Everything you need to know about the MATCH list - woman behind counter at retail store reviewing reports on her laptop

Everything you need to know about the MATCH list

Wednesday, December 17, 2014
And how to keep your business off the list

When it comes to your business, you know the importance of merchant accounts. They can help your business accept various forms of payment like debit and credit card payments. But what happens when you go to apply for a new merchant account and your application is declined? Well, there’s a chance your business has been added to the MATCH list. This list can spell trouble for merchants like you. So, in this article, we’ll take a look at everything you should know as a small business owner about the MATCH list. To start, let’s define the MATCH list.

What’s the MATCH list?

The MATCH list might sound romantic, but if you’re a merchant who finds themselves on the MATCH list, you won’t love it. That’s because the MATCH list (Member Alert to Control High-Risk Merchants) is a record of merchants that Mastercard deems to be high risk.

This electronic list compiled by Mastercard includes businesses that have had one or more merchant accounts terminated by their acquiring bank. Merchants can also find themselves on this list if they partake in illegal activity, fraud, or noncompliance. This list gives banks, payment processors, and other financial institutions a guide to identify merchants they may want to avoid.

Mastercard developed the MATCH list in order to centralize records of risky merchants. Because this is considered the industry standard, it’s nearly impossible for merchants to hide their canceled accounts from the list.

Obviously, if you're on this list, it can be difficult to run your business, especially if you don’t have a way to obtain merchant services. And while it won’t affect any current relationships you have with payment processors, being on the MATCH list will prohibit you from opening any new merchant accounts. 

The MATCH list is the newest version of this “blacklisted” list. If you’ve done business for a while, you may recognize this list as the Terminated Merchant File (TMF). While the MATCH list is more comprehensive than the TMF, you may encounter people who use the terms interchangeably. Now that you know about the MATCH list, let’s look at how merchants get added to the list.

How do merchants get on the MATCH list?

When it comes to the MATCH list, you already know that it’s a list you don’t want to find your company’s name on. So, how do businesses get put on the MATCH list? 

The power to add businesses to the MATCH list lies with both Mastercard and acquiring banks. Mastercard uses a list of detailed requirements that notes why an acquiring bank has put a business on the MATCH list. It’s important to note that only the financial institution that put a company on the MATCH list or Mastercard has the power to take the company off the list. Mastercard also only requires an acquiring bank to add a company to the MATCH list if they terminate their merchant account for any reason. Otherwise, adding a company to the list is largely at the discretion of the acquiring bank.

The most common reason for your business being added to the MATCH list is excessive chargebacks. However, we’ll take a comprehensive look at each of the reason codes in the next section.

MATCH list reason codes

When you find out you’re on the MATCH list, you’ll also find out the reason your business was added to the list. Here's the MATCH reason code list, which shows the specific reasons a business may get added: 

01 Account Data Compromise
At the merchant, an occurrence resulted (either directly or indirectly) in unauthorized access to, or disclosure of, account data.

02 Common Point of Purchase
At the merchant, account data is stolen and then used to make fraudulent purchases at other merchant locations.

03 Laundering
Merchant is responsible for laundering. Laundering means that a merchant gave transaction records to its acquirer that weren’t valid transactions for goods and services between the merchant and a bona fide cardholder.

04 Excessive Chargebacks
The merchant surpassed the threshold for chargebacks set by the credit card network. This means that chargebacks amounted to more than 0.9% of a business’s sales transactions in that month, and those chargebacks totaled $5,000 USD or more. If the acquirer reports a merchant from American Express, that means the merchant exceeded the chargeback threshold of American Express, as determined by American Express.

05 Excessive Fraud
The merchant surpassed the threshold for fraudulent transactions of any type. According to Mastercard, the merchant’s fraud-to-sales dollar volume ratio was 8% or greater in a calendar month, and the merchant effected 10 or more fraudulent transactions totaling $5,000 USD or more during that calendar month.

