Staying Out of the Penalty Box: Tactics to Avoid VAMP & ECM
For years, merchants have judged their risk by a single number: the chargeback ratio. Stay below the headline thresholds, and you were generally safe. That era is now well and truly over.
Visa and Mastercard now evaluate merchant risk in broader, more unforgiving ways. Visa’s Acquirer Monitoring Program (VAMP) combines fraud and disputes into a single performance metric. Mastercard’s Excessive Chargeback Merchant (ECM) and High Excessive Chargeback Merchant (HECM) programs continue to escalate penalties for merchants whose disputes cross defined limits. Together, these frameworks have shifted how risk is measured and how quickly merchants can find themselves under scrutiny.
Merchants that fall into these programs face higher fees, stricter controls from their acquirers, rolling reserves, and, in extreme cases, termination of their ability to process cards. Staying operational now depends on understanding how these programs work and adapting before the networks force the issue.
Why The Networks Changed The Rules
Chargebacks and fraud are rising at the same time card-not-present commerce is becoming the default. Issuers bear the cost of fraud. Acquirers absorb the risk when merchants fail. Card networks sit between them, tasked with protecting trust in the system.
From the networks’ perspective, focusing only on chargeback ratios was no longer sufficient. Fraud that never turned into a dispute still represented systemic risk, and enumeration attacks could overwhelm issuers without ever producing a traditional chargeback spike. The result was a shift toward holistic monitoring that looks at patterns, not just outcomes.
VAMP and ECM are the practical expression of that shift. They are not warning labels, but fully-fledged enforcement mechanisms that merchants can easily fall foul of if they’re not careful.
Inside Visa’s VAMP
Visa’s Acquirer Monitoring Program went live earlier this year with enforcement beginning in October, replacing both the Visa Fraud Monitoring Program and the Visa Dispute Monitoring Program. Instead of treating fraud and disputes separately, VAMP evaluates them together through a single monthly ratio calculated across card-not-present activity.
At a high level, the VAMP ratio compares the number of confirmed fraud cases and fraud-related disputes against total settled card-not-present transactions. For acquirers, sustained ratios above defined thresholds trigger monitoring, remediation requirements, and eventually fines. While VAMP is formally an acquirer-level program, the burden flows downstream. Acquirers respond by tightening controls on merchants whose activity threatens their portfolio.
For merchants, the practical implication is that even if your chargeback ratio looks acceptable in isolation, rising fraud can still make you a problem account. Volume matters too. Once fraud and dispute counts cross minimum thresholds, performance is no longer invisible.
VAMP also introduced a separate enumeration metric, designed to identify merchants that are unknowingly hosting card-testing activity. High volumes of failed or low-value authorisations can push a merchant into monitoring even if customer-facing disputes remain low.
Importantly, not all disputes are treated equally. Disputes resolved before they become chargebacks, and fraud cases backed by qualifying Compelling Evidence 3.0, are generally excluded from the VAMP ratio. This distinction has become one of the few pressure-release valves merchants can still control.
Mastercard’s ECM and HECM Programs
While Visa has broadened its lens, Mastercard’s ECM programs remain firmly focused on dispute volume and ratios. The thresholds are well known, with merchants processing more than 100 chargebacks per month with ratios above 1.5% risking ECM designation. At higher volumes and ratios, merchants enter HECM, where penalties escalate quickly.
Unlike VAMP, ECM, and HECM are explicitly merchant-level programs. Fines increase month over month if performance does not improve. Acquirers may impose additional reserves, limit transaction volumes, or terminate accounts altogether. Exiting these programs requires sustained improvement, not one-off fixes.
What catches many merchants off guard is how quickly ordinary operational issues can tip them into ECM territory. Subscription confusion, delayed fulfilment, unclear billing descriptors, and first-party misuse all contribute. Once the thresholds are breached, recovery becomes a race against time.
