What is the Visa Fraud Dispute Monitoring Program (VFDMP)?

The card brands (Mastercard^®, Visa^®, etc.) occasionally update their rules and regulations. And because of the complexity of most updates and the number of people involved, rollouts don't always go as expected. Sometimes, unforeseen challenges will emerge. And the Visa CE 3.0 initiative is no exception.

Issues with data accuracy

The Visa CE 3.0 initiative — now called the remedy rule — launched April 2023. And by May 2023, Visa had already identified issues that needed to be resolved. 

It seems probable that there were concerns about data accuracy — which was likely caused by a combination of confusion and intentional deceit. Several steps were taken in response. 

First, Visa provided documentation to clarify formatting expectations for the different data elements. Click here to for a detailed guide. 

Second, the card brand launched the Visa Fraud Dispute Monitoring Program – VFDMP. 

Visa Fraud Dispute Monitoring Program explained

Visa launched this new monitoring program to "identify merchants that provide invalid or falsified data" with the intention of "maintaining the integrity of the remedy rule". 

If enrolled, the following will happen: 

1. The acquirer, merchant, or their service provider will be notified of the violation.
2. The merchant will not qualify for CE 3.0 protections until the acquirer, merchant, or service provider confirms in writing to Visa that the underlying issues have been addressed.

What the VFDMP means for you

This newly created monitoring program could significantly affect your business. Here's how to minimize the potential impact.

1. Figure out how notifications will be received.  

Currently, the notification process seems a little ambiguous. Will notifications be sent directly to you? If so, how will they be sent? Mail? Email? Is there an online portal to check? Or will notifications go to your acquirer or service provider? If they go to your acquirer or service provider, is there a process in place to ensure the information is passed along to you?

Start asking questions and see if you can figure out how information will be shared with merchants. If you work directly with a service provider, like Kount, reach out to the support team. If you are receiving Order Insight services through your payment processor, contact your account manager. 

Because this monitoring program is so new, there might not be a clear answer yet. Until there is more clarity, "notifications" might come in the form of changes in your data or workflows. 

You results data should provide insights. If your chargeback rate goes up or your Order Insight success rate drops, it could be because you are no longer receiving CE 3.0 protections.

Your workflows could also provide clues. Currently, if you respond to an Order Insight request with CE 3.0 data, the issuer will send two additional requests for the undisputed transaction data. If you aren't receiving these CE 3.0-specific calls, you may not qualify for protection. 

2. Make sure you are formatting your data correctly. 

Visa has clearly outlined how data elements should be formattded. For example, the device ID must be at least 15 characters. The device fingerprint must be at least 20 characters. The account ID must be a value the cardholder recognizes. 

Review Visa's guidelines, and make sure your Order Insight responses are formatted in full compliance with Visa expectations. 

Check this article to learn more. 

3. Exit the monitoring program as quickly as possible. 

If you are enrolled in the VFDMP, try to get out as quickly as possible. Visa CE 3.0 protections are valuable, and you don't want to operate without them. 

Work with your payment processor or service provider to determine the data integrity issues. Once the issues have been resolved, send a written notice to Visa. Hopefully, the enrollment notice you received will outline what is needed to exit the program. Respond with whatever information is requested using the communication platform specified. 

If you didn't receive a notice, ask your payment processor or service provider for help. 

Again, because this process is so new, there will likely be a lot of unknowns. And reactivating CE 3.0 protections might not be easy or quick. Be diligent. Keep following up until you have successfully exited the program. 

4. Don't give up! 

Complying with Visa CE 3.0 rules might seem complicated. But early results indicate there is a return on investment (ROI). Give it a chance — at least until your own internal data proves otherwise. 

NOTE: Visa initially launched this program with the name Visa Fraud Remedy Monitoring Program (VFRMP). They intend to change it on October 14, 2023 to Visa Fraud Dispute Monitoring Program. For the sake of longevity, we are using the future name now. 

Need help? Have questions? 

Do you have questions about Visa CE 3.0 or the VFDMP specifically? Reach out to our team of experts. We'll share any tips and insights we have to make this new process as effective as possible.