Monitoring programs FAQs

    Get answers to questions about the Visa and Mastercard monitoring programs.

    Common questions

    What counts as a chargeback?

    Any chargeback where funds are moved count towards your program totals within a given month, regardless of the reason for the chargeback. Inquiries or retrievals, which refer to when the customer’s bank begins a dispute investigation but doesn’t complete the process, and issuer fraud warnings, alerts sent by the customer’s bank labeling a charge as fraudulent, do not count as chargebacks.

    What counts as fraud volume?

    The Visa Fraud Monitoring Program (VFMP) uses issuer-reported fraud (TC40) data, which is completely separate from the customer’s bank initiating a chargeback. The customer’s banks are always required to report fraud to the networks, but it's up to the customer’s bank to decide if and when to initiate the chargeback within the chargeback window. It’s not uncommon for a transaction that received a TC40 to not receive a chargeback. Those conditions and situations vary based on the customer’s bank, but some common scenarios include the charge having liability shift as it went through 3D-Secure verification, the bank determining it to be more cost effective to charge it off rather than initiate a chargeback, or that the bank’s internal process initiates the chargeback at a later time and date. All issuer-reported fraudulent transactions (TC40 data) count toward the program, regardless of fraud type and fraud-reason code.

    What if I fully refunded the charge before the dispute came in?

    Chargebacks on fully-refunded payments still count towards your totals. This is because the chargeback can be raised before the refund has hit the cardholder's account. In cases where the refund was issued well before we received the chargeback (that is, at least 10 days prior), we can sometimes ask to have the chargeback deducted from their account: the issuer may have missed the credit and raised the chargeback by mistake. However, this happens very rarely and we have yet to see a case where this would have prevented identification in a program.

    Does winning a chargeback mean it won't count towards the totals?

    No. Unfortunately the final outcome of the dispute has no impact on your final numbers. The networks are ultimately looking to see what you’re doing to prevent chargebacks in the first place. Additionally, if the outcome mattered, identifications would take place months after the dispute-data month because you’d need the chargeback process to run its course first.

    Can I refund a charge to prevent fraud?

    The short answer is no. Customers’ banks are required to report fraud on all captured payments, even if a refund has been issued. The only time this isn't true is if the refund processes as a reversal, but that typically only happens if issued within 2 hours of charge capture.

    What is a refunded dispute?

    Under certain circumstances, Stripe may auto-represent a chargeback on your behalf and not surface it in the Dashboard. We do this for a number of reasons but most commonly on fully-refunded payments meaning that you issued a refund and the charge was still disputed shortly thereafter. While you’re not liable for the cost of refunded disputes or their fees, these still count towards your monthly network totals. For merchants who tend to issue a lot of refunds, this can mean dispute numbers look much lower than on the networks' end.

    What's the difference between Data Month, Report/Reporting Month, Identification Month?

    Identifications in a program often occur in the month after the disputes have been reported. The month a merchant is identified in a program is known as the Report/Reporting Month or Identification Month. The month the disputes were reported is known as the Data Month. This can be very confusing, especially for the Mastercard program which has two separate Data Months, one for disputes and another for sales. However, whenever we refer to the Report or Identification Month, we mean the month you were identified, which is usually one month after the data that's being looked at.

    Calculating rates

    Visa

    How does Visa identify users for its programs?

    Visa identifies merchants based on statement descriptor separated by market (country) except in the EU where each country's volume is evaluated in aggregate. For example, if you use several statement descriptors on a Canadian account, that account could get identified in monitoring programs multiple times if different statement descriptors exceed program thresholds. Further, if you also have a US account, the same statement descriptor can be identified twice if it exceeds program thresholds in each market. But if you have accounts in France and Ireland that both exceed program thresholds on the same descriptor, Visa would combine those accounts' volume into one program identification as both accounts are in the EU.

    How does Visa calculate the rate for its Visa Dispute Monitoring Program (VDMP)?

    Visa counts the total number of chargebacks raised within one month and divide this by the total number of payments captured in the same month. For example, chargebacks reported in February are divided by the total number of sales captured in February. The original transaction date of the disputed payments does not factor into this equation. If you meet or exceed 100 disputes and a dispute-to-sales count ratio of .9% in a data month, you qualify for the program at the Standard level. If your account is outside of the US, CA, EU, AU, or BR, only international transactions are counted. Otherwise, both domestic and international transactions are included.

