Visa is the world's largest credit card network, and as such, it has a vested interest in monitoring card card fraud to identify potential bad actors in the system. One of the tools Visa uses for this purpose is called TC40.
Many merchants don't examine their TC40 data, if they're even aware it exists. Yet this data can provide useful details about transactions flagged as fraudulent. Understanding how to access and interpret this data can help merchants recognize fraud patterns, adjust prevention measures, and mitigate risk.
TC40 reports are generated by issuing banks when a cardholder claims that a transaction on their account was unauthorized. This information is sent to Visa as part of its risk identification service, allowing the network to track fraud trends across merchants, industries, and geographic locations. Mastercard’s SAFE serves the same purpose within its network.
When a bank receives a fraud claim from a cardholder, it records transaction details such as:
The merchant's name, location, and merchant category code (MCC).
Bank details for both the issuing and acquiring banks.
Transaction data, including time, location, and amount.
Visa uses this data to identify merchants with high fraud activity, allowing Visa to take enforcement actions, such as placing businesses under monitoring programs. Visa also analyzes patterns in reported fraudulent transactions. The information collected helps Visa improve its overall fraud prevention efforts.
A TC40 report is generated when an issuing bank receives a claim of fraud, but it does not automatically mean a chargeback will occur. Some banks choose to reimburse cardholders directly for smaller transactions instead of filing a chargeback, as it may be more cost-effective.
This means that some fraudulent transactions never appear in a merchant's chargeback records, but they do get recorded in TC40 reports. By reviewing this data, merchants can gain insights into fraudulent activity that might otherwise go unnoticed.
Visa uses TC40 data to assess merchants' fraud risk. Under the new Visa Acquirer Monitoring Program (VAMP), even fraudulent transactions that do not result in chargebacks count toward a merchant's VAMP ratio, which combines disputes and fraud reports into a single metric. This makes it even more important for businesses to track fraud reports alongside chargeback data.
Merchants who do not monitor their TC40 data may not realize they are at risk until they receive a warning from their payment processor. By understanding what is being reported, merchants can take steps to reduce fraud before reaching the threshold for intervention.
One of the biggest challenges with TC40 data is access. Unlike chargeback notifications, which merchants receive directly, TC40 reports are not automatically shared. Merchants can request this data from their processor, but processors aren't required to provide it. Some may refuse outright, while others offer reports on a monthly or quarterly basis.
Another option is obtaining TC40 data through a third-party provider. Companies like Chargeback Gurus may be able to retrieve TC40 data through existing integrations. They can also provide a platform for merchants to view and analyze data from TC40 reports and chargebacks.
TC40 reports are often significantly delayed from the time of the initial claim, making them less useful for addressing fraud in real time. Additionally, if not enlisting the help of third-party experts, merchants must analyze the data themselves to identify trends and take action. Despite these challenges, requesting TC40 data can still be valuable for merchants looking to understand how fraud is affecting their business.
TC40 data can provide valuable insights into fraud patterns that may not be immediately visible through chargebacks alone. One key use of TC40 data is detecting card testing attempts. Fraudsters often make small purchases to determine whether stolen card details are still valid.
These low-value transactions might not trigger a chargeback, but they can be an early warning sign of larger fraudulent activities to come. Merchants who analyze TC40 data can recognize these patterns and take preventive steps, such as implementing stricter authentication measures or blocking suspicious transactions.
In addition, merchants can use TC40 data to refine their fraud detection tools. Machine-learning algorithms and fraud prevention software often rely on transaction data to identify suspicious behavior. By incorporating insights from TC40 reports, merchants can improve their fraud detection capabilities, making it easier to spot illegitimate purchases before they escalate into chargebacks.
Complicating these efforts, however, is the fact that TC40 reports rely on cardholders self-reporting fraud, which introduces the risk of inaccurate information. False claims and friendly fraud—where customers mistakenly or dishonestly dispute legitimate purchases—can skew the data, leading merchants to misinterpret their fraud risk.
Because of this limitation, TC40 data should be used as one component of a comprehensive chargeback management strategy rather than as a single source of truth. Combining this data with data from fraud detection tools and chargeback analysis can provide a clearer picture of fraud-related activity and help merchants take more informed steps to reduce exposure.
TC40 data provides merchants with a deeper understanding of fraud-related activity, helping them recognize trends and adjust fraud prevention measures. While accessing this data can be difficult, businesses that obtain and analyze it can use the insights to reduce fraud and lower their risk of chargebacks. By incorporating TC40 reports into an overall risk management strategy, merchants can better protect their revenue.