What Happens When You’re in a Fraud Monitoring Program?

visa and mastercard Monitoring Program

A major driving factor in merchants’ desire to prevent fraud is the fraud monitoring programs implemented by the main credit card networks, namely the Visa Fraud Monitoring Program (VFMP) and MasterCard’s Excessive Fraud Merchant Compliance Program (EFM). These programs are designed to help companies develop plans to tackle their fraud problems, but they also tack on hefty fees to penalize merchants who don’t have their house in order.

What Happens When You’re in a Fraud Monitoring Program

VFMP thresholds

Visa uses fraud-related chargebacks and TC40 data to decide which merchants should be placed in VFMP. An early warning is given to merchants and their acquirers when their ratio of fraud to total sales exceeds 0.65 percent and overall fraud is greater than $50,000 per month.

It should be noted that Visa only counts the first ten fraudulent transactions from a single cardholder. That means that if you have dozens of fraud chargebacks in a specific month due to one bad card, only the first ten of those transactions will count towards your fraud ratio.

Merchants are placed in VFMP when the ratio of the dollar value of fraudulent transactions to total amount of transactions exceeds 0.9 percent and total fraud is greater than $75,000 per month. When the fraud rate climbs above 1.8 percent and $250,000 in total fraud, merchants are placed in the excessive level of VFMP. You can be transferred from a standard VFMP to an excessive-risk VFMP but not vice versa. Also, merchants in high-risk Merchant Category Codes (MCCs) are automatically placed in the excessive VFMP when they exceed standard fraud levels. The only way to get out of the excessive level program is to reduce your fraud rate to compliant levels.

VFMP timeline

During the first month of both standard and excessive VFMP, the acquirer must notify the merchant that they’ve exceeded thresholds. Months two through four are the workout period. The merchant’s acquirer must begin to work with their merchant to implement a fraud remediation plan. Months five through 12 are the enforcement period. The acquirer must ensure the plan is working or make adjustments until the merchant’s fraud levels are below VFMP thresholds. After 12 months in either the standard or excessive programs, Visa may exercise their right to take away the merchant’s ability to process Visa payments.

Visa Fraud Monitoring Program VFMP

While in VFMP, merchants will automatically receive chargebacks under reason code 10.5: fraud monitoring program for fraud related disputes. This is even true if you use 3-D Secure, which normally shifts liability to the issuer

Merchants can get out of the VFMP by staying below the standard fraud threshold of 0.9% for three consecutive months.

VFMP Standard

Months in ProgramNon-compliance feeNon-compliance fee (EU)
5-6$25,000EUR 21,750
7-9$50,000EUR 43,500
10+$75,000EUR 62,250

VFMP Excessive

Months in ProgramNon-compliance feeNon-compliance fee (EU)
1-3$10,000EUR 8,750
4-6$25,000EUR 21,750
7-9$50,000EUR 43,500
10+$75,000EUR 62,250

Mastercard’s EFM program

MasterCard uses fraud-related chargebacks and SAFE report data to determine which merchants should be placed in the EFM program. Specifically, chargebacks due to reason codes 4837 (No Cardholder Authorization) and 4863 (Cardholder Does Not Recognize — Potential Fraud) are counted. To be placed in the EFM one must have in a calendar month:

  • A minimum of 1,000 eCommerce transactions processed in the preceding month
  • Fraud volume greater than $50,000 
  • The ratio of the number of fraud chargebacks to sales is greater than 0.5 percent
  • Total 3DS payments less than 10 percent of total Mastercard payments in a non-regulated (i.e. lacking strong consumer authentication requirement) country or less than 50 percent of total MasterCard payments in a regulated country.
Number of Months Above EFM ThresholdsFine
MasterCard’s Excessive Fraud Merchant Compliance Program EFM

To be removed from the EFM program, a merchant must be in compliance for three consecutive months, meaning the account did not meet the criteria listed above to be flagged in the program. Once a merchant exits the EFM program, any subsequent flagging would start over at Month 1 again. While enabling 3D Secure is not a requirement of the EFM program, it is recommended to help mitigate fraud by authenticating transactions.

Invest in prevention

An ounce of prevention is worth a pound of cure. In general, a merchant should invest in anti-fraud tools to avoid being placed in a fraud monitoring program in the first place. If your fraud rate is rising dangerously close to the threshold or you’ve already breached it and need to develop a mediation plan, feel free to contact us for impartial advice on fraud solutions on the market.

Start now. Win back lost revenue

Find out why Justt is the right solution for your business.

    Chargebacks per month

    • Under $5,000
    • Under $50,000
    • Under $100,000
    • Over $100,000