The payment landscape is currently going through some changes in how trust is managed at the merchant level. Mastercard's recent requirements for its Merchant Monitoring Program (MMP), specifically concerning scam merchants, represent a shift from retrospective punishment to active, real-time hygiene.
Mastercard is updating its mandatory scam merchant monitoring effective July 2026. The revised Standards clarify and enhance existing requirements for acquirers and payment facilitators to conduct ongoing merchant monitoring to detect fraudulent activity, taking a proactive approach to identifying and removing scam merchants from the Mastercard network.
For issuers and card operations teams, understanding these changes is important as they are central to managing fraud and dispute operations.
The threshold & time rule
Under the revised Standards, Mastercard now defines a set of conditions that identify potential scam merchant activity. If a merchant, or sponsored merchant, meets any one of these triggers, the acquirer or payment facilitator must initiate an investigation within 72 hours. Among these indicators, Mastercard has introduced tighter scrutiny for merchants, particularly those with less than six months of tenure. If a merchant's refunds and chargebacks exceed 5% of their total purchase transactions (with a minimum of 500 transactions), they are now being closely monitored.
Another signal targets merchants requesting multiple acceptor identifiers (MIDs) from their acquirer. Requests for multiple MIDs could indicate potential scam merchant activity. Mastercard recommends that an acquirer assign multiple acceptor IDs to a card-not-present merchant only when needed for a legitimate business reason.
Once flagged, acquirers or payment facilitators must investigate and provide a resolution within a three-day window. If the merchant or sponsored merchant is confirmed to be a scam, the acquirer or payment facilitator must immediately block transaction authorisation (and if applicable, clearing) services to that merchant.
What this means for issuers
- Cleaner ecosystems: While the direct requirement to investigate and block scam merchants falls on acquirers and payment facilitators, the overall objective of these revised Standards is to enhance fraud prevention. This benefits issuers by reducing their exposure to scam-related fraud and associated chargebacks.
- Reporting mechanism: Issuers may use the fraud subtype code and reason code 56 (Manipulation of Cardholder), when reporting such scam-related fraudulent transactions to the Fraud and Loss Database (FLD).
- Trigger for acquirer investigation: An acquirer or payment facilitator must initiate an investigation if at least two issuers report a transaction as a scam through FLD reporting.
- Broader scope of enforcement: The revised Standards explicitly extend responsibilities to payment facilitators and cover sponsored merchants, not only direct merchant relationships. This means the monitoring net is wider, and issuers can expect faster action across a broader range of merchant types.
The goal of these mandates is to ensure that the payment network remains a safe environment. For those of us in payment operations, the challenge lies in staying ahead of these rapidly evolving rules.
Proactive rule change monitoring
Staying informed is the first step toward operational resilience.
Whether it’s staying on top of the latest payment network requirements or streamlining your dispute process, Rivero provides the infrastructure you need to turn regulatory challenges into operational advantages.