is more credible than promising immediate ratio improvement that the mechanics of dispute timing make impossible.