Solidgate logo
Log inGet a demo
Get a demo
  1. Home
  2. Guides

Subscription playbook: VAMP remediation guide

VISA logo in white on a solid blue background.
Smarter monitoring, safer payments, and stronger compliance—this VAMP playbook helps merchants lower fraud rates, reduce disputes, and safeguard subscription growth.
Visa’s new Acquirer Monitoring Program (VAMP) raises the stakes for merchants in many sectors, especially those running subscription models. In this playbook, Solidgate's risk team breaks down exactly what to do to keep your fraud and dispute rates low. Your VAMP compliance starts here!
What’s inside the VAMP guide?
Use this guide to:
  • Understand and monitor VAMP metrics
  • Prevent fraud
    with strong measures
  • Improve customer communication and transparency
  • Optimize billing practices
  • Simplify cancellation processes
  • Review and adjust risk strategies

Intro

Visa’s new Acquirer Monitoring Program (VAMP) raises the stakes for merchants in many sectors, especially those running subscription models. Excessive chargebacks and fraud aren’t just annoyances; they can jeopardize your ability to process payments and incur hefty fines.
This playbook delivers actionable strategies to reduce your VAMP exposure by targeting the biggest driver: friendly fraud (first-party misuse). Key takeaways for founders and operators:
  • Friendly fraud dominates disputes
    Up to 75% of chargebacks stem from legitimate customers disputing valid charges (forgotten subscriptions, “I didn’t recognize the charge,” etc.). Your best defense is proactive customer communication and frictionless cancellation – not after-the-fact firefighting.
  • Visa is cracking down hard
    Starting June 2025, merchants exceeding a 2.2% VAMP Ratio or 20% card-testing fraud rate face immediate monitoring and fines. This threshold tightens to 1.5% in April 2026 – there’s no room for complacency.
  • Think of
    chargeback prevention
    as a product feature
    Optimize your billing descriptors, checkout disclosure, emails, and cancellation UX just like you optimize conversion. Make it obvious and easy for customers to understand what they’re buying and how to cancel. This trade-off may slightly reduce initial revenue but massively cuts “friendly” chargebacks that could kill your business.
  • Use every tool to preempt disputes and enroll in all Solidgate chargeback prevention solutions
    Use Visa Order Insight to share transaction details with banks in real-time. Enable Rapid Dispute Resolution (RDR) to auto-refund disputes before they become chargebacks. Leverage alerts (Verifi, Ethoca) to intercept incoming disputes and Compelling Evidence 3.0 to overturn fraud notifications. Utilize Solidgate Antifraud to detect and block fraudulent transactions proactively.
  • Police high-risk transactions and sources
    In high-volume environments, one risky affiliate or geo can flood you with fraud. Implement stringent fraud screening, 3-D Secure, velocity checks, and consider blocking or extra verifying high-risk regions (e.g. certain LATAM, Africa, South Asia markets prone to fraud). It’s better to turn away bad transactions than suffer a wave of chargebacks.
Bottom line:
Reducing VAMP exposure isn’t about one silver bullet – it’s a continuous, full-stack effort. The following guide breaks down exactly what to do, with real-world examples and checklists, to keep your dispute rates low and your subscription business thriving safely.

VAMP metrics and thresholds

The revised program introduces transaction-based metrics called the VAMP Ratio and VAMP Enumeration Ratio. These metrics combine fraud and chargebacks into one measure, providing a clearer picture of overall risk.
Screenshot 2025-11-25 at 16.31.26.png
VAMP Ratio threshold calculations exclude:
  • Disputes (TC15) resolved through pre-dispute products
  • Fraud (TC40) qualified for Compelling Evidence 3.0 (
    CE 3.0
    )
The Visa monitoring metrics thresholds, categorized as Excessive, will be implemented in two phases: June 1, 2025 and April 1, 2026.
Table showing VAMP ratio and VAMP enumeration ratio thresholds by region.

ADDITIONAL CRITERIA

Includes VisaNet transactions only, card-not-present only, domestic and cross border. Minimum of 1,500 monthly VAMP Count per descriptor.
  • Merchant Excessive Identification level applies only if Acquirer VAMP Ratio <50bps.
  • CEMEA region merchant excessive only: minimum of 150 combined Fraud (TC40) and Disputes (TC15) and >=75,000 USD dispute and TC40 amount.
  • Min of 300,000 count of enumerated authorization transactions per descriptor identified via Visa Account Attack Intelligence (VAAI) model.
The merchant s descriptors may be grouped to evaluate the performance of a single merchant.

