What Is the MATCH List and Terminated Merchant File (TMF)?

The MATCH list (previously referred to as the Terminated Merchant File or TMF) is a database identifying merchants who have had their payment processing privileges revoked by an acquiring bank or processor. Processors often use the MATCH system — or Mastercard® Alert to Control High-Risk Merchants — to determine if a merchant account application should be approved or denied.

NOTE: Because inclusion on the MATCH list indicates undesirable business practices have taken place, it may be difficult to regain payment processing capabilities after they’ve been revoked. 

If you’ve been added to the MATCH list because of excessive chargebacks, Midigator® can help. Contact our team of experts today so we can learn more about your situation and provide suggestions on how to overcome this challenge.

In this detailed guide, we’ll help you understand what the MATCH list is, how it works, how to avoid getting on the MATCH list, and what to do if your business is listed.

Why Are Merchants on the MATCH List?

Your business may be listed on MATCH if it poses a risk to a card brand (Mastercard, Visa®, etc.) or acquirer based on a specific list of reasons. 

To remain compliant with card brand requirements, an acquirer must add your business to the MATCH list within five days of terminating your merchant service agreement due to confirmation or suspicion of:

  • Excessive chargebacks
  • Excessive acceptance of unauthorized or counterfeit transactions
  • Money laundering
  • Fraudulent activity
  • Selling products that don’t comply with the acquirer’s requirements or that aren’t included in the merchant agreement
  • Making unauthorized changes to the website or sales method(s)

How Do Acquirers Use the MATCH System?

Acquirers and processors are asked to use the MATCH system in the following ways:

  1. Add information about terminated merchants when circumstances exist
  2. Check against the MATCH list before signing a merchant agreement

Participation in MATCH is mandatory, so every acquirer participating in the Mastercard card network is expected to comply with the Mastercard standards. Non-compliance can lead to assessments and penalties.

NOTE: Even though MATCH is a Mastercard-managed system, the database can impact processing abilities for all card brands. When an acquirer or processor reviews a merchant account application (a process referred to as underwriting), you are usually approved or denied the ability to process transactions from multiple card brands. Underwriting is very rarely, if ever, applicable to just one card brand. So even if you technically only violated Mastercard standards, you may also be denied the ability to process Visa transactions.

Mastercard forbids acquirers from using or threatening to use the MATCH list as a penalty for minor discretionary activity. In other words, your business can’t be listed on MATCH for anything other than activity that fits one of the MATCH reason codes listed below.

Because MATCH is an evolution of the Terminated Merchant File, the MATCH database itself is more comprehensive than its previous iteration. This makes it easy for acquirers to determine if your business is present on the MATCH list and, if so, understand exactly why it is.

What Are MATCH List Reason Codes?

MATCH reason codes specify the violation that has occurred and why you were added to the MATCH list.

Two conditions must exist for your business to appear on the MATCH list:

  1. The acquirer must act to terminate its relationship with you, and
  2. At the time of termination, the acquirer has reason to believe that a condition described in one of the MATCH reason codes exists.

A WORD OF WARNING: MATCH reason codes are not the same as chargeback reason codes. A MATCH list reason code refers only to criteria for a merchant being added to the MATCH database.

Learn more about chargeback reason codes here: Chargeback Reason Codes: List & Tips for Merchants

MATCH reason codes help acquirers and processors determine if and when your business should be submitted to the MATCH list. They also prevent acquirers from threatening or punishing merchants with inclusion on the MATCH list for inaccurate or unjustifiable reasons.

MATCH Reason Code List

When an acquirer lists a merchant on MATCH, it must also specify the relevant reason for doing so. The MATCH list reason codes are as follows:

REASON CODE 01:
Account Data Compromise

An acquirer may cite reason code 01 if an incident occurs in which a customer’s account data is accessed without authorization. 

Even though you, as the merchant, are also a victim of a security breach in this event, it’s your duty to protect your customer’s data and prevent it from being accessed or used by unauthorized third parties.

REASON CODE 02:
Common Point of Purchase (CPP)

Reason code 02 is cited if a customer’s account information is stolen from your business, then used to make fraudulent purchases at other locations.

REASON CODE 03:
Laundering

Acquirers may cite reason code 03 if they suspect or find you engaging in money laundering or transaction laundering.

Money laundering takes place if you record invalid transactions in which there is no genuine cardholder. Transaction laundering occurs when one business processes transactions on behalf of another, typically one engaging in restricted or illegal activities.

