Dispute and fraud card monitoring programs
Learn about the monitoring programs that card networks operate, and what you should do if you're placed into one.
As part of your financial obligations to the card networks, you must ensure that disputes (also called chargebacks) and fraud are kept to acceptable levels. If these exceed the thresholds dictated by each network (e.g., Visa or Mastercard), you are placed into one of their monitoring programs. As part of a program, you can be subject to monthly fines and additional fees until your dispute or fraud levels have been reduced.
Stripe can work with you to develop a suitable remediation plan so you can reduce the levels of disputes or fraud that are happening your account. We also communicate directly with the networks and relay information on a monthly basis. Download our remediation template to get started.
Failure to comply with the requirements of a program within the specified time period (referred to by the networks as a timeline) can result in the network refusing to process further payments using their cards. While this is extremely rare, it is vital you take whatever action is needed as soon as possible.
Visa monitoring programs
The Visa Fraud Monitoring Program (VFMP) and Visa Dispute Monitoring Program (VDMP) apply to users in all of our supported countries. The Visa Fraud Monitoring Program-3DS (VFMP-3DS) is a third program that only applies to users based in the U.S. The timelines used by either program depend on which threshold—Standard or Excessive—has been exceeded.
Each timeline spans a 12-month period and determines what actions are taken on a monthly basis. At the beginning of each month Visa reviews your previous month’s activity to see if it has exceeded any of their established thresholds. If so, we’ll reach out and discuss this with you.
For users in the US, EU, Canada, Australia, and Brazil, only domestic activity counts towards their monthly totals. For users outside of those regions, both domestic and cross-border activity are counted.
Early warning notifications
Visa operates an early warning system that warns users—via Stripe—who are at risk of being placed into a monitoring program. Users who meet the early warning threshold are not immediately placed into the program. Instead, they are given the opportunity to reduce the level of fraud on their account to avoid that from happening.
Remediation
Users are removed from Visa’s programs once their level of disputes or fraud drops below the Standard threshold for three consecutive months. The following three months are considered a “tracking” period. If a user exceeds any of the thresholds in this period, they are immediately placed back into the program and the original timeline is resumed—a new timeline is not started. Additionally, if a user exceeds the Excessive threshold, they are removed from the program only when their fraud or dispute levels falls below the Standard threshold.
As part of the remediation process, you may be required to provide Stripe with details on the steps you are taking and when these have been, or will be, implemented.
VDMP: Visa Dispute Monitoring Program
VDMP applies to users with an unusually high level of disputed payments on their account. Users are placed into this program if they meet or exceed the thresholds for the following criteria:
- The total number of payments that have been disputed (dispute count)
- The ratio of disputed payments to all payments (dispute rate)
| Dispute Count | Dispute Rate | Fines |
|---|---|---|
| 75 | 0.65% | None. You have the opportunity to take action that reduces your dispute level before it exceeds a threshold where fines are incurred. |
Early warning notifications may not occur if your account immediately matches or exceeds the Standard or Excessive thresholds of VDMP.
| Number of Disputes | Dispute Rate | Fines |
|---|---|---|
| 100 | .9% | Fines begin after four months and continue on a monthly basis until removal from the program. See timeline for more information. |
The following timeline applies to the 12-month period that a user is part of a card monitoring program.
- Months 1-4
- Workout period
- No fines
- Months 5-9
- Visa fine of $50 USD / €45 per dispute
- Months 10-11
- Visa fine of $50 USD / €45 per dispute
- $25,000 review fee (non-EU merchants only)
- May require audit
- Month 12+
- Visa fine of $50 USD / €45 per dispute
- $25,000 review fee
- May require audit
- Merchant eligible for disqualification (i.e. can no longer process Visa payments)
During the workout period, you have the opportunity to take action that reduces your dispute level before fines are incurred.
| Number of Disputes | Dispute Rate | Fines |
|---|---|---|
| 1,000 | 1.8% | Fines begin immediately and continue until removal from the program. See timeline for more information. |
The following timeline applies to the 12-month period that a user is part of a card monitoring program.