How Merchants End Up In The Penalty Box
Most merchants do not arrive in VAMP or ECM because of a single catastrophic failure. They get there through accumulation over time. Fraud controls that were adequate at lower volumes fail to scale. Enumeration attacks go unnoticed until issuers complain. Refund policies that favour short-term revenue create long-term dispute pressure. Customer service becomes reactive instead of preventative.
In many cases, merchants are fighting yesterday’s battles. They invest heavily in representment while ignoring the fact that every dispute still counts toward monitoring ratios, regardless of outcome. Winning a chargeback does not erase it from the networks’ calculations.
Staying Out Of Trouble Starts Before The Dispute
Avoiding VAMP and ECM is less about fighting disputes and more about preventing them from existing in the first place.
Strong fraud controls remain the foundation of the best defence. Risk-based authentication, velocity checks, and behavioural analysis reduce both fraud losses and downstream disputes, but blocking enumeration is equally critical. Merchants that fail to identify card-testing patterns risk triggering monitoring even when legitimate customer traffic looks healthy.
You also need to ensure you’ve got operational clarity. Customers who recognise a charge on their statement, for example, are less likely to dispute it. Customers who can cancel or obtain refunds easily are less likely to escalate to their bank. These are not customer-experience niceties but mandatory compliance safeguards.
Diverting Disputes Before They Count
One of the most effective ways to protect monitoring ratios is to resolve disputes before they become chargebacks. Visa and Mastercard both support pre-dispute tools that allow merchants to intercept disputes at the issuer level.
Visa Rapid Dispute Resolution (RDR) enables merchants to automatically resolve certain disputes through refunds or acknowledgements before they post as chargebacks. Ethoca alerts and network notification tools offer similar opportunities across issuers. When used correctly, these tools can eliminate a significant portion of dispute volume from ever entering the chargeback system.
These tools also have an immediate impact, with merchants immediately benefiting from fewer chargebacks, which means lower ratios, reduced monitoring risk, and fewer conversations with acquirers about remediation plans.
Compelling Evidence 3.0
Fraud disputes driven by first-party misuse have become one of the fastest-growing dispute categories. Visa’s Compelling Evidence 3.0 framework was introduced to address this problem by allowing merchants to demonstrate legitimate cardholder behaviour using historical transaction data, device identifiers, and account activity.
When applied correctly, CE3.0 can prevent fraud disputes from progressing or shift liability back to the issuer. Just as importantly, fraud cases supported by qualifying CE3.0 are generally excluded from VAMP calculations. This makes CE3.0 not just a representment tool, but a risk-management strategy.
However, utilizing CE3.0 can be operationally difficult. Merchants must collect the right data consistently and surface it through the appropriate channels. Without automation, CE3.0 quickly becomes impractical at scale.
Monitoring Risk Before Your Acquirer Does
The merchants that stay out of trouble treat monitoring thresholds as early-warning indicators, not hard limits. They track fraud and disputes daily, segmented by channel, geography, and product. They set internal alert levels well below network thresholds and act as soon as trends shift.
This approach changes the dynamic with acquirers. Instead of responding to compliance notices, merchants can demonstrate control, show improvement plans, and avoid punitive measures altogether.
Staying Out Of The Penalty Box With Chargebackstop
Managing VAMP and ECM risk manually is no longer realistic. Your data is incredibly fragmented, the timelines are unforgiving, and the cost of inaction is too high.
ChargebackStop gives merchants a single platform to manage dispute prevention across networks. By integrating with Visa RDR, Ethoca alerts, and network data feeds, we help merchants resolve disputes before they become chargebacks and before they count toward monitoring programs. Our dashboards surface the metrics that matter, allowing teams to see emerging risk early and respond decisively.
For merchants already under pressure, ChargebackStop helps stabilise ratios fast by automating dispute diversion, supporting CE3.0 workflows, and restoring visibility across fraud and dispute activity.
Book a demo with ChargebackStop to see how we help merchants stay compliant, reduce disputes, and protect their ability to process cards.


