Although the importance of TC40 data has increased in 2025, many merchants and even some payment aggregators are still unaware of its full purpose. When a transaction is reported as fraudulent, issuers file TC40 reports, but the merchant and other payment stakeholders frequently do not see them. In contrast to chargebacks, which have financial consequences and unambiguous notices, TC40s function as a less obvious component of Visa’s fraud monitoring system.
The problem however? They still count. Chargebacks and TC40 data are now used by Visa’s revised Acquirer Monitoring Programme (VAMP) to determine a merchant’s fraud ratio. This implies that companies may face penalties for fraud exposure they were completely unaware of.
TC40s don’t go away if you ignore them. However, merchants may be pushed over compliance thresholds due to these sometimes obscure fraud reports, which could result in processing restrictions, reserve holds, or fines. Protecting your risk profile in the modern world requires having better visibility into this data; it is no longer a choice.
How TC40 Data is Processed and Why You May Rarely See Them
A TC40 report is sent to Visa by the cardholder’s issuing bank when a transaction is flagged as fraudulent. This report joins Visa’s worldwide fraud monitoring system and contains important transaction details such merchant information, bank identifiers and fraud type. For most businesses, however, the next step is where things get murky.
You do not receive the TC40 immediately. Usually, your acquirer receives it and occasionally a Payment Facilitator (PayFac) may share it with you if they have the necessary infrastructure. It is frequently sent via third-party platforms or aggregators, which causes additional latency. TC40 data could be sent to merchants weeks after the fraud has taken place, long after the chargeback has been submitted or the customer has received their money back.
This is not the result of carelessness or intention. It’s just the way today’s payment landscape operates. However, it means that merchants and other important stakeholders can be frequently in the dark about the growing risk of fraud until it’s too late to take action.
Understanding the TC40 flow is now crucial in 2025. Having prompt access to TC40 data can make the difference between remaining compliant and going over accepted ratios when fraud reports are counted by programmes like Visa’s Acquirer Monitoring Programme (VAMP). The sooner you see a potential problem, the sooner you can take action.
Why Visibility Gaps Exist and What You Can (and Can’t) Control
The reason why merchants frequently do not receive TC40 data is one of the most misinterpreted components of this information. TC40 cases take a more complicated route, beginning with the card issuer and Visa and then usually passing through acquiring banks, fraud platforms, or data aggregators. This is in contrast to chargebacks, which are provided straight to the merchant with explicit instructions and response options.
Latency is introduced at each step. While many PSPs and acquirers lack the infrastructure necessary to receive this data, some do. Others might only reveal it infrequently, usually as part of retrospective reporting that is sent out weeks after the initial fraud incident. TC40 data supplied in this way is often a trailing signal rather than an intervention tool because by that time, a refund or chargeback has probably already been processed.
There is no single party remove to blame for this. The way fraud data moves through the complex and multi-layered online banking eco-system is the root cause of this systemic problem. However, being aware of that restriction enables fraud teams and merchants to pose these type of questions:
- What TC40 data does my PSP or acquirer receive?
- How often is it shared and in what format?
- Can it be made more actionable or timely?
Before compliance thresholds are exceeded, teams must better understand why risk ratios may be increasing, change fraud rules and look at options that give even minor visibility enhancements.
Verifi INFORM: Turning TC40 Data Into Actionable Signals
Verifi, a Visa company, have launched INFORM, a program that offers direct access to TC40 (and other fraud-related data), in an effort to bridge the visibility gap. Key information such as transaction types, transaction details and suspected fraud patterns across card-not-present transactions are all included in the structured fraud reports that INFORM provides.
INFORM is a platform that lets high-volume merchants, PSPs and PayFacs operating in verticals with significant VAMP exposure obtain TC40 data much more quickly and with less friction. When it comes to managing risk at scale, the ability to spot fraud trends before they become chargebacks or VAMP breaches can make all the difference.
Crucially, INFORM transmits data independently of a PSP or acquirer. The reports are readily accessible to merchants or platforms, usually through authorised third-party partners such as PayShield. As a result, the road to fraud oversight becomes more proactive, predictable and timely.
INFORM provides more than just post-mortem analysis for individuals who are coping with high fraud ratios. Before it impacts compliance status or the health of the merchant portfolio, it enables teams to predict fraud hotspots, align internal scoring models and eventually move ahead of the next risk curve.
Quick Diagnostics for Risk Teams:
- Do we currently receive TC40 data from our PSP or acquirer?
- Is that data shared weekly, monthly, or in real-time?
- Have we ever used TC40 reports to tune fraud scoring or KYC checks?
Making TC40 Data Work for Your Risk Strategy
Getting access to TC40 data is just the first step; how you use it is what counts. Chargebacks or VAMP intervention are the result of concealed fraud signals, INFORM reports can sometimes reveal them.
This can envolve converting raw TC40 findings into adjustments for merchant onboarding thresholds, 3D Secure deployment and fraud scoring models for Payment Service Providers and PayFacs handling different portfolios. Teams can take earlier and more targeted action by identifying patterns such as card testing attempts, recurring fraud from particular BINs, or abuse from particular regions.
Additionally, high-risk merchants can use TC40 trends to support proactive measures like strengthening KYC on flagged transactions, giving refunds prior to a chargeback, or initiating pre-authentication processes (like 3DS) in response to known fraud tendencies.
Crucially, TC40 data provides context that chargebacks cannot, enabling you to identify fraud at its source rather than only after it has already occurred. These signals aid in improving preventive logic and lowering downstream losses when integrated into a multi-layered fraud deflection strategy. To make sure fraud is not overlooked and is minimised, this might involve making sure TC40 data is received and comparing it with 3D Secure, Transaction Risk API and Chargeback Alerts.
Summary
In 2025 and beyond, TC40 data has become essential to Visa’s assessment of merchant risk and are no longer just background noise. TC40 reports already have an impact on your fraud profile and VAMP compliance status, even if you have never seen one.
Lack of visibility is the true problem, not intent. Merchants and PayFacs can be left in the dark about the very signals that card networks and acquirers use to assess risk as TC40 data is sometimes delayed or not sent at all.
Tools like Verifi INFORM have become increasingly important because of this. They provide TC40 data to companies that require it most, bringing it out of the shadows. Early fraud trend detection gives you the ability to modify scoring, implement preventative controls and stay clear of compliance criteria before it’s too late.
Do you want to see how your risk profile is being affected by TC40 reports? To learn more about Verifi INFORM and how to incorporate TC40 information into your fraud deflection plan, get in touch with PayShield here.
