VAMP made practical for (PSPs): Why portfolio‑level tooling is now essential

Visa Acquirer Monitoring Program (VAMP) is not a merchant‑level compliance metric; it is a portfolio‑level, volume‑weighted risk construct that rolls sub‑merchant behavior into acquirer exposure. This makes basic risk checks such as aggressive spend or velocity limitations, periodic reviews, or merchant‑reported data structurally insufficient and harsher.

Payment service Provipers(PSPs) must continuously track fraud and disputes across thousands of sub‑merchants, normalize those events to settled card-not-present (CNP) volume, and interpret them through acquirer‑specific thresholds that are often lower than Visa’s published limits. Without automated, real‑time tooling that mirrors acquirer logic, PSPs are effectively blind until acquirers intervene, at which point options are limited, and commercial damage is already occurring.

VAMP introduces a unified, volume‑based metric across the acquirer portfolio:

VAMP ratio = (TC40 fraud reports + TC15 disputes) ÷ TC05 CNP sSettled transactions

• TC40 = Reported CNP fraud events (Visa SAFE)
• TC15 = Non‑fraud CNP disputes / chargeback events
• TC05 = Total CNP settled transactions

What this means for PSPs:

• Visa counts every TC40 and TC15 event, so merchants with high dispute or fraud volumes can impact a PSP’s acquiring partners, often disproportionately and unpredictably when volumes are low or volatile. This creates a monitoring problem that cannot be solved by averages or periodic reviews. PSPs need tooling that detects volatility, trend acceleration, and concentration risk at the sub‑merchant level before it accumulates into acquirer exposure.
• Ratio sensitivity is highest for small‑volume sub‑merchants, where a few events can rapidly inflate risk.

PSPs frequently see acquirers trigger action at ~0.5%, even though the official VAMP thresholds are higher.

Why this happens:

• VAMP is enforced at the acquirer portfolio level
• A small set of risky sub‑merchants can threaten the acquirer’s full book
• To protect their VAMP standing, acquirers impose internal buffer thresholds (e.g., 0.5–0.7%) that merchants must stay well below
• These buffers may trigger monitoring, reserves, traffic limits, or de‑boarding

For PSPs, it’s critical to understand that acquirers’ risk thresholds are not always the same as Visa’s. Even if a portfolio appears safe when measured against Visa’s official limits, PSPs can still face hidden exposure. That’s why they need full visibility and proactive risk controls at the sub‑merchant level, because that’s where issues can emerge long before they show up in acquirer‑level metrics

Critically, these internal buffer thresholds are not static, transparent, or applied consistently across acquirers. PSPs operating across multiple acquiring partners must therefore manage multiple, shifting VAMP risk envelopes simultaneously. Doing this manually is not scalable. Only sophisticated portfolio‑level monitoring and alerting tools allow PSPs to align with each acquirer’s risk posture in real time.

VAMP shifts liability and scrutiny to the acquirer portfolio, which means acquirers are often financially motivated to minimize risk even at the cost of merchant revenue

What this means in practice:

• Acquirers may tighten authorization rules or add friction before Visa requires it.
• These actions protect their portfolio but can lead to over‑declines, lost sales, and degraded customer experience for merchants.
• PSPs feel this pressure when acquirers demand stricter controls or threaten monitoring long before Visa thresholds are reached.

This matters for PSPs as your merchants may experience lower approval rates or additional friction simply because acquirers prioritize staying below VAMP thresholds over maximizing throughput.

What inflates the VAMP numerator (TC40 + TC15):

• Enumeration attacks creating bursts of fraudulent attempts
• Poor dispute management processes
• High‑risk merchant verticals
• Chargeback‑prone business models

What shrinks the denominator (TC05):

• Over‑declining legitimate customers
• Excess friction (3DS overuse, step‑ups)

Staying ahead of VAMP is not a policy exercise; it is a technology capability. PSPs that succeed under VAMP have four core capabilities in place:

1) Portfolio-grade VAMP monitoring (not merchant reporting)

PSPs must adopt the exact VAMP definitions internally and monitor (TC40 + TC15) ÷ CNP settled transactions (TC05) continuously for every sub‑merchant.