Reducing friendly fraud in subscriptions

Friendly fraud (also called first-party misuse) occurs when a legitimate customer disputes a charge they actually authorized. This is rampant in subscription businesses – think “I forgot to cancel my free trial,” “I don’t recognize this charge on my bill,” or “I’m unhappy and it was easier to call the bank than the merchant.”
To combat this, make it nearly impossible for a customer to need to file a chargeback. The following strategies focus on transparency, communication, and customer-friendly processes that preempt disputes. Each tactic includes practical implementation tips you can apply immediately.

Optimize your billing descriptor

When customers see their bank statement, will they recognize the charge as yours? A confusing
descriptor
is a leading cause of “unrecognized” chargebacks. Don’t rely on a default processor name or a cryptic code.
  • Best practice: Use a clear, descriptive billing descriptor that includes your brand or product name (preferably your website name) and a way to contact you if space allows (a phone number or short URL). Visa allows up to 22 characters for the statement descriptor, so use them wisely.
  • Real-world example: Instead of a generic descriptor like PAYMENT*SG12345, use something like: WorkoutPlan 8005551234.
This example includes a recognizable brand fragment (“WorkoutPlan”) and a helpline number. A customer who sees this is far less likely to panic and chargeback because they immediately connect the charge to their subscription and know how to reach you.

Implementation tips

  • Ask your payment provider (Solidgate) if you can set a custom DBA/descriptor name. Ensure it closely matches your website or product name.
  • If your gateway/acquirer supports dynamic descriptors, customize them per product or subscription plan (e.g., include the plan name).
  • Add a support phone number if you have the characters; many issuers display it, giving customers an easy way to call you instead of their bank.
  • Test what your descriptor looks like on a card statement: do a charge on your own card and check your online bank. Make sure it’s immediately clear it’s your company.

Checklist: Billing descriptor

  • Descriptor includes recognizable business or product name (not a generic LLC or processor name).
  • Descriptor includes contact info (URL or phone) if possible.
  • Tested the descriptor visibility on actual statements (mobile app and web).
  • Consistency: Website footer, invoices, and emails mention the same name as the descriptor to
    reinforce recognition.
  • The descriptor remains recognizable for all charges in a subscription sequence.

Scrutinize high-risk geographies and traffic sources

Not all customers are equal when it comes to fraud risk. Subscription merchants often operate globally, but certain regions and marketing channels carry significantly higher fraud and chargeback rates. Be proactive in managing the following three aspects:

High-risk countries

Be aware of countries known for elevated fraud. For example, experience shows higher fraud from parts of Latin America (e.g. Brazil, Mexico, Argentina, Dominican Republic), some African nations (e.g. South Africa, Kenya, Nigeria), South/Southeast Asia (e.g. Pakistan, India, Indonesia), and parts of the Middle East.
World map highlighting countries like Mexico, Dominican Republic, Brazil, with country names labeled near each shaded region.
This doesn’t mean block everyone from these places, but you might: 
  • Require
    3-D Secure
    or additional verification for orders from these regions. Lower velocity thresholds (e.g. max 2 attempts from these countries).
  • If the risk/reward doesn’t pan out, consider geo blocking certain countries entirely, at least for card payments. You could alternatively offer safer payment methods there (like cash on delivery or local wallets) if relevant, or just avoid markets where you see nothing but fraud.
  • If you have the capability, route transactions through local acquiring in the region. Sometimes, a transaction coming from a local bank appears less suspicious than an international charge, leading to fewer false declines and possibly fewer fraud attempts. Local processing can also improve your acceptance rates, which reduces the pool of suspicious repeated attempts.

Affiliate and marketing source monitoring

If you drive subscriptions through affiliates or ads on various networks, track performance by source. Some affiliates might send incentivized or low-quality traffic that signs up for trials and later chargebacks. For each affiliate or campaign, monitor the subsequent chargeback rate. If affiliate “John’s Deals” is bringing a 5% chargeback rate, you either cut them off or have a serious talk about traffic quality. Consider an affiliate agreement that penalizes high fraud ratios.
Similarly, be wary of “freebie seekers” from certain forums or deal sites – they may sign up for trials en masse with no intent to keep, spiking your disputes. Adjust your campaigns or add more friction (e.g., require phone verification) for such sources.

Monitoring tools

Use antifraud system or a business intelligence tool to segment transactions by country, region, or source and compare fraud/dispute rates. This can reveal hot spots. For instance, you might find that while your overall dispute rate is 0.8%, customers from Country X are at 2.5%. That’s a sign to intervene specifically for Country X.