- Months 1-6
- Visa fine of $50 USD / €45 per dispute
- Months 7-11
- Visa fine of $50 USD / €45 per dispute
- Visa can begin to apply a $25,000 review fee (non-EU merchants only)
- Month 12+
- Visa fine of $50 USD / €45 per dispute
- Visa can begin to apply a $25,000 review fee (non-EU merchants only)
- Merchant eligible for disqualification (i.e. can no longer process Visa payments)
VFMP: Visa Fraud Monitoring Program
VFMP applies to users with an excessive level of fraud on their account, which is calculated using both fraudulent chargebacks and TC40 data. Users are placed into this program if they exceed the thresholds for the following criteria:
- The total volume in U.S. dollars of Visa payments that are fraudulent (Fraud Volume)
- The ratio of the volume in fraudulent Visa payments to all payments (Fraud Rate)
| Fraud Volume | Fraud Rate | Fines |
|---|---|---|
| $50,000 | 0.65% | None. You have the opportunity to take action that reduces your fraud level before it exceeds a threshold where fines are incurred. |
Early warning notifications may not occur if your account immediately matches or exceeds the Standard or Excessive thresholds of VFMP.
| Fraud Volume | Fraud Rate | Fines |
|---|---|---|
| $75,000 | .9% | None. You have the opportunity to take action that reduces your fraud level before it exceeds a threshold where fines are incurred. |
The following timeline applies to the 12-month period that a user is part of a card monitoring program.
- Months 1-4
- No penalties
- Months 5-11
- Issuers able to raise fraudulent disputes on 3DS transactions (all markets)
- Month 12+
- Issuers able to raise fraudulent disputes on 3DS transactions (all markets)
- Merchant eligible for disqualification (i.e. can no longer process Visa payments)
There are no fines for users who meet or exceed this threshold. However, U.S. users in this program lose liability shift on 3D-Secure transactions immediately. Users located outside of the U.S. lose this starting in either month five or at Excessive thresholds. Liability shift is not restored until fully exiting the program after the three "tracking" months. Users must still take action to reduce their fraud level before it exceeds a threshold where fines are incurred.
| Fraud Volume | Fraud Rate | Fines |
|---|---|---|
| $250,000 | 1.8% | Fines begin immediately and continue on a monthly basis until removal from program. Refer to the timeline for more information. |
The following timeline applies to the 12-month period that a user is part of a card monitoring program.
- Months 1-3
- Visa fine of $10,000
- Issuers able to raise fraudulent disputes on 3DS transactions
- Months 4-6
- Visa fine of $25,000
- Issuers able to raise fraudulent disputes on 3DS transactions
- Months 7-9
- Visa fine of $50,000
- Issuers able to raise fraudulent disputes on 3DS transactions
- Months 10-12
- Visa fine of $75,000
- Issuers able to raise fraudulent disputes on 3DS transactions
- Month 12+
- Visa fine of $75,000+
- Issuers able to raise fraudulent disputes on 3DS transactions
- Merchant eligible for disqualification (i.e. can no longer process Visa payments)
Users in this program lose liability shift on 3D-Secure transactions immediately and this is not restored until fully exiting the program after the three "tracking" months.
VFMP: Visa Fraud Monitoring Program-3DS (U.S.-only)
VFMP-3DS applies to U.S. users with an excessive level of domestic 3D-Secure fraud on their account. Users are placed into this program if they exceed the thresholds for the following criteria:
- The total volume in U.S. dollars of Visa 3DS domestic payments that are fraudulent (fraud volume)
- The ratio of the volume in fraudulent payments to 3DS domestic payments (fraud rate)
| Fraud Volume | Fraud Rate | Fines |
|---|---|---|
| $5,000 | 0.50% | None. You have the opportunity to take action that reduces your fraud level before it exceeds a threshold where penalties are incurred. |
| Fraud Volume | Fraud Rate | Fines |
|---|---|---|
| $7,500 | 0.75% | None, but liability shift on domestic 3DS transactions is lost while in the program and until a user has fully exited. |
Mastercard monitoring programs
The Mastercard Chargeback-Monitored Merchant (CMM) and Mastercard Excessive Chargeback Merchant (ECM) programs apply to users in all of our supported countries. If your account’s dispute level exceeds the thresholds for CMM, you’re placed into this program and notified by Stripe. If your dispute level continues to rise and exceeds a higher threshold for two consecutive months, you are then placed into ECM.
