Chargeback rule changes merchants must know in 2026

What changed in chargeback rules for 2026?

The 2026 chargeback rules tighten the screws on merchants in three directions at once: lower acceptable dispute ratios, faster network enforcement, and a bigger payoff for submitting structured evidence early. None of these are reason-code tweaks you can ignore — they change who gets fined, how quickly accounts get flagged, and what evidence actually wins.

These are the publicly announced changes with stated effective dates. Card networks revise rule documents on a rolling basis, so treat every number below as a starting point and confirm it against the current Visa Rules and Mastercard Chargeback Guide before you act on it.

• Visa VAMP: the excessive dispute-ratio threshold dropped from 2.2% to 1.5%, effective April 1, 2026 (verify your region — some regions differ).
• Mastercard SMMP (Scam Merchant Monitoring Program): full effect July 24, 2026, with 72-hour acquirer investigations of flagged merchants.
• Visa Compelling Evidence 3.0 and Mastercard First-Party Trust: pre-dispute evidence sharing to stop first-party fraud before a chargeback is created.
• Continued pressure on response speed: tight representment windows mean a missed deadline is an automatic loss.

What is the Visa VAMP 2026 threshold change?

The most consequential change in the visa mastercard chargeback rules for 2026 is the Visa Acquirer Monitoring Program (VAMP) threshold reduction. VAMP merges reported fraud and disputes into a single ratio, so one transaction can count against you for both fraud and a dispute.

The VAMP ratio is generally calculated as reported fraudulent transactions plus total disputes, divided by total settled card-not-present transactions — measured by transaction count, not dollar value. That count-based math hits high-volume and low-ticket merchants hardest, because a handful of disputes moves the ratio more than it would on dollar-weighted programs.

Per publicly reported guidance, first-time violations within a rolling twelve-month period may qualify for a grace period before fines begin. Regional thresholds can differ, and Visa also tracks a separate enumeration ratio for card-testing attempts. Confirm the exact figures and your applicable region with your acquirer.

• Old excessive threshold: 2.2%. New excessive threshold: 1.5%. Effective: April 1, 2026.
• Formula (count-based): (reported fraud + total disputes) ÷ settled CNP transactions.
• Double-counting risk: a single transaction can register as both fraud and a dispute.
• Grace period: first-time violators may get a delay before fines — verify current terms.
• Separate enumeration ratio tracks card-testing/authorization-abuse attempts.

What is Mastercard's Scam Merchant Monitoring Program (SMMP) in 2026?

Mastercard's Scam Merchant Monitoring Program (SMMP) is the headline Mastercard change in the 2026 chargeback rules changes, with full effect reported for July 24, 2026. It targets merchants associated with scam activity rather than ordinary disputes — but the enforcement mechanics are aggressive enough that legitimate merchants need to understand the triggers.

Under SMMP, when a merchant is flagged, the acquirer is expected to investigate within roughly 72 hours. If scam activity is confirmed, processing can be terminated. For newer merchants, publicly reported triggers include a combined refund-and-chargeback rate above 5% over a rolling 30-day window (for accounts with limited processing history and a minimum transaction count).

Subscription, SaaS, and new card-not-present businesses are the most exposed because high refund volume, fast scaling, and recurring-billing disputes can resemble the patterns SMMP is built to catch. The defensive move is to keep refunds and chargebacks visibly under control and well-documented — not to wait until you receive a notice.

• Full effect reported: July 24, 2026 (verify against the current Mastercard rules).
• Acquirer investigation window: ~72 hours after a merchant is flagged.
• Confirmed scam activity can lead to immediate processing termination.
• New-merchant trigger (reported): combined refund + chargeback rate above 5% over a rolling 30 days.
• Highest exposure: subscription, SaaS, and new CNP merchants.

How do Compelling Evidence 3.0 and First-Party Trust change dispute evidence?