06 Unused
This code is currently not in use.

07 Fraud Conviction
The principal owner or partner in the business has been convicted of criminal fraud.

08 Mastercard Questionable Merchant Audit Program
Based on the guidelines set forth by Mastercard in its merchant manual, the merchant was determined to be a questionable merchant.

09 Bankruptcy/Liquidation/Insolvency
The merchant is not, was not, or will not be able to discharge their financial obligations. 

10 Violation of Standards
The merchant did not follow the correct standards and procedures set forth by the card networks, reported by an acquiring bank. In the case of Mastercard, the merchant engaged in behavior that includes minimum/maximum transaction amount restrictions, and prohibited transactions set forth in Chapter 5 of the Mastercard Rules manual. For American Express, the merchant was in violation of one or more American Express bylaws, rules, operating regulations, and policies in their card transactions.

11 Merchant Collusion
The merchant participated in fraudulent, collusive activity.

12 PCI-DSS Non-compliance
The merchant failed to comply with Payment Card Industry Data Security Standard (PCI-DSS)  requirements. These requirements make a big difference in ensuring safe and secure transactions for consumers.

13 Illegal Transactions
The merchant engaged in illegal transactions at their business.

14 Identity Theft
The acquiring bank believes that the identity of the listed merchant or its principal owner(s) was unlawfully assumed for the purpose of unlawfully entering into a merchant agreement.

Now that you know the MATCH list reason codes, how can you avoid the MATCH list?

How can you avoid the MATCH list?

As you’ve seen, the MATCH list is not a good place for your company to be. Avoiding it should be a high business priority for you. The best way to avoid the MATCH list is to adhere to all standards and regulations when it comes to processing card transactions. Next, you should monitor and maintain low chargeback and fraud ratios. A chargeback ratio to have as a goal is anything under 0.9%, which equates to just under one chargeback per 100 charges. When your company’s chargeback ratio creeps above this, your risk as a business increases, thereby making your business more susceptible to being placed on the MATCH list. However, by following best practices, even those businesses whose business model carries more risk can avoid the MATCH list.

It’s important to make sure that you’re also staying PCI-DSS compliant. This ensures that you’re taking credit card and debit card payments in the most secure manner possible.

Now, let’s say you find your business on the MATCH list for any of the listed reasons. How do you get off the list? Let’s take a look.

How do you get off the MATCH list?

When it comes to being placed on the MATCH list, you may not know your business is on the list until you apply for a merchant account and are denied. If you find your business on the list, there are three ways you can get off the MATCH list:

  1. The incident that placed you on the list ages off after five years (SRP Rule 11.2.6). Like this sounds, it’s essentially a waiting game until the incident that placed your business on the list expires. But it’s important to make sure you comply with all the other regulations to ensure you don’t get MATCH-listed for another reason.
  2. You got added to the list by mistake (SRP Rule 11.4). Sometimes, your company ends up on the MATCH list by mistake. If you think this is a possibility, you’ll have to work with the acquiring bank who added you to the list in order to get your business off the list. Generally, you’ll have to present your case and why you think you were wrongly added.
  3. You got added to the list because of PCI non-compliance, but you’re now compliant (SRP Rule 11.4). Typically, you’ll work with your acquirer to report your compliance. However, you can also reach out to Mastercard directly and provide the right documentation to prove your compliance. The most important thing is a letter or certificate of validation from a Mastercard-certified forensic examiner. See Rule 11.4 for more information.

As you can see, the MATCH list is not where you want to find your business. Being on the list can affect your ability to do business, including limiting your ability to take payments and process credit and debit card transactions. If you do find yourself on the list, don’t panic. Some processing providers will still work with high-risk merchants. However, it’s best to ensure your business stays off the list entirely.


Ready to work with a payment processor who can help?

Heartland is the point of sale, payments and payroll solution of choice for entrepreneurs that need human-centered technology to sell more, keep customers coming back and spend less time in the back office. Nearly 1,000,000 businesses trust us to guide them through market changes and technology challenges, so they can stay competitive and focus on building remarkable businesses instead of managing the daily grind. Learn more at heartland.us.