    How does Visa calculate the rate for its Visa Fraud Monitoring Program (VFMP)?

    If your account is outside of the US, CA, EU, AU, or BR, only international transactions are counted. Otherwise, both domestic and international transactions are included. Visa counts the total dollar amount (USD) of TC40s raised within one month and divide this by the total dollar amount of payments captured in the same month. For example, TC40 volume reported in February is divided by the total dollar amount of sales captured in February. The date the fraudulent payments were captured does not factor into this equation. If you meet or exceed 75,000 USD in fraud volume and a fraud-to-sales volume ratio of .9% in a data month, you qualify for the program at the Standard level.

    How does Visa calculate the rate for its Visa Fraud Monitoring Program-3DS (VFMP-3DS)?

    This program applies only to US-based users or Platforms that have US-based Custom Accounts and only on domestic Visa 3D Secure-authenticated (3DS) transactions (domestic here referring to those coming from US-issued cards). Visa counts the total dollar amount (USD) of TC40s raised within one month and divide this by the total dollar amount of payments captured in the same month. For example, 3DS volume that received TC40s reported in February is divided by the total dollar amount of 3DS sales captured in February. The date the fraudulent payments were captured does not factor into this equation. If you meet or exceed 7,500 USD in domestic 3D Secure-authenticated (3DS) fraud volume and a fraud-to-sales volume ratio of 0.75% in a reporting month, you qualify.

    I received an Early Warning from Visa; am I in the program now?

    An Early Warning from Visa is just that: a warning. While you’re not officially in the program, you should still work towards bringing your rate down below 0.65%.

    How can I estimate my chargeback rate?

    The easiest way for you to do this is with Sigma. You can pull chargeback rate by network, and you should filter by Visa transactions. If you do not have Sigma, the best way for you to calculate your chargeback rate is by exporting your Visa disputes in the Payments tab of the Dashboard. The US has a delay between when we receive disputes from our financial partner and when it was reported to Visa. To get a more accurate count you should start looking at disputes from the 5th of each month to the 5th of the following month, then divide this by sales captured starting on the first to the end of the month. For accounts in all other markets, you can start the dispute count at the beginning of the month up until the end. It’s important to note that our dispute data may differ slightly from Visa’s official identification numbers due to this reporting discrepancy.

    How can I estimate my fraud rate?

    The best way to pull fraud data at this time is via the Early Fraud Warnings API. We also send notifications of reported fraud to the primary email on your account as long as the payment has not been refunded or disputed first.

    What if I use multiple statement descriptors?

    Visa can sometimes identify only a subset of transactions on a particular descriptor if the user uses more than one. To prevent this, you should start each descriptor with the same prefix, using the following format: BIZNAME* UNIQUE DESCRIPTOR. In this example, Visa would aggregate everything under BIZNAME*.

    What if I process with multiple acquirers or switch acquirers?

    If you work with another processor under a different acquirer, the data is segregated. In some cases, multiple processors can use the same acquirer. When this happens, Visa aggregates your data across multiple processors and you could receive an identification, even if your totals on Stripe didn't qualify for a program.

    Mastercard

    How does Mastercard calculate the rate for ECP?

    Mastercard counts the total number of chargebacks raised within one month and divides it by the total number of payments captured in the prior month. For example, chargebacks reported in February are divided by the total number of sales captured in January. The date the disputed payments were captured doesn't factor into this equation. You qualify if you who meet or exceed 100 chargebacks and a chargeback-to-sales count ratio of 1% in a reporting month.

    How does Mastercard identify users for its programs?

    Acquirers are required to identify users that qualify for a program (segmented by market) and self-report this to Mastercard each month.

    How can I estimate my chargeback rate?

    The easiest way to do this is with Sigma. For Mastercard, you need to pull the dispute count in a month and manually divide it by the prior month's sales. If you don't have Sigma, the best way to calculate the rate is by exporting your Mastercard disputes in the Payments tab of the Dashboard. The US has a delay between when we receive disputes from our financial partner and when they're reported to Mastercard. To get a more accurate count, start looking at disputes from the 5th of each month to the 5th of the following month, then divide this by the previous month’s sales beginning on the first of that month. For accounts in all other markets, you can count disputes from the beginning of the month until the end of the month.

