FAQ: Fraud Monitoring with TC40 and SAFE

November 13, 2025

Table of Contents

  1. What is TC40 data?
  2. What is Mastercard's SAFE?
  3. How do TC40 and SAFE work?
  4. How does TC40 data help prevent chargebacks?
  5. Can merchants view TC40 data?
  6. What requirements do TC40 and SAFE impose on banks?
  7. How to operationalize TC40 and SAFE data

Visa and Mastercard are  the two largest credit card networks, and as such, they have a vested interest in monitoring and preventing credit card fraud. Among the tools they use to assist in this process are TC40 (for Visa) and SAFE (for Mastercard).

These systems are part of Visa and Mastercard’s credit card fraud monitoring programs, and while many merchants haven’t had to deal with TC40 and SAFE data firsthand, they're often generating a lot of it without even knowing it.

Knowing how and why this data is generated and collected can give you insights into how fraudsters might be targeting your business. In this FAQ, we’ll try to answer the most pressing questions merchants have about TC40 and SAFE.

What is TC40 data?

TC40 data is a Visa record containing information regarding cardholder fraud claims. This data is used in calculating a merchant's VAMP ratio.

What is Mastercard's SAFE?

SAFE or System to Avoid Fraud Effectively is Mastercard's official process for documenting claims of fraud made by cardholders.

How do TC40 and SAFE work?

Whenever an issuing bank receives information that a transaction might have been carried out without the cardholder’s knowledge or authorization, they submit details of that transaction to the card network through the appropriate reporting system.

TC40 is the name of the report that issuing banks send to Visa to report fraudulent transactions as part of its Risk Identification Service, and SAFE (System to Avoid Fraud Effectively) is Mastercard’s analogous fraud monitoring system.

Information included in these reports can include:

  • Merchant information, including name, location, MCC, etc.
  • Bank information for both parties involved in the transaction.
  • Transaction details, including location, time, etc.

Usually, the way an issuing bank finds out that a transaction may have been fraudulent is that the cardholder contacts them to dispute it.

It is therefore highly likely that all fraud-related chargebacks generate TC40 or SAFE reports, but not every possible instance of fraud that gets reported to the card networks will become a chargeback.

Some banks will simply reimburse cardholders out of their own funds for low dollar amount disputes simply because it’s cheaper than activating the entire chargeback process.

How can TC40 data help prevent chargebacks?

TC40 data can give merchants insight they might not otherwise have into fraud claims, especially those with a low transaction value. In particular, a merchant being targeted for card testing might not even realize it without looking at this data, since that kind of fraud involves low-value transactions that will often be refunded by the cardholder's bank directly.
 
Data about fraudulent transactions that didn't result in chargebacks can also be fed into fraud prevention tools that analyze transaction data using machine learning to better detect potentially illegitimate purchase attempts.
 
However, it's important to note that there are limitations to the usefulness of these reports. They can't be used to give a merchant early warning of a potential chargeback, since they often aren't released until long after the claim is made.
 
If you want to prevent chargebacks from disputes in progress, chargeback prevention alerts are the better option, since they’re specifically designed to facilitate this approach. For merchants, the primary value of TC40 and SAFE data is in what you can learn about your specific fraud vulnerabilities.

Can merchants view TC40 data?

Merchants can ask their acquiring bank to share their TC40 data, but banks aren't required to fulfill such a request. With the increased importance of TC40 due to Visa's VAMP, however, most acquirers are making this data more readily available.

What requirements do TC40 and SAFE impose on banks?

As part of their overall fraud monitoring strategy, Visa and Mastercard require that issuing banks provide them with data about fraudulent transactions. This information is used to assess the patterns of fraud activity and improve fraud prevention efforts. Reports and findings are shared with both issuers and acquiring banks.

Banks are not required to notify merchants when one of their transactions is included in a TC40 or SAFE report. At their own discretion, acquiring banks may provide their merchants with TC40 and SAFE data upon request.

While many issuers may choose to submit these reports on a frequent and timely basis, there can be considerable lag time between the initial dispute and the reporting. Mastercard specifically is fairly generous with the time frame it gives issuers to report, which means that by the time SAFE data is available you might be looking at fraud activity that’s two months old.

How to operationalize TC40 and SAFE data

TC40 and SAFE reports become useful when connected to day-to-day fraud controls and simple analytics. Fraud teams that take advantage of this data can identify hidden vulnerabilities and develop targeted mitigation strategies, testing hypotheses about where fraud is originating and which controls appropriately balance risk and customer friction.

To obtain insights from TC40 and SAFE data, map the transactions in the reports to internal transaction and order logs. Then analyze the data to uncover patterns.

If a small set of BINs is responsible for a large share of reported fraud, additional authentication for those BINs can reduce loss without blocking the whole market. Where specific products show elevated reports, consider implementing stricter fraud controls for transactions involving those items.

Signs like repeated small purchases from the same IP can indicate card testing. If this pattern of behavior is rare for legitimate customers, strict velocity checking can prevent repeated fraud attempts.

To enhance analytical tools further, consider partnering with a chargeback management company that can integrate TC40/SAFE data along with chargeback data from multiple processors into a single unified analytics dashboard. This can massively simplify data analysis and allow for new insights that lead to operational improvements.

 

Chargebacks 101 E-guide   This free e-guide explains how the chargeback process works and how you can fight chargebacks to recover your revenue.  

Similar Posts

Chargeback Insurance Pros and Cons
Chargebacks
November 20, 2025
Chargeback Insurance Pros and Cons

4 min read

How to Prevent Chargebacks: A Practical Guide
Chargeback Prevention
October 23, 2025
How to Prevent Chargebacks: A Practical Guide

6 min read

logo-cbg

We Know Chargebacks

Recover more revenue and increase client satisfaction today.
cbg-logo-white
  • 5601 Democracy Drive
    Suite 195 Plano, TX 75024
  • 866-999-3758

GDPR CertifiedPCI-Level I CertifiedSOC2 Certified

BBB_ABSeal_H_RVS_7469_US-4256x1542-8b06aa0 (1)  2020-Q2-ComplianceBadge-PCIDSS

 

Partners

Support

Subscribe to Our Blog

Follow Us

© 2025 Chargeback Gurus ®.  All rights reserved.