VAMP threshold dropped to 1.5% on April 1, 2026

Chargeback prevention for Shopify in 2026.

By Adrien Bokor, Founder, RefundSentry·Last reviewed 20 May 2026

Visa's VAMP merchant threshold fell from 2.2% to 1.5% on April 1, 2026. Shopify Payments triggers a 20% reserve well before that, around 1%. This page is the four-layer playbook: what each layer catches, what each one costs, and which app actually moves the dispute ratio in 2026.

Jump to the four layers

Free during private beta. Designed for the Shopify App Store.

Isometric illustration of a credit card behind a translucent indigo shield deflecting an incoming arrow away with a curved dotted trail showing the original path

What chargeback prevention actually means

Chargeback prevention is the set of operational and technical controls that stop card-network disputes before they post, and that remove the ones that do post from your monitoring ratio. It's not the same as chargeback recovery (representment), and the two protect different things. Prevention protects your ratio. Recovery only recovers the dollars on the specific transaction. If you're approaching Visa VAMP or Shopify Payments thresholds, the dollars are the smaller problem.

Prevention vs deflection vs recovery

The three operational verbs sound similar but solve different problems. Prevention stops the bad order at the door (3DS authentication, fraud-screening apps, returns-fraud holds). Deflection intercepts a complaint that already reached the issuer and refunds the cardholder before the dispute becomes a chargeback (Verifi RDR, Ethoca Alerts, Order Insight). Recovery fights the chargeback after it lands (Visa CE 3.0 representment, evidence assembly, recovery apps).

The order matters. A dispute deflected via RDR never enters your VAMP ratio. A chargeback won via CE 3.0 on a 10.4 reason code removes both the TC15 and the TC40 from your VAMP numerator (uniquely among recovery tools). Every other won chargeback still counts toward your Shopify chargeback rate, because Shopify measures disputes filed, not outcomes.

The 2026 chargeback math

Three monitoring programs. Three different thresholds. One Shopify Payments trigger that fires earlier than all of them.

Visa VAMP

1.5%

Merchant Excessive threshold as of April 1, 2026 (US, Canada, EU, APAC). Down from 2.2%. CEMEA stays at 2.2%.

Ratio = (TC40 + TC15) / settled CNP. $8 per disputed transaction fine. Count gate: 1,500/month.

Mastercard ECM

1.5%

Excessive Chargeback Merchant threshold: 100+ chargebacks AND 1.5% for two consecutive months. HECM at 300+ AND 3.0%.

Fines escalate $1,000/month to $5,000-10,000/month. 12 months of non-compliance shifts cost to the acquirer (usually account termination).

Shopify Payments

~1%

Unofficial trigger. Shopify doesn't publish it, but Trust & Safety emails reference an "acceptable 1% threshold."

Crossing it commonly triggers a 20% to 30% reserve held for 120 days on payouts plus a remediation review.

The real cost of one chargeback ($80 AOV DTC example)

Disputed amount (lost)$80.00

Shopify chargeback fee (US)$15.00

Processing fees on original sale$2.65

Product cost (60% of AOV)$48.00

Reverse logistics (if applicable)$8.00

Ops time to investigate$15-25

Pro-rata VAMP damage above threshold$8.00

Direct hard-dollar cost~$168 (2.1x disputed)

LexisNexis True Cost of Fraud 2025 puts the full-journey multiplier at $4.61 per $1 of direct fraud, up 32% from $3.16 in 2022, once processing-rate increases and customer-acquisition replacement are included. Full cost-per-chargeback breakdown

75%

Share of all chargebacks that originate as friendly fraud / first-party misuse (Visa, 2025).

$170B

Estimated annual US chargeback fraud and misuse cost (Chargebacks911 2025 Cardholder Dispute Index).

+32%

Increase in cost-per-$1 fraud multiplier from $3.16 to $4.61 (LexisNexis 2022 to 2025).