    What if my business has multiple accounts, and their aggregate rates are below thresholds?

    Unfortunately, we're required to report identifications to Mastercard at the account level, so even if aggregate rates across multiple accounts are below thresholds, you can still qualify if one of the accounts is not. However, if your business processes for similar services on multiple accounts, we can request that Mastercard reassess your situation.

    Exiting a monitoring program

    Visa

    How do I exit the Visa Dispute Monitoring Program (VDMP), Visa Fraud Monitoring Program (VFMP), or Visa Fraud Monitoring Program-3DS (VFMP-3DS)?

    To fully exit a program, you need 3 consecutive months below the Standard thresholds. For VDMP and VFMP, that means either 3 months below 100 chargebacks or 75,000 USD in fraud volume OR a rate of .9%. For VFMP-3DS, that's 7,500 USD in fraud volume or a rate of 0.75%. You don't need to be below both thresholds.

    How do I exit the Visa programs at the Excessive level?

    After being identified at Excessive thresholds, you will continue to be fined and placed in a "high-risk" timeline until the level gets below Standard thresholds. That means just 1 month at an Excessive designation could include several months of fines if you're not below Standard thresholds. To fully exit, you need 3 consecutive months below Standard thresholds.

    After identification in Visa Fraud Monitoring Program (VFMP) or Visa Fraud Monitoring Program-3DS (VFMP-3DS), when do I regain liability shift on 3D Secure (3DS) charges?

    Issuers can raise fraud disputes on 3DS charges under Dispute Condition 10.5: Visa Fraud Monitoring Program 120 calendar days from the date of identification in the Visa Fraud Monitoring Program (for example, if you’re identified in month 2 of the VFMP-3DS program on January 5th). Then you must go 3 consecutive months without identifications (Feb-Apr), but issuers can still raise fraud disputes on 3DS charges up until May 5th.

    Mastercard

    How do I exit the Mastercard Chargeback-Monitored Merchant (CMM) program?

    There's no exiting this program as there is with Visa: you’re either at thresholds or you’re not.

    How do I exit the Mastercard Excessive Chargeback Merchant (ECM) program?

    To fully exit, you need 2 consecutive months below ECM thresholds. For example, if you’re identified in January and are below ECM thresholds in February, but then you're at ECM thresholds in March, you’ll be identified in ECM again. If you go 2 consecutive months below ECM thresholds, but are above again in the third, you will be placed back in CMM.

    Dealing with identification discreprencies

    What if I’m identified under a single descriptor but my aggregate rates are below thresholds?

    We can pull all of the descriptors you’re using to see how they're formatted. If you use the same prefix for each one, then we can reach out to Visa and ask them to aggregate going forward. If the descriptors are all very different from one another (for example, MONTHLY PLAN, YEARLY PLAN, and so on), then you should first edit your descriptor using the appropriate prefix format to utilize a dynamic descriptor. It's best if you do this at the end of the month, so sales don’t drop on the old descriptors causing dispute rates to spike.

    The networks' data doesn't match the data that I see in the Dashboard. What does this mean?

    There have been instances where the data reported to Stripe does not match what we observe. This can occur for a number of reasons, such as statement-descriptor formatting, multiple MIDs (processor merchant ID), or counting charges more than once. If dispute data greatly differs, we can reach out to Visa to confirm that the identification is valid.

    What if a user's Mastercard stats don't seem to match?

    This can happen if we update a user's MID (processor's merchant ID) partway through a month. Similar to how Visa relies on the statement descriptor, Mastercard's program relies on MID. Since we report at this level, a change partway through the month could cause the sales count to appear much lower than it actually is.