Implementation tips

  • Maintain a “high-risk geography” list and update it based on industry reports and your own data. You can start with the list provided above and refine it.
  • Configure your antifraud rules by region.
    Solidgate Antifraud
    lets you apply different rules for different countries (e.g., auto-decline all transactions from a country you don’t serve, or require manual review for first orders from a high-risk region).
  • Communicate with your acquiring bank/processor about country risk. They might have data on where other merchants see issues or even be able to block known fraud hotspots at the network level.
  • Log and review referral fraud: if you find multiple fraudulent orders coming from the same referrer or marketing channel, cut it off quickly. It could be a rogue affiliate or a compromised ad placement.

Set crystal-clear expectations at checkout

Many friendly fraud disputes occur because the customer claims they “didn’t know they would be charged” or “didn’t understand the terms.” This is especially true for free trial offers, introductory pricing, or rebills. Eliminate any ambiguity before the customer hits “Buy”. 
Best practice: Clearly display billing terms on your checkout page (and anywhere you pitch the offer). The customer should see in plain language what they are paying now, what they will pay in the future, and at what interval. If you offer a trial or promotion that leads into a paid subscription (negative option billing), explicitly state the trial duration, trial cost (if any), how much the subscription will cost afterward, and when the next charge will occur. 
Real-world example (checkout text): Start your 7-day free trial. After 7 days, you will be charged $29.99 monthly until you cancel. You can cancel anytime by [simple cancellation method]. By clicking Join, you agree to these terms.
Payment form for an educational course showing $19.99 with payment options and a checkbox with a subscription agreement stating that after a 7-day free trial, users will be charged $29.99 per month until cancelation.
On the checkout form, you might have a small summarized text like above, and require the user to check a box acknowledging it.
Example: I agree that after my 7-day free trial, I will be charged $29.99 per month until I cancel.
The checkout form with a small summarized text of user commitment.
This explicit consent not only educates the user but also protects you in case of disputes, as it is easy for the merchants to prove they agreed to recurring charges.

Implementation tips

  • Display pricing and renewal terms prominently
    Do not hide it in fine print. Use bold text or a summary section in the order summary.
  • For trials, use a checkbox or an initial next to the terms, as some card networks require explicit cardholder consent for recurring charges after a trial. (Visa and Mastercard have compliance rules mandating this for free trials – make sure you meet them.)
  • Clear total price 
    Make sure the total price and currency are clear for the first charge and subsequent charges. Avoid misleading phrases like “Just $1” if that is only a trial fee and the user will owe more later. Always clarify what happens after the “$1”.
  • Summarize terms
    If you have a terms of service document, summarize the critical billing info in a quick blurb at checkout. Don’t rely on “they could have clicked our T&Cs” – surface the key points.
  • Save user agreement 
    Save a record of the user’s agreement to the terms (e.g., store the checkbox timestamp, IP, etc.). It could become compelling evidence if they dispute the charge.

Checklist: Checkout disclosure

  • All charges (trial and recurring) are clearly described at sign up.
  • Users must actively consent to
    recurring billing
    terms (checkbox or similar).
  • No misleading or hidden fees – pricing is transparent and in plain language.
  • Terms of service and refund/cancellation policy are easily accessible via link.

Send prompt email receipts and reminders

Transaction receipts

For every successful payment (initial purchase, trial signup, rebill, etc.), send an email receipt right away. For every successful payment (initial purchase, trial signup, rebill, etc.), send an email receipt right away. The receipt should include: the amount charged, date, product or plan name, the billing period it covers, and a note on how to manage or cancel the subscription. This serves as a record the customer can refer to, rather than calling the bank in confusion.
Example receipt content:
Subject: Your Receipt for Workout Plan – $29.99 Charged
Hi John,
Thank you for your purchase! We’ve charged $29.99 to your card ending in 4242 for your Workout Monthly Plan. This payment covers your membership from Mar 15, 2025 to Apr 14, 2025.
Subscription Info: You will be billed $29.99 automatically each month on the 15th. If you wish to cancel or change your plan, you can do so anytime by logging into your account or clicking here: [Cancel Subscription].
Need Help? If you have any questions or didn’t authorize this charge, please contact us at
support@workout.com
or +1-800-555-1234. We’re happy to help!

