The Visa Acquirer Monitoring Program (VAMP) has quickly become one of the most discussed (and feared) compliance frameworks in the payments industry. With stricter enforcement beginning October 1, 2025, merchants and acquirers around the globe are scrambling to understand how to stay within Visa’s tightening thresholds and avoid painful penalties.
Much of the concern stems from new rules that consolidate all fraud and dispute categories into a single ratio, shift more liability onto acquirers and increase pressure across the entire acquiring ecosystem.
But the deeper issue is visibility. Many organizations still lack full line-of-sight into authorization quality, reversal patterns, transaction reversal fraud (TRF) activity or card-testing surges. Problems remain hidden until Visa flags them, often after penalties or account actions have begun. This is where real-time transaction intelligence is a key differentiator.
Why VAMP is suddenly a major issue
Visa’s updated VAMP framework has triggered industry-wide anxiety for several reasons:
Stricter rules and consolidation: In April 2025, Visa collapsed multiple fraud and dispute programs into a single VAMP calculation. All fraud notices, including friendly-fraud disputes, now feed into a single ratio. Thresholds are lower, tolerance is thinner and risk accelerates much faster.
Liability shifted to acquirers: Acquirers are now accountable for the entire fraud/dispute performance of their merchant portfolios. If a portfolio exceeds thresholds, Visa can penalize the acquirer directly, which often results in acquirers off-boarding legitimate merchants simply to reduce risk.
The grace period is over: Although introduced in April 2025, Visa offered an advisory window.
That ended on October 1, 2025, which is why VAMP is dominating industry news today.
Extreme consequences for merchants: Merchants caught in VAMP include especially high-risk categories such as gaming, subscription services, travel, adult content and digital goods. Consequences can include sudden account termination, frozen payouts, significant recurring fees and “double counting,” which is a transaction counted as both a fraud notice and a chargeback.
Impact on major platforms: Large acquiring platforms, such as Shopify Payments (via Stripe), have off-boarded thousands of merchants to comply with VAMP, widening industry concern.
Additional sources of VAMP exposure: Transaction reversal fraud (TRF), scheme-penalty issues, and card testing
VAMP does more than measure traditional fraud. Authorization quality, reversal behavior and technical integrity all contribute to risk. Three areas cause major issues:
Transaction reversal fraud (TRF) at a point of sale: Malicious individuals can exploit vulnerabilities in the merchant’s POS security or procedures to reverse a transaction and steal funds or merchandise.
For example, a fraudster can distract an employee and swap the merchant’s POS terminal with their own or a duplicate, and then process fraudulent refunds to their own account. Unauthorized access to a merchant’s POS system can also be obtained through malware, scraping data such as card numbers from the system’s memory (to use for online purchases and creating fraudulent cards) or enabling fake refunds or adjustments for sales that never happened.
In addition, a dishonest employee can void a customer’s purchase after they’ve left with the goods and pocket the money from the transaction. These attacks generate everything from abnormal reversals and timing irregularities to dispute spikes and authorization anomalies. And because VAMP counts disputes and monitors “abnormal transaction behavior,” TRF can directly raise compliance risk.
Scheme-penalty patterns (invalid field usage, retries, mismatched records): Visa automatically issues penalties when transaction data falls outside expected parameters. This includes excessive authorization retries, invalid or missing fields, incorrect merchant-advice code usage and mismatched authorization and clearing records.
Card-testing attacks: Card testing occurs when attackers use stolen or algorithmically generated card numbers to send large volumes of low-value authorization attempts, typically through compromised small-business e-commerce sites. On that note…
How INETCO BullzAI helps acquirers and merchants avoid VAMP clampdowns
Card-testing surges adversely affect acquirers’ VAMP Enumeration Ratio (VER), which measures the frequency of card-testing attacks by dividing the number of enumerated transactions (approved and declined) by the total number of authorization transactions (approved and declined). An acquirer is flagged as “excessive” if its VER is at or above 20%, with penalization occurring when the VAMP Enumeration Transaction Count threshold of 300,000 per month is reached.
That’s where INETCO BullzAI is playing a vital role for acquirers around the world. This AI-driven solution ensures end-to-end transaction protection without compromising the customer experience. It instantly assesses the risk posture of every customer, device and payment using real-time monitoring, adaptive machine learning and behavioral analysis.
INETCO BullzAI picks up signals like high declines from a BIN range in a specified period, high velocity of cards and suspiciously low amounts coming from a specific PAN or high-risk merchant category. This improves acquirer visibility on the merchant side where there could be specific POS devices being used to orchestrate card testing. In addition, issuers gain deeper visibility into all transactional behavior that shows symptoms of card testing, particularly when it involves compromised e-commerce merchants who have weak security.
INETCO BullzAI helps acquirers to proactively outsmart fraudsters, stay Visa VAMP compliant and stop payment fraud and cyber threats before they disrupt the customer experience and trigger penalties, merchant account freezes and portfolio-level scrutiny.
Nothing else like it
Unlike other solutions that either struggle to identify attacks or rely on wide-ranging IP blocking to stop them, INETCO BullzAI’s patented transaction firewall identifies card-testing behavior by singling out the devices carrying out the attack and individually blocks them from the transaction network without impacting legitimate customers.
The firewall uses self-learning models to spot behavior deviations for individual users, cards, ATM/POS terminals and mobile devices. It then inspects key data details within each end-to-end transaction, such as terminal IDs and machine fingerprints, to block card-testing attacks before they cause harm. This gives financial institutions unparalleled visibility within payment ecosystems to block these attacks in real time with surgical accuracy.
No other solution can identify and stop card-testing attacks by blocking individual devices. Other solutions force banks and payment processors to carry out a cost-benefit analysis to determine whether they will lose more revenue by shutting down legitimate transactions, or lose more to fraud, and to VAMP, by allowing the attack to complete.
Avoiding TRF and scheme penalties with deeper transaction intelligence
In addition to blocking card-testing attacks, INETCO BullzAI’s real-time visibility into field-level transaction data also enables financial institutions to instantly recognize excessive authorization retries or reversals, invalid or missing data field elements, incorrect merchant-advice code usage and mismatched authorization and clearing records. Non-compliant transaction behavior can be identified and proactively corrected — before it escalates to fines or disputes.
Learn more about how INETCO BullzAI can help merchants and acquirers stay ahead of VAMP enforcement by scheduling a demo today.