    Preventing chargebacks and fraud

    Chargebacks

    What are some ways I can prevent fraudulent chargebacks?
    • Tokenize with Stripe.js, Elements or Checkout
    • Pass along as much information as possible at charge creation. IP address, email, billing address, name, metadata
    • Block high risk charges with Radar
    • Create custom block and/or review rules with Radar. CVC checks, AVS checks, Velocity checks, IP/Card country mismatches, etc.
    • Require 3D-Secure
    • Third party Radar alternatives: Sift Science, Riskified, or Forter
    • Third party solutions that offer dispute warnings: Ethoca, Verifi, Chargebacks.com
    What are some ways I can prevent subscription canceled chargebacks?
    • Offer a quick and easy way to cancel. An in-app cancellation button is often the best solution, since it does not require the cardholder to wait to confirm their refund.
    • Clearly communicate billing terms up front prior to accepting cardholder information.
    • Require the cardholder to click an 'opt-in' button stating they've agreed to the billing terms.
    • If offering a free/discounted trial, send a reminder before it expires allowing the cardholder an opportunity to cancel.
    • Implement a flexible refund/return policy. For example, if a user cancels the day after being billed, offer a full or pro-rated refund.
    • Send billing reminders, especially if on a yearly subscription. Typically 7 days before a yearly renewal and 2 to 3 days before a monthly renewal.
    • Third party solutions, such as Ethoca and Verifi. These companies work with certain issuers so that an alert is raised when a chargeback is about to be initiated, allowing the user an opportunity to refund.
    What are some ways I can prevent product not received chargebacks?
    • Clearly communicate shipping times prior to checkout.
    • Clearly and quickly communicate any shipping delays and offer an option for the cardholder to receive a refund if they don't want to wait.
    • Ship items quickly and provide the cardholder with a tracking number when the item has been shipped.
    • For higher value goods, require a signature upon delivery to prevent missing packages or potential "friendly fraud."
    • Ensure items are well stocked and either indicate when an item is backordered or remove it from the site.
    What are some ways I can prevent credit not processed or product unacceptable chargebacks?
    • Implement a flexible refund policy and issue them under reasonable circumstances.
    • Clearly describe the items being sold and display accurate images when possible.
    • Reevaluate any products which tend to see higher dispute rates for these reasons. It's possible the items could be defective.
    • Clearly display the full price for the item, including any taxes, and ensure this is presented to the cardholder prior to accepting their payment information.
    What are some ways I can prevent friendly fraud?

    Friendly fraud is not easy to spot at charge creation, since it's often the legitimate cardholder making the payment. The best way to prevent these types of disputes is to collect as much information as possible at charge creation, clearly communicate shipping times and/or billing terms, require the cardholder to agree to the terms of service, ship only to verified billing addresses, and/or require a signature upon delivery of goods.

    What about other types of chargebacks?

    Less common disputes, such as general or duplicate, can indicate either that your statement descriptor is not recognizable or customers are confused by the way they’re billed. Often these will make up a small percentage of your total disputes. However, if any of these are one of the top three reasons, it could be an indication that some other issue is the root of the problem. For example, disputes where a cardholder believes they were charged more than what was quoted can often come in under general.

    Fraud

    What are some ways I can prevent fraud on my account?
    • Blocking fraud patterns using Radar rules or a third party solution, such as SiftScience or Riskified.
    • Auth and capture in conjunction with Review rules. Issuers cannot report fraud on uncaptured payments, so this is more useful than attempting to refund after capture.
    • Tokenize with Stripe.js, Elements or Checkout
    • Pass along as much information as possible at charge creation: IP address, email, billing address, name, metadata.
    • Block high risk charges with Radar
    • Require 3D-Secure
    If I integrate with 3D-Secure, does this eliminate the possibility of fraud?

    Not exactly. While an authenticated 3DS charge offers the benefit of liability shift on fraudulent disputes, fraud can still occur. When this happens, the issuer reports the fraud to the network (TC40s or SAFE) and this can count towards your fraud volume.

    If I see high fraud on 3DS charges, what should I do?

    By default, Stripe allows all authenticated 3DS payments to go through. Users may want to adjust this rule so that 3DS payments flagged as high risk are still blocked. Additionally, they should rely on other signals like they would with normal charges, such as velocity, transaction size, and/or CVC/AVS checks.

    How can using auth and capture prevent fraud?

    Issuers are required to report fraud on all captured payments, even if they were later refunded. For this reason, Auth and Capture with review rules can be an effective means of preventing fraud volume from being reported. Users can review the authorized payments and then release those they believe to be suspicious. Since the payments were not captured, the issuer cannot report fraud.

    Where can I see the Fraud charges in Radar?

    Fraud charges don't currently feed into Radar. You can only see visible fraudulent disputes or charges that a user manually flags as fraud in Radar.

    Was this page helpful?

    Thank you for helping improve Stripe's documentation. If you need help or have any questions, please consider contacting support.

    On this page