Two WorkOut order confirmation email examples with payment details.
Upcoming charge reminders

If you offer a free trial or a subscription with a long interval (e.g., annual billing), send a heads-up email a few days before the next charge. This is crucial for trials: many card networks (Visa included) mandate a reminder before converting a free trial to paid. Even if not required, it’s a smart move to avoid the “I forgot to cancel and got charged” chargebacks.
For a trial ending, send a reminder ~3–7 days prior (depending on trial length) stating:
Your trial is ending on [Date]. You will be charged [Amount] for the [Plan Name] on that date. If you don’t wish to continue, you can cancel here [link]. We hope you stay with us, but we want to make sure you’re aware of this upcoming charge.
For annual subscriptions or other infrequent charges, send a reminder ~1–2 weeks before renewal, since customers often forget a subscription they paid for a year ago. 
Customers might use these reminders to cancel – and that’s okay. It’s far better to lose a renewal than to have a surprised, angry customer who files a dispute. In fact, these practices build trust and goodwill, increasing the chance they come back later.
A heads-up email about the upcoming charge.

Implementation tips

  • Automate receipt emails via your billing system or payment processor’s webhooks. Every successful charge triggers an email template with the relevant info.
  • Keep email subject lines clear (“Receipt” or “Upcoming Charge”) + your company name + descriptor. This way, if they search their inbox later, they find your communications about the charge instead of assuming fraud.
  • For trial reminders, set up a scheduled job or use your CRM to trigger at the appropriate interval. Ensure it only goes to active subscribers who haven’t canceled yet.
  • Include the descriptor of the transaction in the email body.
  • Include cancellation instructions or direct links in these emails. The easier you make it for them to cancel at this stage, the lower the chance they’ll go to the bank later. Additionally, always provide easily accessible support contact information.
  • For trial reminders, also consider sending a text message reminder, especially for trials. Some users pay less attention to email. (But email is the minimum requirement to meet card scheme rules.

Checklist: Communication

  • Receipt email sent immediately for every charge (trial signup, recurring billing, etc.).
  • Receipt email contains the amount, period, what it’s for, cancellation instructions, and how to contact support.
  • For trials, an end of trial reminder email is scheduled.
  • For long-term subscriptions, renewal reminder emails are scheduled.
  • All customer-facing messages reinforce the same descriptor name and support contact info.

Make cancellation painless and instant

If a customer wants to cancel, let them cancel. Any friction or trickery here is practically begging for a chargeback down the line. Merchants sometimes hide the cancellation option to save churn, but that almost always backfires with disputes, angry complaints, or regulatory trouble. The cancellation flow must be dead simple, self-service, and quick.
Best Practice: Offer online cancellation in a couple of clicks, with immediate confirmation. The user should be able to go to their account (or a manage subscription link from the receipt email), click “Cancel Subscription,” maybe complete a brief optional survey or confirmation, and that’s it – their subscription is canceled effective either immediately or the end of the period with no further charges.
Key elements of a friendly cancellation process:
  • Easy to find. The path to cancel shouldn’t require a scavenger hunt. A logical place is the user account page or a “Manage Subscription” menu. At minimum, provide a clear link in the footer or help center labeled "Cancel Subscription" that guides them.
  • No forced contact. The user should not have to call or email you to cancel. That introduces delays and frustration. Provide a self-service flow. (It’s okay to offer help or alternatives, but don’t make it mandatory to talk to someone.)
  • Confirmation step. When they click cancel, you can ask “Are you sure?” or present a quick offer (like “Switch to a cheaper plan instead?”) – but always include a clear final “Cancel now” button. Do not trap the user in endless questions.
  • Immediate confirmation. Once canceled, show a confirmation on-screen and send a confirmation email right away. The email should document the cancellation date and whether they’ll receive any refund or keep access until period end. This email is their proof that they canceled – preventing “I thought I canceled but still got billed” situations.

Implementation tips

  • Implement a self-service cancellation page within the app / on the website if you don’t have one.
  • If you require login and many customers never created credentials (common if you only took an email at purchase), consider a one-click cancel link in emails that auto-authenticates the user. Or have a quick “retrieve my subscription” using email verification. The key is to remove barriers.
  • Cancel the subscription immediately upon receiving a request from the user through support.
  • Keep the flow short. Any extra steps you add (surveys, offers, etc.) should be skippable. A frustrated user will abandon and go to their bank – exactly what we want to avoid.
  • Monitor the cancellation process periodically yourself. Pretend to be a customer and try to cancel. If anything is confusing or broken, fix it immediately.
  • Track reasons for cancellation (if you ask). If many say “didn’t know I would be charged” or “hard to use service,” that’s feedback to further improve your upfront communication or product.

