
Background
Fraud demands attention. Visa’s Fall 2024 Biannual Threats Report indicates that fraud is shifting from high-volume, basic tactics to targeted, sophisticated methods with a bigger impact. From January to June 2024 alone, Visa’s Risk Operations Center worked with its clients to block nearly $12 billion in suspected fraud transactions.
As the payments industry continues to evolve, Visa’s Global Acquiring Risk Standards (GARS) Program, which has existed for over 10 years, was recently updated to a program called Visa Acceptance Risk Standards (VARS).
The general merchant acquiring rules typically remain the same, but this new program is structured differently.
Why it Matters
VARS tends to focus on acquirer obligations rather than the more blended approach required under the GARS program. This change highlights the importance of clear acquirer accountability in managing these varied models.
Visa has five archetypes under the VARS program:
- All Acquirers (AACQ)
- Acquirers sponsoring Third Party Agents (ATPA)
- Acquirers processing for high integrity risk transaction merchants (AHIR)
- Acquirers processing for ATMs (AATM)
- Money Movement Entities originating Visa Direct transactions (AVDC)
The different archetypes cater to different business models and transaction types, allowing for more precise compliance requirements. The new VARS approach focuses on desired outcomes rather than describing exact steps, which can be more adaptable to the way the payments industry operates. It appears to ensure that the intentions of the rules are met.
What Acquirers Should Do
VARS is effective immediately. Acquirers should review the archetypes and update policies and controls as necessary. Acquirers sponsoring Third Party Agents (TPAs) should ensure that annual reviews are completed to confirm the TPA is aligned with the acquirer’s policies and obligations.
Go Deeper
In addition to the change to VARS, Visa updated its Visa Monitoring Program.
Beginning March 31, 2025, the Visa dispute and fraud monitoring programs, Visa Dispute Monitoring Program (VDMP) and Visa Fraud Monitoring Program (VFMP), will be combined as the Visa Acquiring Program (VAMP).
- The combined VAMP volume will evaluate total disputes against total transactions.
- Visa will decrease the dispute threshold beginning January 1, 2026.
- Enumeration/BIN attack thresholds have been added to the program.
Both new programs are under the Visa Ecosystem Risk Program Guide.
Visa has formally approved TSG to complete Visa Acceptance Risk Standards reviews. As an approved vendor, our team has the experience and qualifications to perform thorough reviews that mitigate risk.
Now is the time to review policies, procedures, reporting, documentation, and staffing to ensure your program is compliant. Reach out to learn more.