Visa Issuer Monitoring Program (VIMP)
Table of Contents
- What Is the Visa Issuer Monitoring Program (VIMP)?
- Why Am I in Visa's Monitoring Program?
- What Are the Consequences of Enrollment in the VIMP?
- How Does the VIMP Affect Chargebacks?
In e-commerce, merchants bear the financial liability for fraud by default. When a cardholder is the victim of fraud, they will typically dispute the unauthorized charge with their issuing bank, which will credit the cardholder for the transaction amount.
In most cases, however, issuing banks aren't willing to take the financial hit themselves, and will instead go to the merchant to get their money back. Merchants who have excessive rates of fraud or chargebacks are subject to monitoring programs imposed by the card networks, which impose fines as long as the problem remained unresolved. Therefore, it's not unreasonable for merchants to wonder what oversight the banks have in this process. What if it's their lack of security, not the merchant's, that's causing the fraud to occur?
That's where the Visa Issuer Monitoring Program (VIMP) comes in.
This program is unlikely to impact merchants directly, but since issuers touch every transaction they process and are directly involved in initiating and adjudicating chargebacks, it’s worth taking the time to understand how this program works, what it is designed to achieve, and how it may affect the behavior of issuing banks.
What Is the Visa Issuer Monitoring Program (VIMP)?
The VIMP has its origins in the Cross-Border Fraud Issuer Monitoring program that previously existed in the European market. The VIMP expanded upon and replaced this program, updating its protocols and making them applicable to issuing banks worldwide.
The ultimate objective of the VIMP is to reduce fraud across the board, not simply shifting liability (and with it, the obligation to shoulder the lion’s share of the security burdens) from one party to another.
With monitoring programs already in place for merchants, the VIMP gives equal attention to the issuers’ responsibility to reduce fraud and protect cardholders and (and merchants) from cybercriminals.
In specific terms, issuers with high rates of fraud will be expected to make better approval decisions, utilize effective fraud prevention tools, and verify transactions with 3-D Secure technology.
Why Am I in Visa's Monitoring Program?
When an issuing bank reaches the applicable threshold, Visa will send them a notification, kicking off a three month notification period. During this period, there are no penalties or other negative consequences, and the issuer is left to their own devices to figure out how to get their fraud problem under control. If they succeed in doing so, they will be taken out of the VIMP. Once the notification period is over, however, Visa starts taking matters much more seriously.
What Are the Consequences of Enrollment in the VIMP?
At this point, the issuer is also be required to submit to Visa an action plan for reducing their fraud levels. At twelve months, written performance assessments are required, and issuers whose fraud rates are still excessive are subject to additional penalties and remediation measures to be determined by Visa, which may include freezing the bank’s ability to issue new Visa payment cards.
If a bank that has been enrolled in the VIMP fails to comply with Visa’s requirements during this time period, they can get slapped with non-compliance fines that can run as high as $100,000.
After an issuer has succeeded in keeping their fraud activity below the thresholds for three consecutive months, they will be released from the program.
How Does the VIMP Affect Chargebacks?
As things currently stand, banks are highly incentivized to give their customers what they want and refrain from pushing back too hard against unprovable claims of fraud. Many so-called “fraudulent” charges are actually entirely legitimate, and are disputed by cardholders out of impatience, confusion, or frustration with the merchant.
Now, however, filing chargebacks for fraud based entirely on the word of the cardholder will increase the issuer’s fraud rate and put them at risk of placement in the VIMP.
With the introduction of this program, there is a meaningful incentive for issuing banks to question and investigate fraud claims more thoroughly, which should reduce the amount of friendly fraud that merchants have to deal with.
Other new programs such as Order Insight can provide issuing banks with more information about the transaction a cardholder wishes to dispute. In combination with the incentives from the VIMP to reject false claims of fraud, that means many friendly fraud chargebacks will be rejected before the merchant ever hears about them.
We’re always pleased to see the big card networks issue a mandate that has the potential to yield benefits to merchants without imposing new obligations or requirements on them.
While this program isn’t likely to change the behavior of fraudsters and unethical consumers anytime soon, we hope and expect that it will make some issuing banks more vigilant about rubber-stamping claims of fraud from cardholders who are engaging in harmful acts of friendly fraud, intentionally or otherwise.
The VIMP may also help to increase the adoption and use of 3-D Secure, which can greatly reduce actual fraud from stolen payment cards. Stopping e-commerce fraud requires a team effort from all stakeholders in the industry, but it’s always easier to pass off liability when you can. This monitoring program will help ensure that issuers do their due diligence and shoulder their fair share of the burden in keeping online marketplaces free from theft and deception.