Checklist: Cancellation UX

  • Customers can cancel online without contacting support.
  • The cancel option is easy to find on the website/app.
  • Cancellation is effective immediately or at period end with no further billing.
  • Confirmation email is sent for every cancellation, documenting the outcome.
  • Trial users can cancel during trial just as easily, and won’t be charged if they do.
Tip #1: Upgrade/Downgrade plans 
If people have options, they may be less likely to cancel if they can downgrade instead of feeling stuck paying too much (and then disputing out of spite). 
Tip #2: Discounts
It’s fine to present a save offer (discount, pause subscription, etc.) as long as it’s genuinely optional. This will help to minimize churn and increase retention.

Deliver what you promised (and more)

Some chargebacks come from genuine dissatisfaction – the user feels the product/service didn’t match expectations. While some of those might be opportunistic “I want my money back” claims, many can be headed off by simply running an honest, high-quality business that minimizes customer complaints. 
Best practice: Under-promise and over-deliver. Ensure your marketing (including all performance ads) is accurate and your product fulfills it. Also, ensure a smooth onboarding so customers actually start using what they paid for.
Practical points to implement:
  • No misleading claims. Review your marketing copy, especially if you use affiliate marketers. Ensure you’re not accidentally (or intentionally) allowing false promises that set users up for disappointment. For example, if you sell a digital coaching service, don’t let affiliates advertise it as a “magic cure in 7 days” if it’s not. Misled customers often call the bank out of frustration.
  • Transparent product info. On your site, clearly describe what the user gets, the billing frequency, and how to cancel (reiterating what was told in checkout). If your service is digital, mention things like “This is a subscription product. You can cancel anytime on our website or by contacting support.”
  • Fair pricing for each region. If you serve multiple countries, consider localized pricing. Sometimes chargebacks happen because users in certain regions felt the price was exorbitant relative to local incomes or found out they were charged extra foreign transaction fees. Offering prices in local currency or at fair levels can reduce that grievance-based disputes.
  • Consistent communication. Make sure the language of your product/service matches the language used in the signup funnel. If your ads and checkout were in Spanish, but your product is only in English, the user could feel deceived. Align content and language to the customer’s expectations set at purchase.

Implementation tips

  • Go through your customer journey from ad/landing page to first use. Identify any potential “surprises” a user could encounter (e.g., additional fees, different product than imagined) and eliminate them with better info upfront.
  • Set up a system to send a welcome email or onboarding guide right after purchase, highlighting how to use the service. This gets them engaged (and engagement is the enemy of friendly fraud – if they use it, they’re less likely to claim it was bad or unknown).
  • If you run a trial model, ensure the trial and onboarding experience is good. A user who had a poor trial experience will chargeback the first payment, saying “I cancelled” or “product not as expected.” So, for example, send usage tips during the trial and remind them of the upcoming charge so they either start using it or cancel in time.
  • Continuously collect feedback (via surveys, support interactions, etc.). If multiple customers dispute after the first month, citing “did not understand it was subscription” or “service not useful,” that’s a sign to improve communication or the service itself.

Checklist: Product & Marketing

  • Establish fair and reasonable product pricing, adjusting it to users' geographic locations.
  • Marketing claims align with actual product capabilities.
  • All product details (features, billing frequency, trial conditions) are clearly stated on the site. Welcome/activation emails or materials are sent immediately at purchase.
  • The product/service is accessible or delivered promptly post purchase.
  • Offer and product language is consistent (no bait and switch in language or terms).
  • Regularly review customer feedback and dispute reasons to spot promise performance gaps.

Provide responsive customer support
 (1-hour aim)

When customers can’t quickly get help, they are far more likely to file a chargeback for resolution. Conversely, a quick response from your support team can turn a potential dispute into a simple refund or explanation, – saving you a chargeback. 
Best practice: Offer multiple support channels and fast response times. Ideally, provide at least an email and a live contact method (chat or phone). Ensure support queries, especially billing-related or cancellation requests, are addressed within 1 hour max. So if a customer emails “I didn’t want this renewal, please refund,” you intercept that and resolve it long before they consider a dispute.

