Skip to main content

Network Program Applicability

Last Updated: 2025-02-17 Status: Complete

Card network monitoring programs—Visa VAMP, Mastercard ECP, EFM, and MATCH—apply differently to ISOs, ISVs, and PayFacs. Understanding these distinctions is critical for partnership decisions and risk management.

Quick Reference

ProgramISO ImpactISV ImpactPayFac Impact
Visa VAMPIndirect (via acquirer)None to indirectDirect responsibility
MC ECPIndirectNone to indirectDirect responsibility
MC EFMIndirectNone to indirectDirect responsibility
MATCH ListingPrincipal onlyRareSub-merchant listing

Program Overview

Network Monitoring Programs

VAMP Transition (April 2025)

Visa VAMP (Visa Acquirer Monitoring Program) replaced VDMP and VFMP in April 2025. The unified program has different thresholds and applies at the acquirer/PayFac level.

ProgramNetworkFocusThreshold
VAMPVisaChargebacks + Fraud1.5% ratio + 1,500 txns
ECPMastercardChargebacks1.5% ratio + 100 CBs
EFMMastercardFraud0.5% fraud + $50K + under 10% 3DS
MATCHAll NetworksTerminated MerchantsVarious violation codes

VAMP Applicability

How VAMP Applies by Entity

ISO and VAMP

Are ISOs monitored by VAMP? No—ISOs are NOT directly monitored by VAMP because:

  • ISOs do not hold merchant accounts
  • Merchants referred by ISOs have individual MIDs with acquirers
  • VAMP monitors at the acquirer level, not the referral partner level

Indirect ISO Impact:

ScenarioISO Consequence
Multiple ISO-referred merchants hit VAMPAcquirer may terminate ISO relationship
ISO portfolio shows high CB patternsAcquirer may restrict ISO onboarding
ISO-referred merchant MATCH listedISO reputation affected

ISO Protections:

  • Contractual provisions in ISO agreement
  • Portfolio-level performance monitoring by acquirer
  • No direct fines from Visa to ISO

ISV and VAMP

ISVs have variable VAMP exposure:

ISV ModelVAMP ExposureNotes
ReferralNoneNot a payment participant
API IntegrationNoneProcessor handles
PFaaSIndirectPFaaS provider monitored
PayFacDirectISV-as-PayFac is monitored

PayFac and VAMP

PayFacs are directly monitored by VAMP:

VAMP ElementPayFac Responsibility
Threshold monitoringTrack aggregated chargeback ratios
Sub-merchant managementIdentify and remediate high-CB merchants
Program entryPayFac enters VAMP, not individual sub-merchants
FinesPayFac pays fines (can recover from sub-merchants)
Exit requirementsPayFac must bring ratios below threshold

VAMP Thresholds for PayFacs:

MetricStandardEarly WarningExcessive
CB RatioUnder 0.9%0.9-1.5%Over 1.5%
Transaction CountN/AN/A>1,500 CBs

See Network Monitoring Programs for detailed VAMP coverage.

ECP Applicability

Mastercard Excessive Chargeback Program

EntityECP MonitoringAccountability
ISONot monitoredN/A
ISV (Non-PayFac)Not monitoredN/A
PayFacMonitored at PayFac levelDirect
Sub-merchantMonitored within PayFacPayFac responsible

ECP Thresholds

TierChargeback RatioChargeback CountMonthly Fine
ECP>1.5%>100$1,000-$25,000
HECP>3.0%>300$25,000-$100,000

ISO Indirect Impact

ISOs may face consequences if their referred merchants generate ECP issues:

EventISO Impact
Merchant enters ECPISO residuals may be reduced
Multiple ECP entriesAcquirer may review ISO agreement
Merchant terminated for ECPResidual stream ends

EFM Applicability

Mastercard Excessive Fraud Merchant Program

EFM focuses on fraud rather than chargebacks:

EntityEFM MonitoringImpact
ISONot monitoredIndirect only
ISV (Non-PayFac)Not monitoredN/A
PayFacMonitoredDirect accountability

EFM Thresholds

MetricThreshold
Fraud Rate>0.5%
Fraud Amount>$50,000
3DS CoverageUnder 10% eligible transactions

Why EFM Matters for PayFacs

PayFacs with sub-merchants in high-fraud verticals must:

  • Monitor fraud rates at sub-merchant level
  • Implement 3D Secure for eligible transactions
  • Terminate sub-merchants exceeding thresholds
  • Pay fines for program entry

MATCH List Implications

MATCH (Member Alert to Control High-Risk Merchants)

MATCH is a terminated merchant database shared across acquirers. Listings affect future merchant account approvals.