REASON CODE 04:
Excessive Chargebacks

Reason code 04 pertains to your chargeback-to-transaction ratio and is the most common reason for being MATCHed. 

Card brand definitions for “excessive” vary, but as an example, Mastercard requires acquirers to submit your business to MATCH if:

  • Your number of Mastercard chargebacks exceed 1% of Mastercard sales transactions in a single month, and
  • Those chargebacks total $5,000 or more.
REASON CODE 05:
Excessive Fraud

Reason code 05 is used if you’ve processed counterfeit or other fraudulent transactions meeting or exceeding the card brand’s established threshold. Mastercard stipulates the following:

  • A fraud-to-sales dollar volume ratio of 8% or greater in a calendar month, and
  • 10 or more fraudulent transactions totaling $5,000 or more in the same calendar month.
REASON CODE 07:
Fraud Conviction

Reason code 07 is used if an acquirer discovers that the principal owner or a partner in your business was convicted of criminal fraud.

REASON CODE 08:
Mastercard Questionable Merchant Audit Program

Reason code 08 relates to the Mastercard Questionable Merchant Audit Program. 

Mastercard’s QMAP holds merchants to a minimum standard of acceptable behavior. If Mastercard (or your acquirer or processor) suspects your business of collusive, fraudulent, or other inappropriate behavior, an investigation will be launched. If the investigation reveals your business is not meeting expected standards, you’ll be labeled a “questionable merchant.”

If your acquirer or processor decides to terminate your merchant account because of this new classification, MATCH list reason code 08 is used. 

You may be labeled a questionable merchant if you satisfy all of the following criteria:

  • Submitting at least $50,000 in transaction volume during the case scope period (the 120 days preceding the start of Mastercard’s investigation into your activities)
  • Submitting at least five transactions to one or more Mastercard acquirers during the case scope period
  • At least 50% of the transaction volume involves the use of cardholder bust-out accounts (credit card accounts taken out for the express purpose of deceiving an issuer into assuming the cardholder is legitimate, only for the cardholder to open more accounts and max out the combined credit limits without any intention of paying)

or at least three of the following four criteria that occur during the case scope period:

  1. Your fraud-to-sales transaction ratio meets or exceeds 70%
  2. At least 20% of your transactions submitted for authorization were declined by the issuer or received a response of “01: Refer to issuer” during the case scope period
  3. You have been submitting transactions for fewer than six months
  4. Your total number or total dollar amount of fraudulent transactions, authorization declines, and issuer referrals is greater than your total number or total dollar amount of approved transactions
REASON CODE 09:
Bankruptcy/Liquidation/Insolvency

Reason code 09 is used if your business is or likely to become unable to discharge its financial obligations through bankruptcy, liquidation, or insolvency.

REASON CODE 10:
Violation of Standards

An acquirer may list your business on MATCH using reason code 10 if you’re found to violate a card brand’s standards and regulations. Standards typically regulate actions such as:

  • Which cards you honor 
  • Whether or not you display the brand’s marks
  • How you charge your cardholders
  • If you set minimum or maximum transaction amounts
  • If certain transactions are prohibited
REASON CODE 11:
Merchant Collusion

Reason code 11 applies if your business is suspected of or found to be engaging in fraudulent collusive activity.

REASON CODE 12:
PCI Data Security Standard Noncompliance

MATCH reason code 12 pertains to Payment Card Industry Data Security Standards. Failing to adequately comply with PCI-DSS requirements may result in your business being listed on MATCH.

REASON CODE 13:
Illegal Transactions

Processing illegal transactions may result in your business being listed on MATCH with reason code 13. Illegal transactions may take place either knowingly — such as a merchant selling illicit drugs under the guise of a vitamin product — or unknowingly — such as unintentionally processing a transaction forbidden by law.

REASON CODE 14:
Identity Theft

MATCH reason code 14 is applicable if your acquirer suspects you or the business’s principal owner used a false identity for the purpose of obtaining a merchant agreement.

What Are the Consequences of Being on the MATCH List?

Your presence on MATCH indicates that an acquirer had good cause to terminate its merchant agreement with you. This negative reflection of your business could have consequences. 

Usually, the biggest drawback of MATCH is being labeled a “high risk” merchant. 

Some processors are willing to work with high-risk merchants, but not all will take on the extra liability. And even if a processor does offer high-risk merchant accounts, there is no guarantee that your business will be accepted. If your previous offenses are significant, you could struggle to find a processor willing to restore your payment processing privileges. 