Implementation tips

  1. Clearly list your contact information on your website (footer, Contact Us page, support page). Include an email address and/or support ticket form, and any available phone number or chat. The key is that a frustrated customer can quickly find a way to talk to you.
  2. If possible, include support contact info on the card statement descriptor as mentioned and in transaction emails.
  3. Staff your support adequately. High-risk, high-volume businesses should have support on weekends too, because disputes happen 24/7. If you can’t do 24/7 live support, at least ensure no request sits unanswered more than a day.
  4. Provide support reps with guidelines to proactively offer refunds or solutions for angry customers. Empower them to resolve issues on first contact. For example, if someone says “I didn’t mean to subscribe, please cancel and refund,” your support should be allowed to refund that last charge immediately (assuming it’s small) rather than dragging it out. Eating a small refund is far better than a chargeback plus fine.
  5. Track support tickets related to billing. If you notice common themes (“I want a refund, I didn’t know about this charge”), use that insight to improve your checkout and communications to prevent repeats.
  6. Use AI to enhance your support experience and increase SLA.
The following contact information must be displayed on the website: 
  • Mailing address (for correspondence).
  • Customer support number OR customer support email.
  • The above information may be displayed in the website footer or on a сontacts page.

Checklist: Support 

  • Support contact (email/phone/chat) is easy to find on the site and in emails.
  • Support team or process in place to handle inquiries within 24 hours or less.
  • Use AI to increase SLA.
  • Policy in place to generously refund unhappy customers to avoid escalations.
  • Support scripts or training cover how to de-escalate and resolve billing complaints.
  • Contact info or help link is included in customer communications and possibly billing descriptor.

Leverage network products and Solidgate chargeback prevention

Visa and Mastercard have products that can either prevent disputes and fraud notifications from happening or make it easier for you to fight them. Solidgate has absolutely all the tools below implemented on their end, and they are easily accessible for use by any Solidgate merchants.
  • Visa Order Insight (OI)
    This service allows you to share detailed order info with issuing banks in real time when a customer queries a transaction. Essentially, if a cardholder calls their bank and says “What is this charge?” the bank, via Order Insight, can pull data you provide (e.g. product description, customer name, date of signup, product, IP address, etc.) and show it to the cardholder or bank agent. This often resolves confusion on the spot – the customer goes “Oh yes, that’s my subscription to X.” Result: no dispute filed.
    Action: Work with Solidgate to enroll in Order Insight. It’s especially effective for reducing friendly fraud where the primary issue is recognition.
  • Visa Rapid Dispute Resolution (RDR) 
    RDR is an automated dispute resolution service that can instantly resolve disputes based on predefined rules. For example, you can set a rule that any dispute under reason “Product not received” or under $2550 is automatically refunded via RDR, preventing a chargeback from being officially filed. The benefit is that these resolved disputes don’t count as chargebacks in Visa’s system (at least for non-fraud reasons), and you avoid the chargeback fee.
    Action: If you experience certain dispute types frequently and you’re willing to refund them, enroll in RDR through Solidgate and configure rules.
  • Alert Systems (Verifi CDRN & Ethoca)
    These are services where issuers send an alert to you when a customer is about to dispute. You typically have 24 hours to respond and resolve (usually by refunding) before it becomes a chargeback. Verifi’s system is CDRN (Cardholder Dispute Resolution Network) and Ethoca is a Mastercard-owned network – both achieve similar ends. 
    Action: Enable to an alert service with Solidgate. When you receive an alert, have a process to immediately issue a refund or respond with proof if you believe it’s a misunderstanding.
  • Compelling Evidence 3.0 (CE 3.0)
    This is Visa’s updated framework (from April 2023) for preventing fraud chargebacks with detailed evidence. Under CE3.0, merchants can shift liability back to the issuer by demonstrating a history of legitimate transactions with the cardholder. Specifically, they must present evidence of two prior, undisputed transactions with the same payment credential, each occurring between 120 and 365 days before the disputed transaction. These prior transactions must share at least two of the following data elements with the disputed transaction: user ID, IP address, shipping address, or device ID/fingerprint, with at least one match being either the IP address or device ID/fingerprint. By meeting these criteria, merchants can effectively reduce losses from invalid fraud claims. 
    Action: Enable Compelling Evidence 3.0. service with Solidgate.

Checklist: Network tools 

  • Enroll Visa Order Insight and CE 3.0
  • Use Rapid Dispute Resolution Utilize CDRN

Reducing true fraud in subscriptions

In addition to friendly fraud, you must combat actual fraud: stolen cards, bot attacks, and other unauthorized use. These lead to fraud chargebacks (reason code 10.x) and also inflate your TC40 count (fraud reports). High-volume subscription businesses can be targets for fraudsters testing cards or enjoying “free” trials with stolen credentials. Below are tactics to keep criminals out and fraud rates down without torpedoing your conversions.