The six types of chargebacks Shopify merchants see

Each type has its own reason codes, its own prevention surface, and its own representment win rate. Diagnose by cause, then map to the network code.

Type 1 of 6

True payment fraud

Stolen card used by someone other than the cardholder.

The headline category. Stolen credentials, card testing, account takeover. Catchable at the pre-checkout layer with 3DS 2.x, AVS/CVV, and device fingerprinting. Once it lands as a chargeback, representment win rates are low because the cardholder did not, in fact, authorize the transaction. Real volume here is smaller than most merchants think; what gets coded as 10.4 is usually friendly fraud in disguise.

Visa reason codes: 10.1, 10.2, 10.3, 10.4, 10.5
Mastercard reason codes: 4837 (No Cardholder Authorization), 4863, 4840
Preventable?: Yes, at pre-checkout (3DS 2.x, AVS, device intelligence)
Representment win rate: Low (10-20%) for genuine third-party fraud

Type 2 of 6

Friendly fraud / first-party misuse

Cardholder disputes a transaction they actually authorized.

Visa's own estimate: up to 75% of all chargebacks originate as friendly fraud. Chargebacks911 puts the share at 86% once you account for misuse hidden inside other reason codes. The category looks identical to true fraud at the network level (both ride 10.4), which is exactly why CE 3.0 exists: to separate the cardholder who genuinely didn't transact from the cardholder who did and forgot or regrets it.

Visa reason codes: Usually filed under 10.4 (Visa officially calls this 'first-party misuse')
Mastercard reason codes: 4837, 4863, occasionally 4853
Preventable?: Partial. Descriptor clarity + Order Insight + RDR reduce volume. CE 3.0 is the post-dispute weapon.
Representment win rate: 60-80% with CE 3.0 evidence; near 100% on CE 3.0-qualified cases

Type 3 of 6

Item not received (INR)

Customer claims the package never arrived.

INR claims are 25% more likely to be fraudulent than missing-item claims per Riskified's January 2026 analysis of over a million refund tickets. Claims filed within 7 days of delivery are 20%+ more likely to be abusive. The defense is operational: signature confirmation on orders above your AOV, photo proof of delivery, and a customer-service touch before the cardholder calls their bank.

Visa reason codes: 13.1 (Merchandise/Services Not Received)
Mastercard reason codes: 4855 has been consolidated into 4853
Preventable?: Yes, via signed delivery confirmation, accurate tracking, supported carriers
Representment win rate: 50-70% with carrier tracking + delivery photo + signature

Type 4 of 6

Not as described, quality, or damaged

The product arrived but the customer claims it's wrong, defective, or damaged.

The chargeback category where prevention happens months before the dispute. Accurate product photography (including size references), exact dimensions and materials, a return policy that's actually findable, and a CS process that catches the complaint before it escalates to the bank. Once the cardholder has filed, your representment evidence needs third-party documentation (lab tests, supplier specs) to win.

Visa reason codes: 13.3 (Not as Described or Defective), 13.5 (Misrepresentation)
Mastercard reason codes: 4853 (Cardholder Dispute, defective/not-as-described variant)
Preventable?: Yes, at the product page (accurate photos and dimensions), packaging, and proactive CS
Representment win rate: 30-50%, subjective claims are hard to refute

Type 5 of 6

Merchant processing errors

Duplicate charge, wrong amount, credit not issued, late presentment.

The most embarrassing chargeback category because it's almost always your fault. Duplicate captures, refunds not processed, billing amounts that don't match the order, late presentment. Prevention is process: automated refund flows, reconciliation between Shopify orders and the payment processor, no manual capture without a checklist. Win rate at representment is poor because the merchant rule itself defines the merchant as responsible.

