How does the Visa Fraud Monitoring Program (VFMP) affect EMV 3D Secure?
Updated: Aug 21, 2020
EMV 3D Secure can be one of the most lucrative and scalable solutions for e-commerce businesses today. Essentially, the more money you lose to chargebacks without EMV 3D Secure, the more you’ll save with EMV 3D Secure enabled.
How does the Visa Fraud Monitoring Program fit into this?
First, let's talk about VFMP. This is a program that Visa automatically puts you in if you have too much fraud. This is not something you WANT to apart of, and if you're in it, you don't have a choice. This is essentially a way for Visa to keep an eye on merchants identified as "risky".
Can you still get the protection of EMV 3DS if your business is in the VFMP?
There are three levels to the VFMP and each level has a threshold of fraud. Once you exceed the threshold, Visa automatically enrolls you at the appropriate level. It's important to note that the thresholds also change on transactions that use EMV 3DS.
In short: You will only receive the chargeback liability shift that EMV 3DS provides if you are in the first level of the VFMP - also known as the "VFMP warning level".
1. VFMP Warning Level: $50,000 of fraud AND a .65% ratio of fraud dollars/sales dollars per month OR if you are using EMV 3DS then it's $5,000 of fraud from EMV 3DS transactions AND a .5% ratio of EMV 3DS fraud dollars / EMV 3DS sales dollars. You aren’t technically enrolled in the program but these are the thresholds that will trigger a warning from your acquirer on behalf of Visa. With that said, if you have a month that exceeds the standard threshold then you can skip this warning stage altogether.
2. VFMP Standard Level: $75,000 of fraud AND .9% ratio of fraud dollars/sales dollars per month OR $7,500 of fraud from 3DS transactions AND a .75% ratio of 3DS fraud dollars / 3DS sales dollars. At this point, you are in the program, and because of the excessive fraud on your account, Visa no longer gives you the benefit of the doubt with regards to chargebacks and therefore you no longer can benefit from EMV 3DS. Visa does this by switching all of your normally protected 10.4 fraud to 10.5 which gets no liability shift. However, if you have 3 consecutive months of transactions below this threshold, then you’re out of the program.
3. VFMP Excessive Level: $250,000 of fraud AND 1.8% of sales value. Merchants with high-risk Merchant Category Code (MCC) are put here automatically (5962, 5966, 5967, 7995, 5912, 5122, and 5993). If you are in this category, you cannot exit even with good performance. That said, you still need to get your fraud levels down, otherwise, you will pay expensive monthly non-compliance fees anywhere from $10,000 to $75,000 a month.
There are Two Exceptions:
1. If a fraudster bombards you with transactions from a single card, only the first 10 will count towards your fraud ratio.
2. Visa excludes fraud reason code 3 (a fraudulent payment that occurs from the use of a card obtained from a fraudulent application using a false name and false information.)
Chances are you don't have to worry about VFMP
All these numbers can get confusing but it’s important to keep in mind that these thresholds only enroll you when they are combined with each other.
For example, the standard VFMP program calls for $75,000 of fraud AND .9% of fraud. That means that you could have a .9% fraud ratio on $500,000 of sales in a given month, and still be completely free of the program. That’s because if you do the math, you will only be at around $4,500 of fraud. Since the criteria is $75,000, you are at a very safe distance from being enrolled.
So to put things simply the VFMP is a program that you want to stay far away from. If you’re leveraging 3D secure to protect against fraud and you’re worried about losing the liability shift from VFMP, chances are you have nothing to worry about.
Still, have questions? Contact us at email@example.com