If you are able to obtain a high-risk merchant account, you can expect challenges such as: 

  • A longer-term contract
  • Higher fees for setup, processing, chargebacks, early termination, etc.
  • Additional risk monitoring and chargeback management requirements
  • A reserve account

It’s important to remember the purpose of MATCH. The MATCH system exists to inform processors about the risk your business poses to their own. However, it doesn’t forbid a processor from working with you.

If you have been MATCHed, don’t despair. All hope is not lost! It’s possible to overcome the stigma of MATCH and have a thriving business. 

How Can You Get Off the MATCH List?

There are three ways to have your business removed from the MATCH list once it’s been added.

Automatic Removal

Mastercard automatically removes merchants from the MATCH list five years after a merchant’s most recent entry. This automatic removal process occurs monthly.

Errors

Mastercard doesn’t explicitly verify that the information submitted to MATCH is correct or accurate. However, Mastercard requires that acquiring banks act diligently, reasonably, and in good faith to remain compliant with MATCH standards.

Despite these requirements, you may still be added to the MATCH list in error. In such a case, you may need to contact the acquiring bank that added your business to inform them of the mistake. From there, they would evaluate the case to determine if the reason for your inclusion was legitimate or in error.

If your entry was found to be in error, the acquiring bank would then contact Mastercard to report its mistake and have your business removed from the MATCH database.

PCI-DSS Compliance

If your business was added to MATCH with reason code 12, you can seek removal from the database by becoming PCI-DSS compliant. After becoming compliant, the acquirer or processor that initially submitted your business to MATCH must provide Mastercard with an attestation that you are in compliance.

In addition to its acquirer ID number, the bank must also provide general information about your business, including:

  • Merchant number
  • Name
  • Address  
  • Information about the principal owner

Finally, the acquirer must obtain a certificate or letter of validation from a Mastercard-certified forensic examiner that certifies your business has become PCI-DSS compliant.

You’re not without recourse if the acquirer is unable or unwilling to submit a request for removal from MATCH on the grounds of your business becoming PCI-DSS compliant. In such an event, you’re entitled to submit the removal request directly to Mastercard through the same process (and with the same requirements).

How Can You Avoid the MATCH List?

No business wants to get listed on MATCH, especially given the length of time it takes to be removed from the database and the potential inability to process card transactions. Rather than relying on the unlikely and difficult circumstances required for removal from the MATCH list, it’s best to avoid getting listed altogether.

IMPORTANT NOTE: Though not all MATCH entries carry the same weight — and not all processors will automatically reject your merchant application simply for appearing on MATCH — inclusion on the MATCH list can complicate how your business operates and grows.

It’s impossible to completely avoid MATCH. However, you can limit your exposure to situations and factors that could result in a processor having a reason to report you to the system. This can be accomplished by implementing tools, strategies, and good business practices that mitigate your risk.

A high chargeback-to-transaction ratio is the most common reason for a merchant to be added to the MATCH list. Therefore, chargeback management should be a top priority for your business. 

We have several detailed guides that can help you prevent chargebacks and avoid threshold breaches.

LEARN MORE:

The following are some tips and techniques that can help prevent chargebacks — and avoid the MATCH list. 

  • Keep your product listings accurate and up-to-date
  • Establish clear expectations for your customers
  • Employ honest advertising and marketing practices
  • Adhere to region-specific laws and regulations
  • Use pre-sale tools like AVS and card security codes
  • Inform customers of pending and recurring transactions
  • Identify and follow up on suspicious orders
  • Provide timely, affordable, and accurate order delivery and fulfillment
  • Make customer-friendly policies easy to find
  • Use order validation tools and prevention alerts to resolve disputes quickly
  • Analyze data to identify and resolve chargeback trends
  • Offer accessible and responsive customer service

Embracing safe and secure business practices can help you avoid the MATCH list and limit the likelihood you fulfill any of its listing criteria.

Stay Off the MATCH List With Midigator

order-validation

Avoiding the MATCH list requires a proactive approach to prevent chargebacks, fraud, and other undesirable behaviors — which might seem like a daunting task.  Midigator is the number one provider of chargeback prevention services. We can help you reduce risk as part of an on-going effort to avoid — or rebound from — the MATCH list. 

Take a look at our chargeback prevention solutions. We have everything you need to achieve the best results possible with long-lasting success.

Ready to Start Preventing
& Fighting
Chargebacks?

analytics-imac

Set up your
demo experience.

analytics-imac@2x analytics-imac

Sign up for
news & updates.

Top