Visa reason codes: 12.1, 12.2, 12.4, 12.5, 12.6.1, 13.6, 13.7
Mastercard reason codes: 4831, 4834, 4842, 4860 (consolidated into 4853)
Preventable?: Yes, almost always. These are operational hygiene failures.
Representment win rate: Low (10-30%), merchant is usually liable by definition

Type 6 of 6

Cancelled or unrecognized recurring

Subscription dispute, often after a free trial converts.

Subscription chargebacks accelerate after a trial converts or a renewal lands on a new statement. Visa's reason code 13.2 specifically targets these. Prevention requires three things: a pre-renewal notification email at least 7 days before the charge, a one-click cancellation path the cardholder can find without contacting support, and a billing descriptor whose first 6 characters are identical to the original transaction. Most representment wins here come down to the timestamped consent record.

Visa reason codes: 13.2 (Cancelled Recurring Transaction)
Mastercard reason codes: 4841 (consolidated into 4853 family)
Preventable?: Yes, via pre-renewal email, one-click cancellation, clear billing descriptor
Representment win rate: 40-60% with documented cancellation terms acceptance + pre-renewal notice

The four layers of chargeback prevention

No single tool catches every chargeback. Coverage comes from stacking layers that own different stages of the order lifecycle. Stacking two apps inside the same layer almost always creates decision conflicts.

Layer 1 of 4

Layer 1: Pre-checkout

Catches: True payment fraud, card testing, account takeover, bot enumeration

Tools: 3DS 2.x (Visa Secure / Mastercard Identity Check), AVS/CVV, device fingerprinting, behavioral biometrics, IP geolocation

Shopify apps: Signifyd, NoFraud (Wyllo), Riskified, ClearSale, SEON, Beacon, Kount, FraudLabs Pro

Cost: 0.4% to 1.5% of GMV for guarantee providers (Signifyd, NoFraud, Riskified); $50 to $500/month for non-guaranteed tools

When you need it: Always above $500K GMV. Guarantee model makes sense once fraud loss ratio exceeds 0.5% of revenue.

Layer 2 of 4

Layer 2: Pre-ship

Catches: First-party misuse signals before fulfillment, serial returners, refund-policy abuse, address-risk patterns

Tools: Return-fraud scoring, behavioral risk signals, order holds, customer-history flags, native admin push via orderRiskAssessmentCreate

Shopify apps: RefundSentry, Chargeflow Prevent, Disputifier

Cost: $0.10 to $0.50 per order scanned, or subscription $99 to $499/month

When you need it: Once friendly fraud exceeds 30% of your chargeback mix, typically above $1M GMV with returns rate above 15%.

Layer 3 of 4

Layer 3: Pre-dispute alerts

Catches: Disputes already filed with the issuer but not yet escalated to chargeback. Refund the cardholder in the 24-72h window, the dispute never becomes a TC15.

Tools: Verifi Order Insight (often free via acquirer), Verifi RDR ($19/alert flat since Jan 2025, Visa only, 97% US issuer coverage), Verifi CDRN (~$35/alert, US-only), Ethoca Alerts ($20-40/alert, Mastercard-prioritized, ~95% Mastercard coverage)

Shopify apps: Chargeflow (alerts at $29 per deflected dispute), Justt, Disputifier, Chargeback.io, ChargebackStop, Verifi direct via Stripe / Adyen / Checkout.com

Cost: $15 to $40 per alert plus the refunded amount

When you need it: When VAMP ratio sits between 0.8% and 1.5% (the April 2026 danger zone), or Mastercard ECM ratio between 1.0% and 1.5%.

Layer 4 of 4

Layer 4: Representment

Catches: Chargebacks that landed despite the first three layers. Recovers the dollars; does not remove the dispute from your Shopify chargeback rate.

Tools: CE 3.0 evidence assembly, automated dispute response, AI-generated rebuttal letters

Shopify apps: Chargeflow (25% of recovered chargebacks), Justt (success-based), Chargebacks911, ChargePay (flat pricing, no success fee)

Cost: 15% to 30% of recovered revenue, or $99 to $499/month flat

When you need it: Above ~20 chargebacks per month, where ROI of automation beats manual response. Mixed reputation in App Store reviews; do a 30-day shadow test before signing.

