#6: Change Healthcare Breach, Visa's VAMP Framework, Stolen Car Scams

This week's stories highlight how fraud continues to shape industries—from marketplaces grappling with stolen car listings to major changes in payment risk frameworks. Add to that a catastrophic healthcare data breach, and it’s clear that fraud prevention demands constant vigilance. Let’s dive into these stories and what they mean for fraud fighters like you.

NATE'S TAKE: Top Three This Week

1. Marketplaces and the Rise of Stolen Car Scams
2. What Visa’s New VAMP Framework Means for Merchants
3. The Change Healthcare Breach: A Wake-Up Call

1. Marketplaces and the Rise of Stolen Car Scams

The NYPD and DMV are warning about a growing trend: fraudsters selling stolen cars on online marketplaces. In one example, a scammer attempted to sell a Honda CRV for $16,000—far below market value. Deals like this lure buyers in with the promise of a bargain, but they often end with no car, no recourse, and an empty wallet. With at least 150 stolen cars sold through these schemes, it’s clear how easily fraud can infiltrate trusted platforms.

This trend is particularly relevant given the rise of online car marketplaces like Carvana, which has seen tremendous growth, with its stock surging over 585% in the past year. Carvana’s success reflects how consumers are increasingly comfortable purchasing vehicles online—but it also highlights the growing stakes. As these platforms scale, they need robust fraud controls to protect their users from falling prey to scams like these.

For fraud fighters working in marketplaces, the takeaway is clear: fraud isn’t just a transactional issue—it’s woven into the entire customer journey. Fraud detection must extend beyond single interactions, identifying red flags like sudden price drops, repeated listings, or sellers using multiple accounts. As online marketplaces become the norm, maintaining buyer trust through proactive fraud detection will be essential to staying ahead of bad actors.

2. Visa’s New VAMP Framework: A Game-Changer for Online Merchants

Karisse Hendrick, a well-known fraud consultant and host of the Fraudology podcast, recently shared major news: Visa is retiring its long-standing VDMP (Visa Dispute Monitoring Program) and VFMP (Visa Fraud Monitoring Program), replacing them with the Visa Acquiring Monitoring Program (VAMP) by April 1, 2025. While it was initially thought these changes would only impact merchants in the EU, we now know they will apply to U.S. merchants as well—and the new rules come with significant implications.

Under VAMP, fraud and dispute thresholds will be tightened. By January 2026, the acceptable fraud ratio will drop from 0.9% to just 0.3%. Merchants will be forced to account for not only fraud-related chargebacks but all non-fraud chargebacks and TC40s (fraud claims that don’t necessarily result in chargebacks). This shift puts added pressure on fraud teams, as refunds made pre-chargeback will no longer automatically protect merchants from penalties unless they enroll in Visa’s pre- or post-dispute alert programs. Even refunds processed through competitors like Ethoca will still count against merchants under the new framework.

This tighter framework leaves merchants with a critical question: How can they meet these new standards without driving up operational costs or compromising the customer experience? Fraud fighters will need to develop strategies that focus on reducing disputes at their source, using data-driven insights to prevent chargebacks before they happen. Now is the time to engage with acquirers, clarify how these changes will impact your organization, and develop a game plan for staying compliant. If you’re looking for deeper insights, check out the recent episode of Fraudology for Karisse’s expert take on the new rules.

3. The Change Healthcare Breach: A Wake-Up Call for Data Security

The ransomware attack on Change Healthcare exposed sensitive data for 100 million people, marking one of the largest healthcare breaches in recent memory. The attackers infiltrated the company through a compromised Citrix remote access account—one that didn’t have multi-factor authentication enabled. Once inside, the attackers stole six terabytes of data, including health records, Social Security numbers, and billing information.

UnitedHealth, the parent company, initially paid a ransom for a decryptor and a promise to delete the stolen data. But the attackers reneged, partnering with another group to demand even more money and leaking some of the data online. This breach caused widespread disruptions, forcing patients to pay out-of-pocket for medications when insurance systems went down. With losses already nearing $2.45 billion, the fallout from this attack highlights the severe financial and operational impacts of compromised data security.

This case serves as a stark reminder: trust can’t rest on old defenses. Remote access systems, in particular, need continuous monitoring and strict authentication protocols. The attack underscores the importance of constantly evolving security strategies—fraudsters won’t wait for organizations to catch up. For fraud fighters, it’s a call to look at access points and vulnerabilities as fluid, not fixed. If one weak spot exists, attackers will find it.

RELATED: Understanding credential stuffing and how to prevent it

===

That’s all for this week! For more insights, subscribe to my Fraud in Focus newsletter and get weekly updates in your inbox.

And be sure to follow us on LinkedIn or X, and if you want to learn more about what we do, request a demo here.