Fraud is one of the most persistent threats facing merchants today, and by the time a chargeback hits your system, the damage is already done. What many businesses don’t realize is that there’s a crucial step in the fraud timeline that comes before a dispute is filed—a phase where warning signs exist but are often missed. These warnings come in the form of TC40 and SAFE notifications: fraud reports issued by Visa and Mastercard whenever a cardholder claims that a transaction was unauthorized.
In this article, we’re going to look at the difference between TC40 and SAFE reports, how they relate to chargebacks, and why they’re essential to any serious chargeback prevention strategy. We’ll also cover how acquirers use these reports to assess fraud risk, how they contribute to programs like Visa’s Acquirer Monitoring Program (VAMP) and Mastercard’s EFM, and what you can do as a merchant to monitor, respond to, and reduce their impact.
What Are TC40 and SAFE Fraud Reports?
TC40 and SAFE reports are fraud notification files issued by the card networks—Visa and Mastercard, respectively—whenever a cardholder disputes a transaction as unauthorized. These reports are not chargebacks. They don’t pull money from your merchant account or initiate a formal dispute process. Instead, they serve as behind-the-scenes fraud alerts, helping card networks and acquiring banks monitor where fraud is occurring across the payment ecosystem.
A TC40 report is generated when a Visa cardholder tells their issuing bank that they didn’t authorize a transaction. The issuer is required to report that fraud event to Visa, which compiles the details into a TC40 file and shares it with the merchant’s acquiring bank. Mastercard’s version of this is called a SAFE report, which stands for “System to Avoid Fraud Effectively.” It functions in much the same way, with issuers submitting fraud data to Mastercard’s Fraud and Loss Database.
While TC40 and SAFE reports do not reverse a transaction or immediately affect your revenue, their impact is still significant. They feed directly into the fraud monitoring systems used by Visa and Mastercard, and they shape how your acquiring bank perceives your business’s risk. In some cases, accumulating too many fraud reports can lead to increased fees, enrollment in network compliance programs, or even termination of your merchant account. As such, they play an important role as early indicators, often arriving days or even weeks before a chargeback is filed. When used correctly, they can help merchants identify patterns in fraudulent activity, stop shipments or cancel services before they’re lost, and make targeted improvements to their fraud prevention strategies.
How TC40 and SAFE Reports Are Generated
The process behind TC40 and SAFE fraud reports starts the moment a cardholder claims a transaction wasn’t theirs. These reports are not created by merchants, acquirers, or the card networks themselves; they originate with the cardholder and their issuing bank:
1. Cardholder Reports Fraud—A customer notices an unfamiliar or unauthorized charge on their card statement and contacts their issuing bank to dispute it as fraud (for example, in cases of stolen cards or identity theft).
2. Issuer Files a Fraud Claim—Upon validating that the cardholder did not authorize the transaction, the issuing bank prepares a fraud report. For Visa transactions, the issuer submits the details into Visa’s TC40 system (Risk Identification Service); for Mastercard, the issuer submits into SAFE.
3. Data Transmitted to Network and Acquirer—The card network receives the fraud report and consolidates it. The report is then typically made available to the merchant’s acquiring bank as part of periodic fraud reporting. This means the acquirer can see all fraud reports associated with each of its merchants.
4. Chargeback Raised—Filing a TC40 or SAFE report does not automatically create a chargeback, but the issuing bank may choose to do so depending on the specifics of the situation. Regardless of whether a chargeback is filed, the fraud incident is still recorded in TC40/SAFE.
What Information Do They Contain?
TC40 and SAFE reports contain detailed records of fraud-related transactions. While merchants rarely see the full report directly, these documents are packed with data used by banks, networks, and acquirers to track fraud activity and spot trends. A typical report includes:
- Merchant details, such as merchant ID, business name, and merchant category code, so that the fraud report can be linked to your industry.
- Bank information, such as the issuing bank that reported the fraud and the acquiring bank that processed the transaction.
- Transaction details such as date, time, amount charged, card present or card-not-present indicator, and device ID or IP address for online transactions.
- Cardholder and card data, such as truncated card number, cardholder name, and billing addresses and contact information provided during checkout.
- Authorization information such as auth code, indicators of transaction authentication (e.g., 3D secure, CVV, AVS), and approval or decline status.
- Fraud claim details, such as reason code, date the fraud report was submitted, and whether a chargeback has been initiated.
Regardless of why a report is raised or what information it contains, issuing banks are required to report all instances of fraud via TC40/SAFE, even in cases where the bank decides not to pursue a formal chargeback. These “non-chargeback” fraud reports are more common than most merchants realize. One industry study found that around 43% of fraud claims under $8 were refunded by the issuer without ever escalating to a chargeback.
This creates an important distinction: every fraud-related chargeback will have a corresponding TC40 or SAFE entry, but not every TC40 or SAFE report results in a chargeback. Many don’t; the report is filed as soon as the issuer confirms the cardholder’s claim of unauthorized use, meaning these fraud alerts often appear before, or entirely separate from, the chargeback process. From the merchant’s perspective, this makes TC40 and SAFE reports powerful (but opaque) early indicators of impending chargeback problems.