The most common mistake

Merchants jump from Layer 1 (fraud screening) straight to Layer 4 (representment) and skip Layer 3 entirely. That's expensive backwards. Pre-dispute alerts (Layer 3) keep disputes off your ratio. Representment (Layer 4) only recovers dollars after the ratio has already taken the hit. If your VAMP ratio is climbing, add Layer 3 first.

Visa Compelling Evidence 3.0: what it actually requires

CE 3.0 is the only post-dispute tool that removes both the TC15 dispute and the TC40 fraud report from your VAMP ratio. Worth understanding precisely.

The exact evidence requirements

Two prior undisputed transactions on the same PAN at the same merchant.
Each transaction processed 120 to 365 days before the disputed transaction.
Two matching data elements across all three transactions, drawn from: IP address, device ID / fingerprint, user account login ID, shipping address.
At least one of the two matching elements must be IP address OR device ID.
Billing descriptor first 6 characters identical across all three transactions.
Unique ARN per transaction. No active fraud reports on the historical transactions.

Reason code coverage

CE 3.0 applies only to Visa reason code 10.4 (Other Fraud, Card-Absent Environment). Does not cover INR (13.1), recurring (13.2), not-as-described (13.3), or any processing-error codes.

Auto-qualification (Oct 17, 2025)

Transactions authenticated via Visa Secure (3DS 2.x) or Visa Data Only now auto-qualify for CE 3.0 at point of dispute. The merchant no longer manually identifies the two prior undisputed transactions.

One catch landed on April 17, 2026: Visa introduced a per-success fee on CE 3.0 qualifications. The exact schedule is in Visa Business News (article AI15461) and varies by acquirer. Pull the current number from your processor before quoting it in an ROI model. Building representment evidence under CE 3.0

Shopify's native chargeback handling

More capable than most merchants realize, but two specific gaps still require third-party apps.

What Shopify does well

Auto-populates dispute evidence from the order, AVS/CVV, IP, customer info, and tracking when using Shopify Payments.
Auto-submits the evidence package at the response deadline if you don't submit earlier.
AI-generated insights now bundled into Item-Not-Received dispute responses (opt-out available).
Separate reporting for "chargeback rate including RDR" specifically for VAMP remediation tracking.
The Network Dispute Resolution Program (NDRP) auto-resolves enrolled disputes with a per-country dispute resolution fee.

Where Shopify still leaves you exposed

CE 3.0 fields are not exposed in the native dispute response form. Submitting CE 3.0 evidence for Visa 10.4 disputes still requires either your acquirer or PSP exposing Verifi Order Insight, or a third-party app (Chargeflow, Justt, Chargebacks911).
Pre-dispute alert deflection is not native. Verifi RDR, Verifi CDRN, and Ethoca Alerts require either a Shopify-listed app (Chargeflow, Justt, Disputifier, Chargeback.io) or direct integration via your acquirer.
Evidence file limits are strict: PDF/A only, 2 MB per file, 4 MB combined, no audio or video or external links.

For the full Shopify-native fraud picture (Fraud Analysis, Fraud Control, Shopify Flow, Shopify Protect), see the companion pillar. Shopify fraud protection: what's built in, what's missing For the upstream pre-ship layer that catches friendly fraud before it becomes a chargeback, see the return fraud playbook .

Decision framework: which layer to add when

Pick your action by current dispute ratio. If you're approaching April 2026's 1.5% VAMP threshold, this isn't a "next quarter" project.

