Compliance Countdown: VAMP and MMP Bring the Heat to Merchant Risk

The payments industry is entering a period of heightened accountability, driven by escalating fraud threats and tightening card network standards. As merchant fraud grows more sophisticated, acquiring banks, payment facilitators (payfacs), and independent sales organizations (ISOs) face greater scrutiny to identify and prevent illicit activity.

Two major deadlines are reshaping how companies that facilitate payment processing must approach merchant risk: Visa's Acquirer Monitoring Program (VAMP), which began enforcement on Oct. 1, 2025, and Mastercard's revised Merchant Monitoring Program (MMP), which takes effect Jan. 1, 2026. Both initiatives raise expectations for acquirers to identify risk earlier in the merchant lifecycle and maintain continuous, in-depth oversight. Under the updated MMP standards, initial content and transaction laundering scans are now mandatory before a new merchant can complete a transaction, and ongoing monitoring will be extended into restricted or password-protected website areas to ensure prohibited activity isn’t hidden from reviewers.

Payments companies are therefore held to a higher standard of accountability for the risk within their merchant portfolios. The new rules, particularly VAMP, unify fraud and dispute metrics into a single, tighter ratio, making systemic risk management a non-negotiable requirement. Related programs such as the Visa Integrity Risk Program (VIRP) further underscore this direction, emphasizing the proactive detection of transaction laundering and high-risk content before it enters the payments ecosystem. VIRP addresses the reputational risk and potential brand damage associated with acquiring merchants in high-risk verticals or industries.

Why These Standards Matter

The new requirements arrive as payment fraud is escalating to historic levels. In 2024, U.S. fraud and identity theft losses totaled $12.7 billion, with the Federal Trade Commission receiving about 2.6 million fraud complaints. A survey from the same year by the Association for Financial Professionals found that 79 percent of U.S. businesses experienced attempted or actual payment fraud. Yet only 22 percent recovered the majority of stolen funds. The bottom line is that fraud and other illicit activities are increasing from every angle, leaving every party vulnerable to attack: customers, merchants, companies, and payment service providers. New card network rules are meant to stanch the flow of this activity through the payments ecosystem.

Both VAMP and MMP put acquirers, payment processors, and their merchants under heightened scrutiny. The clear expectation is that companies facilitating credit card payment transactions will detect fraud before it occurs and proactively prevent illicit activity from entering the payments network.

The Rise of AI-Driven Fraud

Fraudsters are moving faster due to the advanced capabilities and expanded usage of artificial intelligence. Synthetic identities combine authentic and fabricated data to fool verification checks. Transaction laundering has become harder to detect as criminals create professional-looking "front" websites using AI tools. There's also the increased use of deepfake audio and videos, which can impersonate business owners during onboarding, making know your business (KYB) checks more complex.

A recent example shows the scale of this challenge. Scammers used a deepfake video call to impersonate a senior executive at Arup, a UK engineering firm, and tricked staff into wiring $25 million. These threats are just as real in the payment processing space, which is why merchant risk management must evolve from static, manual reviews to fast and accurate real-time intelligence.

Building Faster, Smarter Merchant Risk Programs

To meet VAMP and MMP requirements and reduce losses, organizations must rethink their approach to onboarding and monitoring. Three strategies are key:

• Early Risk Detection: AI-powered systems can analyze vast datasets to spot anomalies at onboarding (e.g., unusual merchant category codes or missing regulatory disclosures) before approvals are granted. This accelerates decision-making while reducing exposure.
• Continuous Monitoring: Compliance doesn't stop after onboarding. Persistent, automated monitoring of merchant websites and transactions ensures that shifts in behavior, product offerings, or ownership trigger timely reviews.
• AI + Human Expertise: Automated systems are powerful, but human experts remain essential for oversight. The most effective programs combine machine learning models with analyst review, ensuring adaptability to new fraud schemes while maintaining accuracy and precision.

Lead, Don't Lag: Make Early Detection Your Differentiator

The deadlines for VAMP and MMP are upon us, and the clock is ticking. Companies that view this shift as an opportunity to innovate while filtering out fraudsters will pull ahead and gain a reputation for trustworthiness and efficiency. They protect consumers, reduce regulatory risk, and preserve their relationships with card networks.

The rest of the year will define which organizations adapt and which fall behind. Don't simply meet the obligation; master it. Organizations that adapt now will be the only ones truly positioned for resilient growth.

Dan Frechtling is senior vice president of product and strategy at LegitScript, where he drives product innovation, grows the company’s expertise in merchant intelligence, and strengthens partnerships with leading platforms, marketplaces, and payment companies.