Deploy robust fraud screening
 and 3-D Secure

Every merchant needs a strong fraud prevention system. This typically includes a combination of automated rules, machine learning models, and verification tools like 3-D Secure (3DS). The goal is to identify and block stolen card transactions before they are completed (or at least before settlement).
Key tools and practices: 
  • Fraud rules/filters 
    Set up rules to catch common fraud patterns – e.g., multiple transactions in a short time from the same card or IP, mismatch of IP country vs billing address, orders using temporary/disposable emails, etc. Solidgate Antifraud engine also allows custom rule sets. For instance, block transactions if >3 cards are attempted from the same IP in 5 minutes (this could indicate card testing bots). 
  • Machine learning/Scoring 
    Utilize a fraud scoring system that scores each transaction’s risk. If your processor (like Solidgate or others) offers an integrated fraud scoring solution, enable it. Use the score to auto-decline or review high-risk transactions. 
  • 3-D Secure (Verified by Visa/Mastercard SecureCode) 
    Especially for international transactions or first-time purchases, 3DS can shift liability of fraud chargebacks away from you (to the issuer) and deter fraudsters (since they have to pass an OTP challenge). While 3DS can add friction, in truly high-risk scenarios (certain geos or expensive subscription tiers), it’s worth it. Configure your system to trigger 3DS on transactions that meet certain risk conditions (e.g., high value or high-risk country). 
  • Advanced Device & IP Analysis 
    Ensure you re making the most of the antifraud system offered by your payment processor. Solidgate s Antifraud engine leverages advanced tools to gather detailed parameters from devices and IPs, such as device fingerprinting and proxy/VPN detection. By utilizing all the antifraud services available, you can effectively catch repeat fraud attempts from the same device, identify anomalies (like suddenly changing device IDs), and flag suspicious activities, such as mismatched geolocation and billing information.

Implementation tips

  • If you’re on a platform like Solidgate, talk to us about enabling their built-in anti-fraud solution and what thresholds to set. E.g., Solidgate’s system might automatically block certain high-risk patterns; ensure you configure it to suit your business (balance between false positives and catching bad actors).
  • Regularly review fraud reports (TC40 data or chargebacks) to see what slipped through. Adjust your rules accordingly. For example, if you got hit by several fraud chargebacks from Jamaican cards, you might add 3DS for Jamaica or temporarily block particular BINs.
  • Use a layered approach: basic validation (CVV, AVS if applicable), then risk scoring, then selective 3DS. This keeps friction low for good customers but escalates checks for risky ones.

Checklist: Fraud tools 

  • Fraud rules configured (velocity checks, IP geolocation, email/domain checks, etc.).
  • Fraud scoring or manual review process in place for high-risk transactions.
  • 3-D Secure enabled for high-risk or new transactions (with configurable rules).
  • Device or browser fingerprinting used to identify fraud patterns.
  • Regularly update block/allow lists (e.g., blacklist known fraud IPs or stolen card BINs, whitelist repeat good customers).

Guard against card testing
(enumeration attacks)

Card testing is a common fraud modus operandi where bots use your payment page to test stolen card numbers to see which are valid. They often attempt many small transactions or even just authorization calls. Even if these attempts don’t always result in chargebacks, Visa’s new enumeration rate metric will catch you if a large chunk of your traffic is card testers.

Signs of card testing 

  • A surge in declined transactions with certain decline codes (like invalid card or incorrect CVV).
  • Many small $0 or $1 attempts from different cards in a short span.
  • Unusual patterns like sequential card numbers or the same IP doing hundreds of attempts.

Prevention tactics

Implement a rate limit on payment attempts. E.g., no more than 5 failed transaction attempts per IP address or per card number per hour. Real customers typically won’t try that many times, but bots will. Use bot detection on your checkout if you start seeing testing activity. Solidgate offers built-in card testing protection – ensure it’s turned on. For example, they might automatically throttle or block an IP that has too many failures across merchants. BIN monitoring: Track if a specific Bank Identification Number (first 6-8 digits of card) is producing a lot of failures – fraud rings sometimes use ranges of cards from certain banks. You might temporarily block certain BINs if you see a flood of attempts (coordinate with your acquirer on this).

Implementation checklist:
 Reducing VAMP exposure

To wrap up, here’s a consolidated checklist you can use to audit your current setup and plan improvements. Use this as an actionable to-do list. If you can tick all (or most) of these boxes, you’ll have a robust defense against chargebacks and fraud, dramatically lowering your VAMP risk.

Billing descriptor

  • Descriptor includes recognizable business or product name (not a generic LLC or processor name).
  • Descriptor includes contact info (URL or phone) if possible.
  • Tested the descriptor visibility on actual statements (mobile app and web).
  • Consistency: Website footer, invoices, and emails mention the same name as the descriptor to
    reinforce recognition.
  • The descriptor remains recognizable for all charges in a subscription sequence.

Checkout disclosure

  • All charges (trial and recurring) are clearly described at sign up.
  • Users must actively consent to recurring billing terms (checkbox or similar).
  • No misleading or hidden fees – pricing is transparent and in plain language.
  • Terms of service and refund/cancellation policy are easily accessible via link.

Communication

  • Receipt email sent immediately for every charge (trial signup, recurring billing, etc.).
  • Receipt email contains the amount, period, what it’s for, cancellation instructions, and how to contact support.
  • For trials, an end of trial reminder email is scheduled.
  • For long-term subscriptions, renewal reminder emails are scheduled.
  • All customer-facing messages reinforce the same descriptor name and support contact info.

Cancellation UX

  • Customers can cancel online without contacting support.
  • The cancel option is easy to find on the website/app.
  • Cancellation is effective immediately or at period end with no further billing.
  • Confirmation email is sent for every cancellation, documenting the outcome.
  • Trial users can cancel during trial just as easily, and won’t be charged if they do.

Product & Marketing

  • Establish fair and reasonable product pricing, adjusting it to users' geographic locations.
  • Marketing claims align with actual product capabilities.
  • All product details (features, billing frequency, trial conditions) are clearly stated on the site. Welcome/activation emails or materials are sent immediately at purchase.
  • The product/service is accessible or delivered promptly post purchase.
  • Offer and product language is consistent (no bait and switch in language or terms).
  • Regularly review customer feedback and dispute reasons to spot promise performance gaps.

Support 

  • Support contact (email/phone/chat) is easy to find on the site and in emails.
  • Support team or process in place to handle inquiries within 24 hours or less.
  • Use AI to increase SLA.
  • Policy in place to generously refund unhappy customers to avoid escalations.
  • Support scripts or training cover how to de-escalate and resolve billing complaints.
  • Contact info or help link is included in customer communications and possibly billing descriptor.

Network tools 

  • Enroll Visa Order Insight and CE 3.0
  • Use Rapid Dispute Resolution Utilize CDRN

Fraud tools 

  • Fraud rules configured (velocity checks, IP geolocation, email/domain checks, etc.).
  • Fraud scoring or manual review process in place for high-risk transactions.
  • 3-D Secure enabled for high-risk or new transactions (with configurable rules).
  • Device or browser fingerprinting used to identify fraud patterns.
  • Regularly update block/allow lists (e.g., blacklist known fraud IPs or stolen card BINs, whitelist repeat good customers).
By diligently executing on the above, you’ll create a stable payment processing infrastructure. Remember, the goal is not just to avoid VAMP fines – it’s to keep your merchant account healthy so you can continue scaling your business. Lower chargebacks mean higher approval rates, less revenue held in reserve, and a better reputation with banks. It all feeds back into growth.

Conclusion:
Stay vigilant and iterate

Running a subscription business means always staying one step ahead of both bad actors and customer friction. It’s an ongoing process: set up the right systems, monitor the outcomes, and refine as needed. The efforts are absolutely worth it – by reducing friendly fraud and chargebacks, you protect your revenue, your relationships with banks, and your brand’s reputation. 
Keep in mind that card networks update their policies regularly. Continue to educate yourself and your team on compliance requirements (for instance, Visa’s trial subscription rules or Mastercard’s dispute resolution changes). Use resources like Visa’s guidelines and industry blogs to stay informed. 
By following this playbook, subscription merchants can substantially lower their VAMP exposure and confidently scale without constantly looking over their shoulder for the next dispute. It’s about being proactive, pragmatic, and customer-centric at every step. Implement these strategies, keep optimizing, and you’ll stay well below Visa’s radar – and above your customers’ expectations.
Have any questions left? Our team is always happy to answer all your questions and give advice every step of the way. 
If you are a Solidgate merchant, please contact your account manager or our support team: support@solidgate.com 
If you want to get started with Solidgate,
contact our sales team
to discuss the details. 

Discover more

Visa logo next to a chart with New VAMP Metrics and Criteria & Thresholds phrases on a light background.
Industry

New Visa Acquirer Monitoring Program (VAMP) for 2025: What merchants need to know