MATCH Listing by Entity Type

EntityHow They Get ListedMATCH CodeFrequency
ISO PrincipalPersonal fraud, misrepresentation02, 05, 12Rare
MerchantCB excess, fraud, violationsVariousCommon
Sub-merchantPayFac reportsVariousCommon
PayFacSponsor bank reports01, 02, 04Rare

ISO MATCH Exposure

ISOs are generally not listed on MATCH because they are not merchants. However:

ISO Principal Listing Scenarios:

  • ISO owner personally commits fraud (Code 02)
  • ISO misrepresents business or merchants (Code 05)
  • ISO principal is also a merchant owner (various codes)

Consequences of ISO Principal Listing:

  • Cannot register as Third-Party Agent
  • Cannot work with acquiring banks
  • May affect associated businesses

ISV MATCH Exposure

ISVs rarely appear on MATCH:

ISV ModelMATCH Exposure
ReferralNone
API IntegrationNone
PFaaSNone (users may be listed)
PayFacFull exposure

PayFac MATCH Responsibilities

PayFacs have MATCH reporting obligations:

ResponsibilityRequirement
Query before onboardingCheck MATCH for all sub-merchant applicants
Report terminationsAdd sub-merchants terminated for cause
TimingReport within 1 business day (Mastercard)
AccuracyEnsure correct reason codes

MATCH Reason Codes Relevant to PayFacs:

CodeReasonTypical Trigger
01Account Data CompromiseData breach
02Common Point of PurchaseFraud investigation
03LaunderingAML violation
04Excessive Chargebacks>1% ratio sustained
05Excessive Fraud>0.5% fraud rate
09Bankruptcy/LiquidationBusiness failure
12PCI-DSS Non-complianceSecurity violation

Program Responsibility Matrix

Monitoring Program Responsibility by Role

ProgramAcquirerPayFacISOISV (Non-PF)
VAMP MonitoringPrimarySecondaryNoneNone
VAMP FinesPaysMay absorbNoneNone
ECP MonitoringPrimarySecondaryNoneNone
ECP FinesPaysMay absorbNoneNone
MATCH QueryRequiredRequiredNot applicableNot applicable
MATCH ReportingRequiredRequiredNot applicableNot applicable

Contractual Flow-Through

Risk flows through contracts even when direct monitoring doesn't apply:

Risk Mitigation by Entity

ISO Risk Mitigation

Even without direct program exposure, ISOs should:

ActionPurpose
Screen merchant referralsAvoid high-CB merchants
Monitor portfolio metricsTrack CB trends before acquirer acts
Contractual protectionsLimit liability for merchant behavior
Diversify acquirer relationshipsReduce single-point-of-failure

ISV Risk Mitigation

ISVs should ensure their partners handle program risk:

ISV ModelMitigation Approach
ReferralChoose reputable processors
PFaaSVerify provider's program compliance
PayFacBuild full monitoring infrastructure

PayFac Risk Mitigation

PayFacs must proactively manage all programs:

ProgramMitigation Strategy
VAMPReal-time CB monitoring, early termination
ECPSame as VAMP
EFM3DS implementation, fraud screening
MATCHPre-screening, appropriate termination reporting

See Merchant Monitoring for implementation details.

Self-Assessment Questions

  1. Why are ISOs not directly monitored by VAMP or ECP?
  2. How does VAMP monitoring differ between acquirers and PayFacs?
  3. What scenarios could result in an ISO principal being MATCH listed?
  4. Why do PayFacs have MATCH reporting obligations but ISOs do not?
  5. How can ISOs mitigate risk from merchant chargebacks even without direct program exposure?

References

Share: