Dispute and fraud card monitoring programs
Learn about the monitoring programs that card networks operate, and what you should do if you're placed into one.
As part of your financial obligations to the card networks, you must ensure that disputes (also called chargebacks) and fraud are kept to acceptable levels. If these exceed the thresholds dictated by each network (e.g., Visa or Mastercard), you are placed into one of their monitoring programs. As part of a program, you can be subject to monthly fines and additional fees until your dispute or fraud levels have been reduced.
Stripe can work with you to develop a suitable remediation plan so you can reduce the levels of disputes or fraud that are happening your account. We also communicate directly with the networks and relay information on a monthly basis. Download our remediation template to get started.
Failure to comply with the requirements of a program within the specified time period (referred to by the networks as a timeline) can result in the network refusing to process further payments using their cards. While this is extremely rare, it is vital you take whatever action is needed as soon as possible.
Visa monitoring programs
The Visa Fraud Monitoring Program (VFMP) and Visa Dispute Monitoring Program (VDMP) apply to users in all of our supported countries. The Visa Fraud Monitoring Program-3DS (VFMP-3DS) is a third program that only applies to users based in the U.S. The timelines used by either program depend on which threshold—Standard or Excessive—has been exceeded.
Each timeline spans a 12-month period and determines what actions are taken on a monthly basis. At the beginning of each month Visa reviews your previous month’s activity to see if it has exceeded any of their established thresholds. If so, we’ll reach out and discuss this with you.
For users in the US, EU, Canada, Australia, and Brazil, only domestic activity counts towards their monthly totals. For users outside of those regions, both domestic and cross-border activity are counted.
Early warning notifications
Visa operates an early warning system that warns users—via Stripe—who are at risk of being placed into a monitoring program. Users who meet the early warning threshold are not immediately placed into the program. Instead, they are given the opportunity to reduce the level of fraud on their account to avoid that from happening.
Remediation
Users are removed from Visa’s programs once their level of disputes or fraud drops below the Standard threshold for three consecutive months. The following three months are considered a “tracking” period. If a user exceeds any of the thresholds in this period, they are immediately placed back into the program and the original timeline is resumed—a new timeline is not started. Additionally, if a user exceeds the Excessive threshold, they are removed from the program only when their fraud or dispute levels falls below the Standard threshold.
As part of the remediation process, you may be required to provide Stripe with details on the steps you are taking and when these have been, or will be, implemented.
VDMP: Visa Dispute Monitoring Program
VDMP applies to users with an unusually high level of disputed payments on their account. Users are placed into this program if they meet or exceed the thresholds for the following criteria:
- The total number of payments that have been disputed (dispute count)
- The ratio of disputed payments to all payments (dispute rate)
| Dispute Count | Dispute Rate | Fines |
|---|---|---|
| 75 | 0.65% | None. You have the opportunity to take action that reduces your dispute level before it exceeds a threshold where fines are incurred. |
Early warning notifications may not occur if your account immediately matches or exceeds the Standard or Excessive thresholds of VDMP.
| Number of Disputes | Dispute Rate | Fines |
|---|---|---|
| 100 | .9% | Fines begin after four months and continue on a monthly basis until removal from the program. See timeline for more information. |
The following timeline applies to the 12-month period that a user is part of a card monitoring program.
- Months 1-4
- Workout period
- No fines
- Months 5-9
- Visa fine of $50 USD / €45 per dispute
- Months 10-11
- Visa fine of $50 USD / €45 per dispute
- $25,000 review fee (non-EU merchants only)
- May require audit
- Month 12+
- Visa fine of $50 USD / €45 per dispute
- $25,000 review fee
- May require audit
- Merchant eligible for disqualification (i.e. can no longer process Visa payments)
During the workout period, you have the opportunity to take action that reduces your dispute level before fines are incurred.
| Number of Disputes | Dispute Rate | Fines |
|---|---|---|
| 1,000 | 1.8% | Fines begin immediately and continue until removal from the program. See timeline for more information. |
The following timeline applies to the 12-month period that a user is part of a card monitoring program.