This requires tooling that mirrors Visa and acquirer logic, operates in near real time, and supports drill‑downs by merchant, sub‑merchant, traffic segment, and acquirer.

ACI payments intelligence provides portfolio‑level VAMP monitoring with Visa‑aligned calculations and granular visibility that manual reporting cannot deliver.

2) Automated early‑warning and trend detection

Because acquirers often act at ~0.5%, PSPs need automated early‑warning bands, trend acceleration detection, and proactive alerts—not after‑the‑fact reporting.

ACI surfaces real‑time alerts and emerging risk patterns, enabling PSPs to intervene while there is still room to correct behavior before acquirer action is triggered.

3) Precision decisioning instead of blanket friction

VAMP compliance cannot be achieved sustainably through blanket step‑ups or over‑declining. PSPs need precision controls that suppress fraud and disputes without shrinking the denominator (TC05), aligned with your customer first business goals.

ACI Fraud Management solution reduces reliance on rigid rule sets by isolating specific fraud trends across the entire consumer journey removing bad traffic before authorization, so good traffic isn’t penalized. Predictive models raise approval rates while reducing false positives. Scale and adapt to different scenarios: premium customers, international shoppers, high‑risk geographies, or season‑driven spikes. 

4) Intelligent routing and multi‑acquirer orchestration

Under VAMP, routing is no longer just about approvals or cost; it is a compliance lever. PSPs need tooling that understands acquirer‑specific VAMP sensitivity and dynamically routes traffic to balance risk, performance, and resilience.

ACI’s smart dynamic routing and multi‑acquirer orchestration enable PSPs to avoid single‑acquirer dependency, protect approval rates, and reduce exposure to unilateral acquirer buffer rules.

VAMP fundamentally changes how fraud and disputes are measured, combining both into a single ratio that directly impacts acquirers and their merchant portfolios. This creates a difficult balancing act: reducing fraud and disputes aggressively enough to stay below VAMP thresholds, while avoiding blunt controls that erode authorization approval rates and revenue.

A critical advantage under VAMP is ACI’s ability to detect risk concentration, volatility, and trend acceleration at the merchant or sub‑merchant level, particularly for low‑volume merchants where a small number of events can rapidly inflate the VAMP ratio. This allows PSPs, merchants, and acquirers to intervene proactively, addressing emerging risk before it escalates into portfolio‑level exposure.

Equally important, ACI’s fraud management solution helps prevent the common VAMP side‑effect of over‑correction. Internal VAMP analysis highlights that acquirers often respond to VAMP pressure by tightening authorization rules broadly, leading to unnecessary declines and lost sales. ACI’s high‑accuracy, transparent decisioning enables targeted risk controls, so only genuinely risky transactions are stopped, preserving a robust authorization approval rate while still reducing fraud and dispute volumes.

By combining advanced fraud detection, dispute reduction, and real‑time visibility, ACI enables customers to manage VAMP as a risk optimization problem rather than a compliance panic. The result is lower VAMP exposure, stronger acquirer confidence, and sustained revenue performance, protecting both compliance standing and customer experience.

ACI’s Fraud & Risk Strategy Consultants act as an extension of the merchant’s / PSP fraud team, actively managing and optimizing fraud strategies in production while helping merchants and PSPs stay below VAMP thresholds without sacrificing approvals or revenue.

ACI’s Fraud & Risk Strategy Consultants help configure targeted, pre‑ and post‑authorization controls that remove bad traffic early, rather than applying broad friction that can have a detrimental impact on approvals. This approach supports VAMP compliance by reducing fraud and disputes.

VAMP requires tighter control as thresholds evolve and enforcement phases change. Through our fraud management solution, ACI’s Fraud & Risk Strategy Consultants continuously tune strategies based on observed fraud trends, dispute drivers, and risk profiles.

For PSPs, sophisticated, acquirer‑aware tooling is no longer optional. It is the only way to maintain approvals, protect revenue, and remain a trusted partner in a VAMP‑constrained ecosystem.