How Are TC40/SAFE Reports Different from Chargebacks?
It’s important to distinguish between fraud reports (and the TC40/SAFE reports they generate) and chargebacks. They are related but not the same, and they trigger different processes.
The biggest differentiator is the financial impact. TC40/SAFE reports are purely informational and do not result in any immediate loss of funds. Chargebacks, on the other hand, physically withdraw funds from the merchant to reimburse the cardholder. They also differ in terms of timing. TC40/SAFE reports are logged as soon as the issuer confirms unauthorized activity, whereas a chargeback might follow several days or weeks later (or be skipped entirely if the bank absorbs the loss).
There’s also a big difference in merchant awareness. Merchants are notified of chargebacks through their acquirer or processors, and chargebacks are rightfully a big deal. In contrast, TC40/SAFE reports are shared with acquirers, but often withheld from merchants unless requested or surfaced via an alert system. Merchants also have the right to dispute chargebacks through representment, whereas TC40/SAFE esports are non-disputable and logged permanently as risk indicators.
In short, TC40 and SAFE reports are early warning signs of fraud risk. Chargebacks are the downstream financial outcomes. Both affect merchant credibility, but TC40/SAFE gives you a chance to act before money is pulled from your account.
TC40 and SAFE as Early Fraud Warnings
TC40 and SAFE reports are generated as soon as a cardholder reports a transaction as fraudulent and the issuing bank confirms it. Because these reports are often filed before a chargeback is initiated—if one is filed at all—they can function as early indicators of fraudulent activity. In theory, this allows merchants and acquirers to act quickly: halt shipments, revoke digital access, or issue a refund before a chargeback appears. But turning that theory into practice isn’t always straightforward.
Timing is the biggest challenge. Issuers don’t always file TC40 and SAFE reports immediately. Many submit them in weekly or monthly batches. Mastercard issuers, for example, can wait up to 60 days after a chargeback to submit a SAFE report. By the time these reports surface through acquirer systems or fraud alert providers, the chargeback may already be in motion.
Coverage is also a problem. Not every fraud claim results in a visible early warning. Some fraud alerts are delayed or never reach the merchant, especially if you're not enrolled in a real-time alert service like Verifi or Ethoca. Even when alerts do arrive, they don’t always predict a chargeback. Industry data shows that while many fraud alerts eventually become disputes, a fairly large portion—20 to 40 percent—do not. This creates a gray area: should you act on every alert, or risk letting some slide?
Sometimes, alerts arrive too late. There are instances where the fraud report and the chargeback are filed almost simultaneously. In those situations, the merchant receives what is technically called an “early warning,” but the opportunity to prevent financial loss has already passed. It becomes a notification, not a prevention tool.
Despite these challenges, TC40 and SAFE reports are highly valuable from a fraud management perspective. The key is access. If you’re relying solely on chargeback notifications, you’re seeing fraud after it’s too late to stop. But with the right tools that integrate real-time fraud alerts, TC40 and SAFE data can be turned into actionable insights that reduce downstream risk.
Using Fraud Alerts to Prevent Chargebacks
Given the timing delays and visibility issues with TC40 and SAFE reports, many merchants are left with limited options to act before a chargeback occurs. This is where third-party fraud alert systems step in. To bridge the gap between issuer fraud reporting and merchant response, Visa and Mastercard have built out dedicated services—Verifi and Ethoca, respectively—that transform internal fraud signals into actionable alerts.
These networks receive fraud notifications directly from issuing banks (the same sources feeding TC40 and SAFE) and immediately route those alerts to participating merchants or their processors. This gives businesses a short window, usually 24 to 48 hours, to take proactive steps and potentially stop a chargeback before it’s filed.
Here’s how these systems work and why they’re effective:
- Real-Time Visibility—Unlike TC40/SAFE reports that are often delayed, Verifi and Ethoca deliver alerts within hours of a cardholder’s fraud claim. This enables merchants to act almost immediately.
- Resolve Before Dispute—Alerts are “pre-dispute,” meaning the issuer agrees to pause the chargeback process if the merchant resolves the issue quickly. By resolving during this window, the merchant can avoid dispute costs.
- Lower Chargeback Ratios—Because the chargeback is never filed when resolved via an alert, it doesn’t count against your chargeback ratio. This helps merchants stay under program thresholds and reduces the risk of being flagged.
- Wider Network Coverage—Most major issuers in North America and Europe participate in Verifi and Ethoca. While not every fraud claim routes through these networks, a significant share does.
- Cost vs. Control—Alert services typically charge per alert, usually around $30 to $40. While that adds an expense, it’s often cheaper than absorbing a chargeback fee, losing the product or service value, and risking a higher dispute rate.
In effect, these services make TC40 and SAFE data actionable. Rather than sitting hidden in issuer-to-network communication channels, the fraud reports are converted into real-time merchant alerts.
