What Are the Challenges for Merchants?

Historically, most merchants have struggled to access meaningful fraud data through their acquiring partners. Many acquirers either lacked the necessary data themselves or charged merchants a hefty fee to gain access to their fraud data. While there was an alternative available through Verifi’s Inform program, many merchants chose not to pursue this option.

The primary reason for merchants not utilizing fraud data was the limited utility of the data.  Because the old thresholds for Visa’s legacy fraud monitoring programs were set at relatively high levels of fraud dollars, most merchants, unless they were significantly large, never even approached these thresholds. Additionally, there was often a considerable overlap between other types of disputes and alerts, which meant that from a customer service perspective, consumer complaints were still being addressed without the need for specialized fraud data. Even when merchants did receive and analyze fraud data from their acquirers or through Inform, it was typically used for minimal actions, such as cancelling future payments under recurring subscriptions, rather than for more comprehensive fraud and dispute prevention strategies.

Well… that world is changing come April 2025. Merchants, particularly those in medium and high-risk verticals, will need to start actively monitoring and mitigating their Visa fraud rates.  More precisely, they’ll need to manage their net fraud rates, taking into account any credits for RDRs, CDRNs and similar adjustments. So, what challenges will merchants face in this new landscape?  

We see three primary challenges for merchants under VAMP, ranked in order of difficulty:

1. Measurement of Ratios

The first significant challenge will be accurately measuring fraud ratios. As described in our previous VAMP post titled “What We Know About VAMP”, the VAMP thresholds will be based on fraud UNITS rather than fraud DOLLARS, which marks a substantial shift in reporting requirements. Also, the VAMP ratio calculation involves subtracting resolved disputes such as RDRs, CDRNs and confirmed Compelling Evidence 3.0 cases from the total fraud units – a bit of arithmetical gymnastics and accurate reporting requirements that could complicate the process. Remember, your acquirer may not separate mitigated disputes from chargebacks in its reporting.

To calculate these ratios accurately, merchants will need to create a system for linking various data points, such as fraud notices (TC 40 data), alert mitigation efforts, and refunds together FOR SPECIFIC TRANSACTIONS in order to be able to calculate an exact ratio. Stitching this information has never been a straightforward exercise even before the introduction of VAMP and may require merchants to collaborate with their acquirers to incorporate more detailed meta-data into authorization payloads for better matching.

• The Enumeration Ratio Adds Complexity: Calculating the Enumeration Ratio will be even trickier because its numerator is determined by Visa’s Account Attack Intelligence (VAAI) tool. (Click the link for more information on Visa’s VAAI model: LINK).   Don’t be fooled by the 300,000 monthly Visa transaction threshold! It might sound large, but in the context of an enumeration attack, where thousands of transactions can be generated per second depending on your tech stack, reaching that threshold could happen faster than you think. If your Merchant Identification Numbers (MIDs) are targeted, 300,000 monthly enumeration transactions could be just a rounding error for thieves.

2. Developing Plans to Improve Your Ratios

The second, and far more challenging task, will be creating effective strategies to improve fraud ratios, especially for merchants at or above the VAMP thresholds. The key is getting ahead of any brewing fraud issues before they become problems. The old adage that an ounce of prevention is worth a pound of cure is certainly accurate in the realm of association compliance.

• Identifying Fraud Drivers: To manage fraud effectively, merchants will need to answer questions like: “Which affiliate is responsible for the majority of fraud?”, “Are certain issuers failing to provide RDRs or CDRNs, and why?”, and “How are different price points influencing overall fraud unit rates?” These insights will be essential for developing targeted mitigation strategies.
• Navigating Cause-and-Effect Relationships: Many merchants haven’t had to dive deep into analyzing how various factors contribute to fraud. Additionally, as we mentioned above, some payment systems struggle to distinguish between RDRs and chargebacks, making it challenging to get an accurate picture of dispute resolution efforts.
• Reporting Processes Need Upgrading: To meet VAMP’s requirements, merchants will need robust reporting capabilities that go beyond tracking fraud dollars and include detailed analysis of fraud units, dispute resolution outcomes, and the factors driving fraud.
• Managing the Enumeration Ratio Will Be Binary: The Enumeration Ratio will largely require merchants to implement PROACTIVE solutions to reduce their risk. Even analyzing your transactions by affiliate, BIN, or issuer in near real-time won’t help much here as thieves and hackers can be in and out in minutes. The key will be to strengthen processing controls to prevent enumeration attacks from occurring in the first place.
• Implementing and Managing Dispute Mitigation Products: To remain compliant with the new VAMP thresholds, it may be necessary to collaborate with a dispute mitigation company and start implementing RDR (Rapid Dispute Resolution) and CDRN (Consumer Dispute Resolution Network) solutions right away.

These products can help reduce fraud and disputes, but they come with a significant cost and need to be carefully optimized for your specific business needs. Successful integration involves aligning these dispute mitigation tools with your customer service and payment operations to ensure they not only address compliance but also enhance overall efficiency. Properly managed, RDRs and CDRNs can significantly reduce the impact of disputes, but the strategy must be tailored to maximize cost-effectiveness and performance.

3. Understanding How Your Acquirer Will Measure VAMP

The third challenge will be understanding how your acquirer will measure your VAMP ratio.

Historically, merchant and acquirer fraud ratios were calculated independently. With the introduction of VAMP, the new thresholds have a collaborative element, where the acquirer’s and merchant’s ratios are interdependent. For example, the Merchant Excessive identification level only applies if the acquirer’s VAMP ratio is below 0.3%. However, many acquirers have not traditionally shared their fraud ratios with merchants, making it difficult for merchants to assess how this interdependency will impact them under the new measurement standards.

Additionally, as we’ve said several times now but is worth repeating, many acquirers currently lack the capability to differentiate between RDRs and chargebacks, often combining both into a single dispute ratio. This poses a challenge because RDRs, which are not always clearly defined, and CDRNs (which many acquirers do not track in their systems), will need to be excluded from the TC 40 data used to calculate fraud ratios. For merchants, this creates a “black hole” of risk, as critical elements of the fraud ratio calculation may not be accurately accounted for.

It is highly recommended that merchants proactively reach out to their acquirers to understand how the measurement process will be implemented under VAMP and clarify how these interdependencies might affect their compliance.

• OneERS Risk Tool for Acquirers: Visa has indicated that the updated VAMP will include acquirer monitoring and operational improvements to help acquirers better prevent fraudulent activities. Among these updates is the introduction of OneERS, a new risk technology tool for Ecosystem Risk Services designed to enhance operational efficiencies. Acquirers will have access to OneERS, which aims to support the accurate measurement and monitoring of fraud within the payment ecosystem.

What we do not yet know is how accurate the OneERS reporting will be and whether merchants will receive any actionable, meaningful data from their acquirers through the system. Historically, new tools like these take time to achieve accuracy and reliability, so it is strongly advised that merchants calculate their own VAMP ratios independently of their acquirer to ensure data accuracy.

This is where Slyce360 comes in! Slyce360 provides the validation and deeper insights needed to accurately calculate your VAMP ratios. With Slyce360, you can stay ahead of compliance requirements and make informed decisions as you navigate the evolving VAMP landscape.

October 24, 2024