If your VAMP ratio is under 0.8%
You're in the safety zone.
Implement Layer 1 (3DS 2.x + AVS/CVV via Shopify Payments defaults), enable Order Insight through your acquirer (typically free), and instrument client-side device ID + IP capture so Visa Secure transactions auto-qualify for CE 3.0. Skip paid alert networks until you scale past $5M GMV.
If your VAMP ratio is 0.8% to 1.5%
April 2026 danger zone.
Enroll in RDR ($19/alert flat) and Ethoca Alerts (~$29) immediately. Add a Layer 4 representment partner to fight 100% of disputes. Tighten billing descriptors and pre-renewal notifications. Audit CE 3.0 readiness with your acquirer.
If your VAMP ratio is above 1.5%, or you've received a Shopify Payments reserve notice
Emergency.
Refund-first on every Ethoca and RDR alert to drag the ratio down within 30 to 60 days. Drop any acquisition channels that produce high-dispute traffic (programmatic display, low-quality affiliates). Implement Layer 2 pre-ship hold review on every order over $100. Prepare a written remediation plan for your acquirer and Shopify Merchant Trust.

Three benchmark trip-wires worth wiring as alerts in your ops dashboard: crossing 0.65% VAMP ratio (enroll in pre-dispute alerts), crossing ~1% Shopify Payments rate (expect a 20%+ reserve within one billing cycle), crossing 1.5% + 100 monthly chargebacks on Mastercard (automatic ECM enrollment after month two). Shopify chargeback rate benchmarks

Chargeback prevention, answered

What is the VAMP threshold in 2026?+

Visa's Acquirer Monitoring Program merchant 'Excessive' threshold dropped from 2.20% to 1.50% on April 1, 2026 for US, Canada, EU, and APAC. CEMEA stays at 2.20%; LAC was already at 1.50%. The ratio combines TC40 fraud reports and TC15 disputes divided by total settled CNP transactions. Merchants are only formally in scope above 1,500 combined incidents per month. Breaches trigger an $8 per disputed transaction fine with no warning tier and no grace period.

What's the difference between chargeback prevention and chargeback recovery?+

Prevention stops the dispute before it becomes a chargeback (fraud screening at checkout, descriptor clarity, Order Insight, RDR and Ethoca alerts, refunding the cardholder before the bank files the TC15). Recovery (representment) is fighting a chargeback after it has posted, using CE 3.0 evidence and reason-code-specific rebuttals. Prevention protects your dispute ratio; recovery only protects the dollars on that one transaction.

What is Visa CE 3.0?+

Visa Compelling Evidence 3.0, effective April 15, 2023, lets you overturn reason code 10.4 disputes by submitting two prior undisputed transactions from the same PAN, 120-365 days old, with two matching data elements (IP, device ID, user login, or shipping address; at least one must be IP or device ID). Since October 17, 2025, transactions authenticated via Visa Secure or Visa Data Only auto-qualify. A successful CE 3.0 representment removes BOTH the TC15 and the TC40 from the VAMP ratio (uniquely among prevention tools). Visa introduced a per-success fee on April 17, 2026, so check with your acquirer for the current schedule.

Does Shopify Protect prevent chargebacks?+

No. Shopify Protect is a financial reimbursement layer, not a prevention tool. It covers the disputed amount + chargeback fee on eligible Shop Pay orders (US merchants, Shopify Payments, physical goods, fulfilled in 7 days, supported carrier) when the chargeback is filed under a 'Fraudulent' or 'Unrecognized' reason code. It does not stop the chargeback from being filed and does not exclude the transaction from your chargeback ratio. It also does not cover INR, not-as-described, recurring/cancelled, or anything where the shipping address changed after checkout.

Does winning a chargeback remove it from my Shopify chargeback rate?+

No. Shopify Payments calculates the chargeback rate based on the number of disputes FILED, not the outcome. Winning a representment recovers the dollars and refunds your $15 fee, but the dispute still counts toward your rate for monitoring purposes. The only way to keep a dispute off your rate entirely is to prevent it (Order Insight deflection) or resolve it via Verifi RDR or Ethoca before the TC15 fires.