- Months 1-6
- Visa fine of $50 USD / €45 per dispute
- Months 7-11
- Visa fine of $50 USD / €45 per dispute
- Visa can begin to apply a $25,000 review fee (non-EU merchants only)
- Month 12+
- Visa fine of $50 USD / €45 per dispute
- Visa can begin to apply a $25,000 review fee (non-EU merchants only)
- Merchant eligible for disqualification (i.e. can no longer process Visa payments)
VFMP: Visa Fraud Monitoring Program
VFMP applies to users with an excessive level of fraud on their account, which is calculated using both fraudulent chargebacks and TC40 data. Users are placed into this program if they exceed the thresholds for the following criteria:
- The total volume in U.S. dollars of Visa payments that are fraudulent (Fraud Volume)
- The ratio of the volume in fraudulent Visa payments to all payments (Fraud Rate)
| Fraud Volume | Fraud Rate | Fines |
|---|---|---|
| $50,000 | 0.65% | None. You have the opportunity to take action that reduces your fraud level before it exceeds a threshold where fines are incurred. |
Early warning notifications may not occur if your account immediately matches or exceeds the Standard or Excessive thresholds of VFMP.
| Fraud Volume | Fraud Rate | Fines |
|---|---|---|
| $75,000 | .9% | None. You have the opportunity to take action that reduces your fraud level before it exceeds a threshold where fines are incurred. |
The following timeline applies to the 12-month period that a user is part of a card monitoring program.
- Months 1-4
- No penalties
- Months 5-11
- Issuers able to raise fraudulent disputes on 3DS transactions (all markets)
- Month 12+
- Issuers able to raise fraudulent disputes on 3DS transactions (all markets)
- Merchant eligible for disqualification (i.e. can no longer process Visa payments)
There are no fines for users who meet or exceed this threshold. However, U.S. users in this program lose liability shift on 3D-Secure transactions immediately. Users located outside of the U.S. lose this starting in either month five or at Excessive thresholds. Liability shift is not restored until fully exiting the program after the three "tracking" months. Users must still take action to reduce their fraud level before it exceeds a threshold where fines are incurred.
| Fraud Volume | Fraud Rate | Fines |
|---|---|---|
| $250,000 | 1.8% | Fines begin immediately and continue on a monthly basis until removal from program. Refer to the timeline for more information. |
The following timeline applies to the 12-month period that a user is part of a card monitoring program.
- Months 1-3
- Visa fine of $10,000
- Issuers able to raise fraudulent disputes on 3DS transactions
- Months 4-6
- Visa fine of $25,000
- Issuers able to raise fraudulent disputes on 3DS transactions
- Months 7-9
- Visa fine of $50,000
- Issuers able to raise fraudulent disputes on 3DS transactions
- Months 10-12
- Visa fine of $75,000
- Issuers able to raise fraudulent disputes on 3DS transactions
- Month 12+
- Visa fine of $75,000+
- Issuers able to raise fraudulent disputes on 3DS transactions
- Merchant eligible for disqualification (i.e. can no longer process Visa payments)
Users in this program lose liability shift on 3D-Secure transactions immediately and this is not restored until fully exiting the program after the three "tracking" months.
VFMP: Visa Fraud Monitoring Program-3DS (U.S.-only)
VFMP-3DS applies to U.S. users with an excessive level of domestic 3D-Secure fraud on their account. Users are placed into this program if they exceed the thresholds for the following criteria:
- The total volume in U.S. dollars of Visa 3DS domestic payments that are fraudulent (fraud volume)
- The ratio of the volume in fraudulent payments to 3DS domestic payments (fraud rate)
| Fraud Volume | Fraud Rate | Fines |
|---|---|---|
| $5,000 | 0.50% | None. You have the opportunity to take action that reduces your fraud level before it exceeds a threshold where penalties are incurred. |
| Fraud Volume | Fraud Rate | Fines |
|---|---|---|
| $7,500 | 0.75% | None, but liability shift on domestic 3DS transactions is lost while in the program and until a user has fully exited. |
Mastercard monitoring programs
Mastercard’s Excessive Chargeback Program (ECP) consists of two levels: Excessive Chargeback Merchant (ECM) and High Excessive Chargeback Merchant (HECM), and the program applies to users in all supported countries. The Excessive Fraud Merchant (EFM) Compliance Program is a separate program that applies to users in all supported countries besides Germany, India, and Switzerland.
If your account exceeds program thresholds, you’re placed into this program and notified by Stripe. If a merchant exceeds both EFM and ECP thresholds, they’re placed in EFM but not ECP. For example, a merchant exceeds EFM and ECP thresholds in March and April but only exceeds ECP thresholds in May. In April, they’d be placed in month 2 of EFM and fined accordingly. In May, the merchant would be placed in month 3 of ECP despite the EFM identifications taking precedent in prior months.
