As part of your financial obligations to the card networks, you must ensure that disputes (also called chargebacks) and fraud are kept to acceptable levels. If these exceed the thresholds dictated by each network (e.g., Visa or Mastercard), you are placed into one of their monitoring programs. As part of a program, you can be subject to monthly fines and additional fees until your dispute or fraud levels have been reduced.

Stripe can work with you to develop a suitable remediation plan so you can reduce the levels of disputes or fraud that are happening your account. We also communicate directly with the networks and relay information on a monthly basis. Download our remediation template to get started.

Failure to comply with the requirements of a program within the specified time period (referred to by the networks as a timeline) can result in the network refusing to process further payments using their cards. While this is extremely rare, it is vital you take whatever action is needed as soon as possible.

Visa monitoring programs

The Visa Fraud Monitoring Program (VFMP) and Visa Chargeback Monitoring Program (VCMP) apply to users in all of our supported countries. The Visa Fraud Monitoring Program-3DS (VFMP-3DS) is a third program that only applies to users based in the U.S. The timelines used by either program depend on which threshold—Standard or Excessive—has been exceeded.

Each timeline spans a 12-month period and determines what actions are taken on a monthly basis. At the beginning of each month Visa reviews your previous month’s activity to see if it has exceeded any of their established thresholds. If so, we’ll reach out and discuss this with you.

For users in the US, EU, Canada, Australia, and Brazil, only domestic activity counts towards their monthly totals. For users outside of those regions, both domestic and cross-border activity are counted.

Early warning notifications

Visa operates an early warning system that warns users—via Stripe—who are at risk of being placed into a monitoring program. Users who meet the early warning threshold are not immediately placed into the program. Instead, they are given the opportunity to reduce the level of fraud on their account to avoid that from happening.

Remediation

Users are removed from Visa’s programs once their level of disputes or fraud drops below the Standard threshold for three consecutive months. The following three months are considered a “tracking” period. If a user exceeds any of the thresholds in this period, they are immediately placed back into the program and the original timeline is resumed—a new timeline is not started. Additionally, if a user exceeds the Excessive threshold, they are removed from the program only when their fraud or dispute levels falls below the Standard threshold.

As part of the remediation process, you may be required to provide Stripe with details on the steps you are taking and when these have been, or will be, implemented.

VCMP: Visa Chargeback Monitoring Program

VCMP applies to users with an unusually high level of disputed payments on their account. Users are placed into this program if they meet or exceed the thresholds for the following criteria:

• The total number of payments that have been disputed (dispute count)
• The ratio of disputed payments to all payments (dispute rate)

VFMP: Visa Fraud Monitoring Program

VFMP applies to users with an excessive level of fraud on their account, which is calculated using both fraudulent chargebacks and TC40 data. Users are placed into this program if they exceed the thresholds for the following criteria:

• The total volume in U.S. dollars of Visa payments that are fraudulent (Fraud Volume)
• The ratio of the volume in fraudulent Visa payments to all payments (Fraud Rate)

VFMP: Visa Fraud Monitoring Program-3DS (U.S.-only)

VFMP-3DS applies to U.S. users with an excessive level of domestic 3D-Secure fraud on their account. Users are placed into this program if they exceed the thresholds for the following criteria:

• The total volume in U.S. dollars of Visa 3DS domestic payments that are fraudulent (fraud volume)
• The ratio of the volume in fraudulent payments to 3DS domestic payments (fraud rate)

Mastercard monitoring programs

The Mastercard Chargeback-Monitored Merchant (CMM) and Mastercard Excessive Chargeback Merchant (ECM) programs apply to users in all of our supported countries. If your account’s dispute level exceeds the thresholds for CMM, you’re placed into this program and notified by Stripe. If your dispute level continues to rise and exceeds a higher threshold for two consecutive months, you are then placed into ECM.

Users are placed into the CMM and ECM programs if they meet or exceed the thresholds for the following criteria:

• The total number of payments that have been disputed (dispute count)
• The chargeback-to-transaction ratio (CTR)

The CTR is a ratio of disputed payments to all payments. It’s calculated as the number of Mastercard disputes received in a calendar month compared to the total number of Mastercard payments from the preceding month.

The Excessive Fraud Merchant (EFM) Compliance Program is a separate program that only applies to users based in the U.S. Users are placed into the EFM program if they meet or exceed the thresholds for the following criteria:

• Number of e-commerce Mastercard payments
• The total volume in U.S. dollars of Mastercard payments that are fraudulent (net fraud volume) calculated by dispute reason code
• The fraud-count-to-transaction ratio (FCTR)
• The ratio of 3DS Mastercard payments to all Mastercard payments

The FCTR is calculated similarly to the CTR found in ECM or CMM. The only difference is that the FCTR is calculated using only fraudulent chargebacks.

Remediation

Users in these programs are removed once their level of disputes drops below the CMM threshold for two consecutive months. If a user is part of ECM and their dispute level is reduced to a level that still exceeds the threshold for CMM (e.g., a CTR between 1-1.5%), they are moved back to that program. In order to be removed from EFM, a user needs to avoid at least one of the conditions for three consecutive months.

As part of the remediation process, users may be required to provide Stripe with details on the steps they’re taking and when these have been, or will be, implemented.

CMM: Mastercard Chargeback-Monitored Merchant

CMM applies to users with an excessive level of disputed Mastercard payments on their account.

There is no timeline for users who meet or exceed this threshold. Users must still take action to reduce their dispute level before it exceeds a threshold where fines are incurred.

ECM: Mastercard Excessive Chargeback Merchant

ECM applies to users who are already part of the Chargeback-Monitored Merchant (CMM) program with a dispute level that has continued to rise. The threshold for ECM is slightly higher than CMM, and users are placed into this program if they exceed the threshold for two consecutive calendar months.

ECM operates on a 12-month timeline that determines what fines and actions take place. If a user becomes part of this program, Mastercard communicates—via Stripe—the actions and fines that apply.

EFM: Excessive Fraud Merchant Compliance Program

EFM applies to users who meet all of the following conditions:

• Minimum of 1,000 e-commerce Mastercard payments
• Monthly net fraud volume is greater than $50,000 (USD)
• Monthly fraud-count-to-transaction ratio (FCTR) is greater than 0.50%
• Total 3DS Mastercard payment count is less than 10% of total Mastercard payment count