What is a pre-dispute alert?+

A pre-dispute alert is a message from the cardholder's issuer to the merchant before a chargeback is filed, giving you a 24-72 hour window to issue a refund and prevent the dispute from becoming a chargeback. The main programs are Verifi RDR (auto-refund on rules you set, $19/alert flat, Visa, 97% US issuer coverage), Verifi CDRN (manual review, ~$35/alert), Verifi Order Insight (often free via your acquirer, deflects via in-app data display to the cardholder), and Ethoca Alerts ($20-40/alert, Mastercard equivalent). Resolved alerts are excluded from your VAMP and Mastercard ECP ratios.

What happens if my Shopify chargeback rate exceeds 1%?+

Shopify Payments doesn't publish an official threshold, but ~1% is the widely-reported informal trigger. Crossing it commonly results in: (1) a percentage-based reserve, often 20% to 30% of payouts held for 120 days; (2) a remediation plan request from the Shopify Merchant Trust team; and in escalated cases (3) revocation of Shopify Payments with payouts held for 90-180 days while pending chargebacks resolve. You're also still on the hook for Visa VAMP and Mastercard ECP separately.

How much does a single chargeback actually cost?+

For a $80 AOV DTC store at 60% gross margin: $80 disputed amount + $15 Shopify fee + $2.65 lost processing fees + $48 product cost + ~$8 reverse logistics + $15-25 ops time + ~$8 VAMP pro-rata damage if above threshold = ~$168 hard dollar cost, roughly 2.1x the disputed amount. The LexisNexis True Cost of Fraud 2025 study puts the total multiplier at $4.61 per $1 of direct fraud once you include longer-term effects like processing-rate increases and customer-acquisition replacement.

Primary sources cited on this page

Last reviewed: 20 May 2026. Visa, Mastercard, and Shopify product surfaces refresh constantly; always confirm threshold figures and reason-code mappings against the linked primary source before deciding. The VAMP count gate (1,500/month) and Shopify Payments 1% trigger are widely-reported but not all publicly documented in primary materials. Disclosure: RefundSentry sells fraud-intelligence software for Shopify, sitting at Layer 2 of the four-layer model on this page.

Related operator guides

Chargeback prevention sits next to two other surfaces. Read all three for the full picture.

Sibling pillar

Return fraud on Shopify in 2026 →

The nine patterns Shopify merchants actually see (wardrobing, bracketing, INR, double-dip, fraud rings), the detection signals that catch them before refund.

Sibling pillar

Shopify fraud protection in 2026 →

What Shopify Fraud Analysis, Fraud Control, and Shopify Protect actually cover, where the gaps are, and which app category fills each one.

Privacy & Compatibility

Clear Setup, Low Data Risk, and No Workflow Rip-and-Replace

For a new app, trust starts with clarity: what gets installed, what data stays out of scope, and how RefundSentry fits into the tools you already use.

No Raw PII Stored

Shopify customer IDs and SHA-256 hashes of email and phone for cross-store matching. No raw names, emails, addresses, or payment data ever touch our database.

No raw names or emails storedNo raw addresses storedNo payment data

Privacy by Design

Return behavior analysis without building personal customer profiles. GDPR-ready from day one.

Minimal data collectionCustomer IDs onlyAggregate statistics

Real-Time Scoring

Returns are analyzed during webhook processing so your team sees new risk signals as activity comes in.

Webhook-based scoringDashboard visibilityNo batch review queue

Works With Your Stack

Add-on to your existing returns workflow. No need to replace Shopify Native, Loop, AfterShip, or ReturnGO.

No migration requiredAdd-on to current stackShopify-native integrations

What You Get on Day One

Shopify Native

Built for Shopify

Webhook-based

Scores as events arrive

Customer tagging

Risk labels in Shopify

Shopify billing

No external payments

Join the Private Beta

Score orders, hold risky fulfillments, detect return abuse, and predict chargebacks, all from one app that works with your current stack.

Free during betaShape launch pricingNo credit card