Remediation
Users in ECP are removed once their level of disputes drops below the ECM threshold for three consecutive months. If a user is in HECM and their dispute level is reduced to a level that still exceeds ECM thresholds (between 1.5-2.99%), they are moved to that program. In order to be removed from EFM, a user needs to avoid at least one of the conditions for three consecutive months.
As part of the remediation process, users are required to provide Stripe with details on the steps they’re taking to prevent disputes and when these have been, or will be, implemented.
ECP: Mastercard Excessive Chargeback Program
Users are placed into ECP if they meet or exceed the thresholds for the following criteria:
- The total number of Mastercard payments that have been disputed (chargeback count)
- The chargeback-to-transaction ratio (chargeback rate)
The chargeback rate is a ratio of disputed payments to all payments. It’s calculated as the number of Mastercard disputes received in a calendar month compared to the total number of Mastercard payments from the preceding month. A merchant must exceed both thresholds to qualify for ECM.
ECM: Mastercard Excessive Chargeback Merchant
| Dispute Count | Chargeback Rate | Fines |
|---|---|---|
| 100–299 | 1.5–2.99% | Fines begin in month two and continue at increasing rates in subsequent months. See the timeline below for details. |
| Number of months above ECM thresholds | Fine (USD) | Issuer recovery assessment |
|---|---|---|
| 1 | $0 | No |
| 2 | $1,000 | No |
| 3 | $2,000 | No |
| 4–6 | $5,000 | Yes |
| 7–11 | $25,000 | Yes |
| 12–18 | $50,000 | Yes |
| 19+ | $100,000 | Yes |
Issuer recovery assessment applies an additional $5 per chargeback fee for each chargeback over 300 chargebacks. For example, a merchant identified in month 4 of ECM with 400 disputes will be assessed a fine of $5,500 fine ($5,000 + (400-300) x $5).
HECM: Mastercard High Excessive Chargeback Merchant
| Dispute count | Chargeback Rate | Fines |
|---|---|---|
| 300+ | 3% | Fines begin in month two and continue at increasing rates in subsequent months. See the timeline below for details. |
| Number of months above ECM thresholds | Fine (USD) | Issuer recovery assessment |
|---|---|---|
| 1 | $0 | No |
| 2 | $1,000 | No |
| 3 | $2,000 | No |
| 4–6 | $10,000 | Yes |
| 7–11 | $50,000 | Yes |
| 12–18 | $100,000 | Yes |
| 19+ | $200,000 | Yes |
Mastercard communicates total fine amounts to merchants via Stripe.
EFM: Mastercard Excessive Fraud Merchant Compliance Program
Users are placed into the EFM program if they meet or exceed the thresholds for the following criteria:
- Number of e-commerce Mastercard payments
- The total volume in U.S. dollars of Mastercard payments that result in fraudulent chargebacks (net fraud volume) calculated by dispute reason code (reason code 4837 and 4863)
- The fraud-count-to-transaction ratio (fraud chargeback rate)
- The ratio of 3DS Mastercard payments to all Mastercard payments
The fraud chargeback rate calculated similarly to the chargeback rate found in ECM or HECM. The only difference is that the fraud chargeback rate is calculated using only fraudulent chargebacks.
EFM applies to users who meet all of the following conditions:
- Minimum of 1,000 e-commerce Mastercard payments
- Net fraud volume is greater than $50,000 (USD)
- Fraud chargeback rate is greater than 0.50%
- Total 3DS Mastercard payment count is less than 10% of total Mastercard payment count
| Number of months above ECM thresholds | Fine (USD) |
|---|---|
| 1 | $0 |
| 2 | $500 |
| 3 | $1,000 |
| 4–6 | $5,000 |
| 7–11 | $25,000 |
| 12–18 | $50,000 |
| 19+ | $100,000 |
Stripe and the merchant can request that Mastercard suspend an assessed fine once during an open case, meaning that the request should happen when the merchant’s confident they’ll be below thresholds in the next three consecutive months. Should a merchant request a fine suspension, avoid identification in the next two months, but then tip back up above thresholds in the following month, fine assessments would continue until program exit.
If you require assistance with a dispute, please contact Stripe support.