MATCH stands for the MasterCard Alert to Control High-risk Merchants and it’s a system where acquirers are given the opportunity to review risk information before entering into an agreement with a merchant. MATCH is mandatory for all MasterCard acquirers and its database contains information about merchants and merchant account owners who have been terminated by an acquirer(s) in the past.
The information contained in MATCH helps acquirers assess the reasons for previous merchant terminations to see if they should avoid entering into an agreement with the merchant based on the circumstances of the termination. If the acquirer decides to work on behalf of the merchant, MATCH can help them determine specific conditions in respect to acquiring.
MasterCard acquirers can also choose to integrate with MATCH via an API that allows access of MATCH data in real time. The API allows an acquirer to add merchant termination events to the system as well as identify whether other acquiring partners have inquired about a merchant.
That’s the 20,000 foot overview of MATCH. To fully answer the question “What is MATCH?” we need to dig a bit deeper. In the post below, we dive into the MasterCard Security Rules and Procedures, Merchant Edition, 31 March 2016, to understand the full details associated with acquirers, merchants, and MATCH.
Fraud Detection & Risk Assessment
As mandated by MasterCard, all acquirers with merchant activity must use MATCH. Use of MATCH is twofold: acquirers must add information about a merchant that is terminated and why, as well as inquire against the MATCH database before acquiring for a merchant. Using the MATCH database, acquirers may:
- Add and search for information regarding up to five principal and associate business owners for each merchant.
- Designate regions and countries for database searches.
- Determine whether they want to receive inquiry matches and the type of information the system returns.
- Add the name of the service provider associated with signing the merchant.
- Submit and receive bulk data using batch and/or import file operations.
- Add and search for information regarding Merchant Universal Resource Locator (URL) website addresses.
When an acquirer submits an inquiry, MATCH searches its database for possible matches between the information provided and information reported and stored during the last 5 years, as well as other inquiries during the last 360 days. MATCH returns the first 100 responses for each inquiry an acquirer submits. Also, MATCH returns all terminated merchant responses regardless of the volume of possible matches.
There are two types of matches that can be returned. The first is an exact possible data match, where the merchant information provided in the inquiry matches with an owner name or address contained in the system. The second is a phonetic possible match, where the merchant information provided sounds like specific information in the system. The acquirer determines how many phonetic matches (one to nine) will cause a possible match to be trustworthy.
If an acquirer is using the database to search for a US-based merchant, address fields used are street, city, and state. If the merchant is not based in the US, then street, city, and country are used instead. For inquiries regarding ecommerce merchants, acquirers must provide the merchant’s URL, or website address. Other features of MATCH searches include:
- The use of multiple fields to determine possible matches.
- Edits of specific fields to reduce processing delays by notifying inquirers of errors as records are processed.
- Support of retroactive alter processing of data contained in the database for up to 360 days.
- Processing of data submitted by acquirers once per day and provision of daily detail response files.
Should an acquirer locate the merchant-in-question in the MATCH database, they can communicate directly with the listing acquirer to confirm the merchant is indeed the same that was previously reported to MATCH, terminated by the listing acquirer, or inquired about within the last year. Then, the acquirer needs to determine what measures need to be taken in order to address the risk associated with the merchant-in-question.
MATCH Reason Codes
Similar to chargeback reason codes, MATCH also has reason codes associated with it that help identify who added the merchant to the system (either an acquirer or MasterCard) and why the merchant was added to the system.
|MATCH Reason Code||Detail||Description|
|01||Account Data Compromise||A situation that either directly or indirectly results in unauthorized access to or disclosure of account data.|
|02||Common Point of Purchase (CPP)||Account data is compromised by the merchant, then used to complete fraudulent purchases at other merchant locations.|
|03||Laundering||The merchant presented transaction records to the acquirer that were not valid transactions of sales of goods or services between the merchant and a bona fide cardholder.|
|04||Excessive Chargebacks||The number of chargebacks in any single month exceed 1 percent of sales transactions in that month, and those chargebacks totaled $5000 USD or more.|
|05||Excessive Fraud||The merchant experiences fraudulent transactions of any type meeting or exceeding the minimum reporting standard of a fraud-to-sales dollar volume ratio greater than 8 percent in a calendar month, and the merchant experienced 10 or more fraudulent transactions totaling more than $5000 USD in a calendar month.|
|06||Reserved for Future Use||–|
|07||Fraud Conviction||The principal owner or partner of the merchant was convicted of criminal fraud.|
|08||MasterCard Questionable Merchant Audit Program||The merchant fulfills the criteria set forth in the MasterCard Questionable Merchant Audit Program.|
|09||Bankruptcy/Liquidation/Insolvency||The merchant either is unable or will likely become unable to meet its financial obligations.|
|10||Violation of Standards||The merchant violated one or more standards and procedures required in transactions where payment cards are used.|
|11||Merchant Collusion||The merchant participated in fraudulent and collusive activity.|
|12||PCI Data Security Standard Noncompliance||The merchant did not comply with Payment Card Industry (PCI) Data Security Standard requirements.|
|13||Illegal Transactions||The merchant participated in illegal transactions.|
|14||Identity Theft||The identity of the merchant or its principal owner were unlawfully assumed for the purpose of unlawfully entered into an agreement.|
Removing a Merchant from MATCH
MasterCard outlines two potential reasons for removing a merchant listing from MATCH. The first is that the report from the acquirer about adding the merchant to MATCH was made in error. The second reason for removal specifically speaks to MATCH reason code 12. If the acquirer confirms that the merchant has become PCI compliant, the acquirer must submit the request to remove a MATCH reason code 12 merchant listing from MATCH in writing printed on the acquirer’s letterhead to Merchant Fraud Control.
Excessive chargebacks are a large contributor to merchant MATCH listings. As described previously, if a merchant’s chargeback ratio exceeds 1 percent for any given month and the chargeback volume exceeds $5000 USD, they are placed on MATCH by the acquirer. Intercepting customer disputes before they turn into chargebacks is essential for merchants looking to avoid inclusion in this not-so-desirable list.