The MATCH List (Member Alert to Control High-Risk Merchants) is Mastercard’s database of merchants who have had their merchant accounts closed and payment processing privileges revoked. Although technically this is a Mastercard database, acquirers reference this for both Visa and Mastercard merchants.
What is the terminated merchant file (TMF)?
The terminated merchant file (TMF) is similar to the MATCH List.
Each card brand maintains its own database of terminated merchants. Mastercard maintains the MATCH List. The TMF — now called VMSS or Visa Merchant Screening Service — is Visa’s version.
The Visa terminated listing databased still exists and is regularly updated. However, the MATCH List has become the gold standard.
If your merchant account is closed because of excessive fraud, excessive chargebacks, or other rule violations, your acquirer is required to add you to the MATCH List. Acquirers are also required to check a merchant’s MATCH status before approving a new account. If your business is included in this database, it can be difficult to obtain a new merchant account.
Because MATCH List placement indicates undesirable business activities have taken place, it’s best to avoid this classification if at all possible. If you have been placed on MATCH, it’s important to understand the reason and develop a remediation strategy so you can hopefully get a new account in the future.
Understanding the MATCH List and how it impacts your business
The MATCH List can cause a lot of trouble for your business. Be sure you understand what it is, the impact it could have on your business, and how to avoid it.
How do acquirers use the MATCH List?
Acquirers and processors are involved in the MATCH system at two points in the merchant account lifecycle.
NOTE
Acquirers must consult the MATCH List during the account underwriting process. But they aren’t required to decline an application just because a business is listed in the database.
MATCH participation is mandatory for acquirers and processors. Failure to use the database as instructed can lead to non-compliance assessments and penalties.
Why are merchants added to the MATCH List?
Merchant accounts can be closed for a variety of reasons. But not all closures trigger MATCH placement.
In fact, two conditions must be met before an acquirer can add your business to the MATCH List.
NOTE
Acquirers can’t threaten merchants with MATCH placement for minor infractions, nor can they punish merchants by including them in MATCH for unjustifiable reasons.
We’ll go over the official MATCH List reason codes in a minute. But here’s a high-level overview of activities that can warrant MATCH placement.
- Excessive chargebacks
- Excessive fraud
- Excessive acceptance of unauthorised or counterfeit transactions
- Money laundering
- Fraudulent business practices
- Selling products that don’t comply with the acquirer’s requirements or that aren’t included in the merchant agreement
- Making unauthorised changes to the website or sales methods
What are the MATCH List reason codes?
MATCH List reason codes explain what went wrong and why you were added to the database.
NOTE
MATCH List reason codes differ from chargeback reason codes. Check this resource if you are interested in chargeback reason codes.
Reason codes help acquirers determine if a particular action warrants MATCH placement. If your actions don’t align with any of the available reason codes, then the acquirer can’t add you to the list.
MATCH reason code list
Here’s a list of MATCH reason codes.
We’ll go over the official MATCH List reason codes in a minute. But here’s a high-level overview of activities that can warrant MATCH placement.
- Excessive chargebacks
- Excessive fraud
- Excessive acceptance of unauthorised or counterfeit transactions
- Money laundering
- Fraudulent business practices
- Selling products that don’t comply with the acquirer’s requirements or that aren’t included in the merchant agreement
- Making unauthorised changes to the website or sales methods
REASON CODE 01
Account Data Compromise
Reason code 01 is applicable if your business suffers a data breach and your customers’ account data is accessed without authorization.
REASON CODE 02
Common Point of Purchase (CPP)
Reason code 02 is used if your customers’ payment information is stolen and used to make fraudulent purchases at a different location.
REASON CODE 03
Laundering
Reason code 03 is given if your acquirer suspects money laundering or transaction laundering.
Money laundering is the act of taking “dirty” money gained through criminal activities and making it appear “clean” — usually accomplished by processing card transactions without an actual cardholder.
Transaction laundering happens when a legitimate business processes transactions on behalf of an illegitimate business — usually in an attempt to sell goods or services the acquirer wouldn’t approve.
REASON CODE 04
Excessive Chargebacks
Reason code 04 is applicable when your chargeback activity is considered excessive. Each card brand has a different definition for “excessive”, but MATCH List thresholds are usually tied to monitoring program guidelines.
For example, Mastercard deems you to be MATCH eligible if:
- Your monthly Mastercard chargeback-to-transaction ratio is above 1%, and
- Your monthly chargebacks are valued at $5,000 or more.
Reason code 04 has traditionally been the most common classification for the MATCH List. But because of VAMP, reason code 05 is growing in popularity.
REASON CODE 05
Excessive Fraud
Reason code 05 is used if you have processed an excessive amount of fraudulent transactions. Each card brand defines “excessive” differently, but MATCH List thresholds are usually similar to monitoring program guidelines.
For example, Mastercard says you should be MATCHed if you exceed the following:
- A fraud-to-sales dollar volume ratio of 8% or more in a month, and
- 20 or more fraudulent transactions totaling $5,000 or more in a month.
REASON CODE 07
Fraud Conviction
Reason code 07 is relevant when the acquirer learns that one of your business’s owners, directors, or stakeholders has been convicted of criminal fraud.
REASON CODE 08
Mastercard Questionable Merchant Audit Program
Reason code 08 is given if your business is engaged in behaviors that Mastercard deems unacceptable.