Why All This Matters
TC40 and SAFE reports don’t just offer insight into individual fraud cases; they influence how card networks evaluate your business as a whole. Both Visa and Mastercard use these reports to calculate fraud metrics and determine whether a merchant is violating network thresholds. Breaching those limits can trigger fines, enforcement programs, or even termination of your merchant account.
VAMP and the Fraud Monitoring Program
Visa has long tracked merchants through its Fraud Monitoring Program (VFMP), where crossing key fraud thresholds, like a 0.9% fraud-to-sales ratio and at least $75,000 in fraud volume, could lead to formal enrollment. These metrics are calculated using TC40 data, not just chargebacks.
As of 2025, Visa has shifted to a more unified model: the Visa Acquirer Monitoring Program (VAMP). VAMP combines fraud and chargeback metrics into a single ratio:
(fraud alerts + non-fraud chargebacks) ÷ total transactions.
This new model still includes TC40-based fraud alerts, even those that were refunded or didn’t result in chargebacks. Merchants who exceed 1.5% (dropping to 0.9% in 2026) may be placed in a compliance program and fined approximately $10 per dispute beyond the limit. Crucially, this means that merchants can be penalized even if they avoided chargebacks, because the fraud was still recorded.
Mastercard’s Excessive Fraud Merchant (EFM) Program
Mastercard’s approach focuses more specifically on confirmed fraud chargebacks. To be flagged under the EFM program, a merchant must exceed:
- 1,000 monthly Mastercard transactions;
- $50,000 in fraud-related chargeback volume;
- A 0.5% fraud chargeback rate; and
- Show low 3D Secure usage (under 10% in non-regulated regions.)
EFM fines escalate monthly if no remediation occurs, ranging from $500 to over $100,000 for repeat violations. While Mastercard relies more on chargebacks than alerts, the consequence is the same: high fraud means high risk and high cost.
MATCH List and Acquirer Liability
Both Visa and Mastercard also hold acquirers accountable for merchants with excessive fraud. If too many merchants in a processor’s portfolio cross the fraud line, the acquirer itself may face penalties. That’s why acquirers monitor TC40/SAFE activity closely, even when merchants don’t.
If fraud issues persist and an acquirer terminates your account, they may report you to the MATCH list, using Reason Code 05 (Excessive Fraud). This effectively blacklists your business from obtaining another merchant account with most providers, as MATCH is shared across acquiring banks and networks.
TL;DR?
You don’t have to be in a monitoring program today to be at risk. Many merchants focus solely on chargeback ratios, not realizing that TC40 and SAFE reports—even those that never turned into disputes—are quietly stacking up in the background. These reports can tip your fraud ratio over the line even when your chargeback numbers seem healthy.
That’s why monitoring both fraud and chargeback activity is essential. Merchants should regularly:
- Calculate fraud rates using available alert data.
- Track TC40/SAFE trends (via acquirer reports or tools like ChargebackStop.)
- Use fraud prevention tools proactively—not just to stop chargebacks, but to reduce fraud at the source.
And importantly, keep in mind that 3D Secure shifts liability for chargebacks, but not fraud reports. Even when the issuer absorbs the loss, the fraud still counts against you in your TC40 data. If you’re letting too much fraud through, you’ll be flagged, even if you’re not footing the bill.
From Alert to Action: How ChargebackStop Transforms Verifi and Ethoca into Real Prevention
Fraud monitoring programs are designed to catch what merchants overlook. If you don’t manage fraud internally, the networks will manage it for you. For merchants serious about chargeback prevention, enrolling in Verifi and Ethoca is no longer optional; it’s foundational. But access to these alerts is only half the battle. The real challenge is acting on them quickly and consistently, especially when disputes are coming from multiple issuers or across multiple MIDs.
That’s where ChargebackStop comes in.
ChargebackStop integrates directly with Verifi and Ethoca, enabling merchants to receive real-time fraud alerts as soon as a cardholder initiates a fraud claim. But more importantly, ChargebackStop doesn’t just forward alerts, it acts on them. Our platform automatically flags the at-risk transaction, triggers pre-set workflows (such as pausing fulfillment or issuing a refund), and helps merchants resolve disputes before they become chargebacks.
By funneling TC40/SAFE-based alerts into a centralized dashboard, ChargebackStop gives merchants a unified view of their fraud exposure across card brands and processors. No more jumping between portals or digging through spreadsheets to identify high-risk transactions. You get:
- Real-time alert ingestion from Verifi, Ethoca, and participating issuers
- Automated dispute resolution workflows, tailored to your business rules
- Centralized reporting that ties fraud alerts to chargeback outcomes
- Integrated analytics to identify patterns and reduce future fraud exposure
In short, ChargebackStop turns early fraud warnings into proactive protection, helping you prevent chargebacks, maintain compliance, and preserve your bottom line.
Ready to stop fraud in its tracks?
Let ChargebackStop turn your alerts into action. Request a demo or talk to our team today about how we can integrate Verifi and Ethoca into your chargeback prevention strategy.