Both networks now reward merchants who submit structured evidence early — ideally before a dispute becomes a chargeback. This is the most positive shift in the 2026 chargeback rules for honest merchants, because it lets you defeat first-party (friendly) fraud claims using your own transaction history.

Visa Compelling Evidence 3.0 (CE 3.0) lets merchants counter card-absent fraud claims by showing that the disputed transaction shares identifiers — such as device fingerprint, IP address, account ID, or shipping address — with prior undisputed transactions from the same customer. The qualifying standard generally requires two prior undisputed transactions tied to those shared elements.

Mastercard First-Party Trust works toward the same goal but does not require prior transaction history with that cardholder, so even a first-time customer can qualify. The reported standard is at least one data point from each of three categories: device identity (e.g., IP or device fingerprint), delivery/fulfillment information, and an additional identity factor (e.g., account login or phone number).

• Visa CE 3.0: needs ~2 prior undisputed transactions sharing identifiers (device, IP, account, address).
• Mastercard First-Party Trust: no prior-transaction requirement — first-time customers can qualify.
• First-Party Trust data needed: device identity + delivery info + an extra identity factor.
• Both reward pre-dispute evidence delivered to the issuer before a chargeback is finalized.
• Capture and retain these data points at checkout — you cannot back-fill them after a dispute.

What are the chargeback response deadlines under 2026 rules?

Response deadlines did not loosen in 2026 — if anything, the cost of missing one rose, because tighter ratios mean every avoidable loss pushes you closer to a monitoring program. Deadlines vary by network, reason code, and your acquirer's internal cutoffs, which are often shorter than the network maximum.

Treat the figures below as typical network windows to verify, not guarantees. Your processor may require your evidence days earlier so it can package and submit on time. Build your internal deadline around the processor's cutoff, not the network's.

• Visa representment: typically around 30 days from the chargeback to respond — confirm by reason code.
• Mastercard second presentment: typically up to 45 days from the chargeback notification.
• Cardholder filing window: commonly up to 120 days from the transaction or expected delivery date.
• Arbitration/pre-arbitration: additional network-set windows apply with fees for the losing party.
• Always confirm the exact deadline shown on the dispute notice and with your acquirer.

What should merchants do to stay compliant with 2026 chargeback rules?

The through-line across every 2026 change is the same: keep your dispute ratio low, respond fast, and capture evidence at the moment of sale. Compliance is no longer a back-office task you handle after disputes arrive — the new thresholds and SMMP timelines reward merchants who prevent disputes and document transactions proactively.

Use the checklist below as a starting operating standard, then map each item to the specific Visa and Mastercard requirements that apply to your business and region.

• Track your VAMP-style ratio monthly so you spot a climb toward 1.5% before your acquirer does.
• Keep combined refunds + chargebacks visibly low — relevant to both VAMP and Mastercard SMMP exposure.
• Capture device, IP, delivery, and identity data at checkout to qualify for CE 3.0 and First-Party Trust.
• Calendar every dispute against your processor's cutoff, not the network maximum.
• Use clear billing descriptors and fast, documented customer support to prevent first-party fraud disputes.
• Re-verify thresholds and effective dates against current network rule documents each quarter.

Where do these 2026 rule changes apply and what should you verify?

Most of these changes apply to card-not-present commerce, but the specifics — thresholds, effective dates, regional carve-outs, and grace periods — vary and get revised. Visa and Mastercard publish region-specific figures, and your acquirer layers its own risk rules on top, which can be stricter than the network minimum.

Before you change any process based on this page, verify the current details. Treat this as an educational overview of publicly announced changes, not legal or compliance advice for your specific account.

• Verify the VAMP threshold and grace period for YOUR region — they are not uniform worldwide.
• Confirm the SMMP effective date and trigger metrics in the current Mastercard rules.
• Check CE 3.0 and First-Party Trust qualifying data requirements against the latest network guidance.
• Confirm reason-code-specific response deadlines on each dispute notice.
• When in doubt, ask your acquirer for the exact thresholds and cutoffs applied to your MID.

Frequently asked questions