Mastercard will launch an investigation if your business is suspected of collusive, fraudulent, or otherwise inappropriate behavior. If the investigation confirms that the business is not meeting expected standards, you will be labeled a “questionable merchant” and enrolled in the Mastercard Questionable Merchant Audit Program (QMAP).
You will be classified as a questionable merchant if you do all of the following:
- Process at least $50,000 in transaction volume during the case scope period (the 120 days preceding the start of Mastercard’s investigation)
- Process at least 5 transactions during the case scope period
- Process at least 50% of transaction volume on bust-out accounts
Or, you may be enrolled in QMAP if at least three of the following characteristics are applicable during the case scope period:
- Your fraud-to-sales ratio is 7% or more
- 20% or more of your authorisation requests were denied by the issuer or received a “refer to issuer” response
- You have been processing transactions for less than 6 months
- Your volume (or dollar amount) of fraudulent transactions, authorisation declines, and issuer referrals is more than your total volume (or dollar amount) of approved transactions
REASON CODE 09
Bankruptcy, Liquidation, or Insolvency
Reason code 09 is relevant if your business is — or probably will be — unable to pay your financial obligations because of bankruptcy, liquidation, or insolvency.
REASON CODE 10
Violation of Standards
Reason code 10 is used if your business violates general card brand regulations related to:
- Which cards you accept
- Whether or not you properly display card brand logos
- How you charge cardholders
- If you implement minimum and/or maximum transaction amounts
- If certain transactions are prohibited
REASON CODE 11
Merchant Collusion
Reason code 11 is given if your business is engaged in — or suspected of — collusive activity.
REASON CODE 12
PCI Data Security Standard Non-Compliance
Reason code 12 is applicable if your business does not meet PCI-DSS requirements.
REASON CODE 13
Illegal Transactions
Reason code 13 is used if you process illegal transactions. This is applicable if you knowingly process these fraudulent transactions — such as pretending illegal drugs are vitamins. Unfortunately, your merchant account is also subject to termination under this reason code if you unknowingly process illegal transactions — such as selling alcohol to a minor.
REASON CODE 14
Identity Theft
Reason code 14 is relevant if your acquirer suspects one of your business’s owners, directors, or stakeholders used a fake identity during the underwriting process.
What are the consequences of being MATCHed?
MATCH placement means your business was involved in activities the card brands have deemed unacceptable. This negative reflection of your business can have consequences.
The biggest challenge is getting a new merchant account and restoring your payment processing privileges after you’ve been MATCHed.
Some processors and acquirers are unwilling to work with businesses that are labelled as “previously terminated”. The ones that are willing to potentially take a risk on your business will likely have necessary protections in place. You’ll need to be prepared for stipulations like:
- A long-term contract
- A reserve account
- Higher processing fees
- Stricter thresholds for fraud and chargeback ratios
How do you get off the MATCH List?
MATCH List placement isn’t permanent. If you’ve been added to the database, there are three things you need to know about getting off the list.
You will automatically be removed after five years.
If you are added to the MATCH List, you will automatically be removed five years after your most recent entry.
Records in the MATCH system are retained for a maximum of 60 months. After that date, the record is automatically purged from the system.
You might have been added by mistake.
MATCH is governed by well-documented rules that acquirers are expected to follow. However, it is possible for mistakes to happen.
If you think your MATCH placement was an error, you can contact the acquirer that added you. The acquirer will then review the case to determine if your entry was legitimate or a mistake. If the reason for being MATCHed wasn’t legitimate, your acquirer can request your removal from the database.
Compliance can warrant removal.
Was your business added to MATCH with reason code 12 — PCI Data Security Standard Non-Compliance? If so, you can exit the database once you become PCI compliant.
You’ll need a certificate or letter validating your compliance, submitted via the official MATCH List removal request process.
How do you avoid the MATCH List?
There are more than a dozen MATCH List reason codes. But they all fall into one of three basic categories:
- Intentionally breaking rules for personal gain.
- Unintentionally making mistakes that lead to non-compliance or security issues.
- Failing to control fraud and chargebacks.
If you can avoid these failures, you can hopefully avoid the MATCH List. Let’s look at actionable advice for each category.
Resisting misconduct
If you are engaging in inappropriate, illegal, or unscrupulous behavior, your merchant account should be terminated. And other acquirers should be warned against working with you in the future.
Avoid temptations to lie, cheat, steal, and misuse the payment processing ecosystem.
Preventing non-compliance
Business ownership is a privilege that comes with important responsibilities — like adhering to government regulations and card brand rules.
It is absolutely essential that you understand — and comply with — expectations. Here are some resources that can help:
- Seek out business consultants who can advise you on both local and national laws. You probably have lots of options — everything from paid professionals to non-profit organisations.
- Study and implement PCI-DSS requirements. The PCI Security Standards Council has dozens of training opportunities.
- Monitor card brand updates. Mastercard and Visa publish their regulations online and update them twice a year (usually in April and October).
Managing fraud and chargebacks
Fraud and chargebacks are the leading cause of account closure and MATCH placement.
We have a detailed guide that can help reduce chargebacks and the risk they pose to your business. We encourage you to check it out.
RELATED READING
Want help avoiding the MATCH List?
Are you worried about being MATCHed? AltoPay can help.
Our main focus is to simplify the complexities of payments. And we do that with a full suite of solutions that help ensure stable, reliable payment processing.
Whether you get your merchant account from us or someone else, we can help protect it from closure and MATCH List placement.