Users are placed into the CMM and ECM programs if they meet or exceed the thresholds for the following criteria:
- The total number of payments that have been disputed (dispute count)
- The chargeback-to-transaction ratio (CTR)
The CTR is a ratio of disputed payments to all payments. It’s calculated as the number of Mastercard disputes received in a calendar month compared to the total number of Mastercard payments from the preceding month.
The Excessive Fraud Merchant (EFM) Compliance Program is a separate program that only applies to users based in the U.S. Users are placed into the EFM program if they meet or exceed the thresholds for the following criteria:
- Number of e-commerce Mastercard payments
- The total volume in U.S. dollars of Mastercard payments that are fraudulent (net fraud volume) calculated by dispute reason code
- The fraud-count-to-transaction ratio (FCTR)
- The ratio of 3DS Mastercard payments to all Mastercard payments
The FCTR is calculated similarly to the CTR found in ECM or CMM. The only difference is that the FCTR is calculated using only fraudulent chargebacks.
Remediation
Users in these programs are removed once their level of disputes drops below the CMM threshold for two consecutive months. If a user is part of ECM and their dispute level is reduced to a level that still exceeds the threshold for CMM (e.g., a CTR between 1-1.5%), they are moved back to that program. In order to be removed from EFM, a user needs to avoid at least one of the conditions for three consecutive months.
As part of the remediation process, users may be required to provide Stripe with details on the steps they’re taking and when these have been, or will be, implemented.
CMM: Mastercard Chargeback-Monitored Merchant
CMM applies to users with an excessive level of disputed Mastercard payments on their account.
| Dispute Count | CTR | Fines |
|---|---|---|
| 100 | 1% | None. You have the opportunity to take action that reduces your dispute level before it exceeds a threshold where fines are incurred. |
There is no timeline for users who meet or exceed this threshold. Users must still take action to reduce their dispute level before it exceeds a threshold where fines are incurred.
ECM: Mastercard Excessive Chargeback Merchant
ECM applies to users who are already part of the Chargeback-Monitored Merchant (CMM) program with a dispute level that has continued to rise. The threshold for ECM is slightly higher than CMM, and users are placed into this program if they exceed the threshold for two consecutive calendar months.
| Dispute Count | CTR | Fines |
|---|---|---|
| 100 | 1.5% | Fines vary from user to user and are calculated based upon an amount set by Mastercard, the user's operating dispute rate, and volume of disputes. |
ECM operates on a 12-month timeline that determines what fines and actions take place. If a user becomes part of this program, Mastercard communicates—via Stripe—the actions and fines that apply.
EFM: Excessive Fraud Merchant Compliance Program
Fine assessments on users identified in EFM will begin in March 2020. EFM applies to users who meet all of the following conditions:
- Minimum of 1,000 e-commerce Mastercard payments
- Monthly net fraud volume is greater than $50,000 (USD)
- Monthly fraud-count-to-transaction ratio (FCTR) is greater than 0.50%
- Total 3DS Mastercard payment count is less than 10% of total Mastercard payment count
| Number of EFM Months | Fines (USD) |
|---|---|
| 1 | $0 |
| 2 | $500 |
| 3 | $1,000 |
| 4–6 | $5,000 |
| 7–11 | $25,000 |
| 12–18 | $50,000 |
| 19+ | $100,000 |