How to Avoid The Merchant’s Biggest Nightmare—The Match List
Mention the word “match” to a room full of ecommerce vendors and you risk igniting an inferno of ire. Match (Member Alert to Control High-Risk Merchants), also known as the Match list, is a register of merchants noted for unique achievements in fraud and chargeback management maintained by the card issuer Mastercard. Despite the visibility it brings, making the Match list is far from an aspiration. Far from it, it can be a death knell for vendors.
If you aren’t sure what the Match list is, read on. We’ll explain what it is, what action will get you on the list, what you can do to get off it, and the steps you can take to avoid it.
What Is the Match List?
The Match List was created by Mastercard as a way to protect payment providers and acquiring banks from high-risk merchants. Just to be clear, Visa and Mastercard are card issuers and part of the payment networks, while payment providers and acquiring banks represent the merchant and their transactions.
As the newer version of the Terminated Merchant File (TMF), MasterCard’s Match list maintains a database of blacklisted—for want of a better word—merchants that payment processors and acquirers would rather not service. Why? Because the merchants have proven to be high risk either because they garner too many chargebacks, have fallen prey to fraud, fail to comply with compliance standards, or have experienced data breaches.
Inclusion on The Match List can be a death knell for a merchant. Once on the list, their name is besmirched, and finding a credit card processor that will not charge exorbitant fees will be a tall order for five years at least. Why five years? Because that’s how long a merchant’s name will stay on the Match list.
Related: Read “How to Make Returns and Chargebacks Work for Your Brand
What’s the Fate of a Merchant Who Is Placed on the List?
At best, a merchant who is lax with chargeback or fraud management my avoid the Match list for a time but will face fines and additional chargeback fees. At worst, if the situation continues, their account will be terminated, and they will join other ecommerce pariahs on the dreaded list.
Being on the list does not mean a merchant won’t find an acquirer; it just means that it will be difficult and probably expensive. Some acquirers will still do business with them, take advantage of the opportunity to levy high fees to cover their risk, and strong-arm them into a long-term contract with an early termination penalty.
There are other options open to merchants. They can go cash only (not really an option for ecommerce), choose echecks or ACH (ditto), or rely on peer-to-peer (P2P) wallet apps like Venmo. With P2P, there is no need to go through an acquiring bank to set up the account, so their business will not be checked against the MATCH list. Lastly, cryptocurrency is another option. As you can see, none of these are ideal for the ecommerce vendor seeking to create a frictionless payment experience.
For more on chargeback management, read “Digital Chargeback Management—A Better Strategy for eCommerce Growth”.
How Does a Merchant End Up on the Match List?
A merchant may find their way to the Match List if they have too many chargebacks, experience fraudulent activity, or show signs of money laundering. The good news is that there are stricter guidelines regarding who should be added to the list and why, and these are laid out in Mastercard’s Security Rules and Procedures (SRP), Section 11.5.
Here’s a summary of why a merchant might end up on the Match list, including the numerical codes assigned by Mastercard.
- Account Data Compromise
- Common Point of Purchase (CPP)
- Excessive Chargebacks (for any month, chargebacks exceed 1% of Mastercard sales transactions and totaled $5,000 or more.
- Excessive Fraud (fraud to sales volume ratio of 8% or more in any calendar month or 10 or more transactions totaling $5,000 or more.
- Reserved for future use.
- Fraud conviction
- Mastercard Questionable Merchant Audit Program (the merchant is deemed questionable).
- Violation of Mastercard standards
- Merchant collusion
- PCI Data Security Standard noncompliance
- Illegal transactions
- Identity theft
How to Get Off the Match List
So, now you know the acquiring bank is the key player of concern when it comes to the Match list. Also, know that acquiring banks, in addition to Mastercard, have the power to remove you from the Match List. But probably not for five years.
There are three ways to get off the Match List.
1. You will be removed if you were added five years ago or more.
The system will automatically purge data after five years.
2. You can be removed if you were added by mistake.
If this is the case, contact the acquiring bank or ask your payment processor to help. Failing that, a lawyer might be able to help you make a strong case.
3. You can be removed if you were added because you were PCI non-compliant but are now compliant.
If this the case, contact Mastercard directly and show them a letter or certificate of validation from a Mastercard-certified forensic examiner declaring that you are now PCI compliant.
How Does a Merchant Know If They Are on the Match List?
How can you find out if you’re on the match list? You can’t. But if you’re being denied payment services, that’s a strong indicator you could be. Many merchants only find out they’re on the Match list when they are denied an application by an acquirer. You could ask an acquirer or payment processor if you’re on the Match list, but why not avoid the risk altogether. Here’s how
How to Reduce Your Risk of Landing on the Match List
Merchants can reduce the risk of ending up on the Match list by improving chargeback management, fraud management, and strengthening the customer relationship. Here’s some suggestions.
1. Use Chargeback Alerts
Mastercard is not the evil taskmaster it appears to be. Both card issuers, Mastercard and Visa, offer solutions for vendors who fear “The List.”
Verifi by Visa and Ethoca by Mastercard act as early warning systems for chargebacks. They inform a merchant when a customer initiates a chargeback dispute and give merchants an opportunity to reach out to the customer and intervene before a dispute goes to the bank. This will keep merchants below the chargeback ratio that may place them on the Match list.
2. Be Diligent with Fraud Management
Make sure fraudulent activity is not the reason you’re on the Match list. Make it difficult for fraudsters to access login credentials or payment information. Know the best practices for fraud prevention and use the available tools. Most solutions are easy and cheap to integrate with existing payment infrastructure.
Use two-factor authentication, device fingerprinting, velocity checking, and machine learning tools to identify potential fraud. Watch out for unusual orders. For example, unusually large orders, orders from overseas, and multiple failed order attempts from the same customer or IP address. These could indicate attempted purchases using a stolen card.
3. Follow Payment Protocols
Payment protocols for a card network may require capturing customer addresses, CVV verification, and obtaining proof of delivery. Each network will be different, so make sure you understand what protocols your networks require and follow them. Not doing so is likely to result in a ruling against you in the event of a chargeback dispute.
4. Improve Customer Service
Improving customer service can be as easy as opening a dialogue with your customers. This increases the contact you have with customers, provides additional opportunities for sales, and strengthens the customer relationship.
Send out automated emails, use chatbots, offer in-person customer service, make refunds and returns easy. All these strategies will encourage customers to deal directly with the merchant on issues rather than turn to the payment provider or acquirer. The result? Fewer chargebacks and less likelihood of getting on the Match list.
Read about the latest payments innovations, “From Chatbots to Chargebacks: Recent Developments In Payments Innovations“
5. Use a Recognizable Merchant Descriptor
In many households, there is more than one member ordering products with a credit card uploaded to a digital wallet and used through autofill. However, there is usually just one person who pays the bills. That person may not recognize a merchant descriptor if someone else has placed an order, or even if they were the one to do so, and they may dispute the charge. To reduce this type of chargeback, merchants should use clear descriptors so that consumers can identify what products or services they are being asked to pay for. A good descriptor should include the company name and a contact number.
6. Watch Out for Subscriptions
Subscriptions are a huge source of chargebacks. Customers tend to initiate subscriptions, forget about them, and then dispute the automatic charges. Remind customers of their subscriptions and make it easy for them to cancel them.
Choose a Reputable Payments Provider
There are enough challenges facing ecommerce merchants in today’s economy, the Match list needn’t be one of them. For the most part, staying compliant and keeping chargebacks under control will do the trick. A reputable payments provider can be helpful in guiding merchants with chargeback and fraud management strategies.
Cartis Payments is payments provider for ecommerce merchants who value the customer experience. Cartis can easily and economically integrate chargeback management solutions and fraud protection with your existing payments infrastructure.