MATCH List (Member Alert to Control High-Risk)

MATCH List (Member Alert to Control High-Risk Merchants) is a confidential database maintained by Mastercard that allows acquiring institutions to report and screen merchants who have been terminated for serious risk-related violations. Before onboarding a new merchant, acquirers check this database to identify businesses with a history of fraud, excessive chargebacks, or other compliance failures.

‍

‍

‍

Why MATCH List Screening Matters

‍

MATCH List screening addresses a fundamental vulnerability in the payments ecosystem: merchant mobility. Without a shared alert system, high-risk merchants can cycle between acquirers, exploiting information asymmetry to continue risky or prohibited activities.

‍

Key challenges include:

‍

• Information asymmetry: Individual acquirers only see the termination history of merchants they directly serviced. Without MATCH, a merchant terminated by one provider could immediately apply to another with a clean slate.

‍

• Velocity risk: Merchants who operate businesses with high fraud risk or chargeback rates can inflict significant losses quickly. By the time a new acquirer identifies the issue, substantial damage may already be done.

‍

• Regulatory exposure: Acquiring banks face scrutiny from card schemes and regulators if they onboard merchants with undisclosed prior terminations. MATCH queries are considered a baseline due diligence step.

‍

• Reputational and financial liability: Acquirers who onboard MATCH-listed merchants without proper risk controls may inherit chargeback liability, scheme fines, or reputational harm if the merchant repeats violations.

‍

We see MATCH screening as a critical first line of defense, but not a complete solution. Many risk teams treat a MATCH hit as a red flag requiring deeper investigation rather than an automatic disqualifier.

‍

‍

‍

How to Implement Effective MATCH List Screening

‍

Best practices for integrating MATCH into your merchant onboarding workflow:

‍

1. Query MATCH before decisioning: Run the MATCH check early in the application process, ideally before dedicating significant underwriting resources. This prevents wasted effort on merchants with disqualifying histories.

‍

2. Analyze reason codes contextually: MATCH entries include one of 14 reason codes (e.g., Code 01 for account data compromise, Code 04 for excessive chargebacks, Code 12 for PCI non-compliance). Different codes carry different risk profiles. A Code 04 merchant may warrant onboarding under strict chargeback monitoring, whereas a Code 10 (violation of standards) may signal deeper compliance failures.

‍

3. Verify principal and entity details: MATCH matches are based on tax identification numbers, business names, and principal identities. We recommend cross-referencing MATCH results against your Know Your Business (KYB) and Ultimate Beneficial Owner (UBO) checks to ensure you have identified all relevant parties. Principals may attempt to establish new entities to evade MATCH listings.

‍

4. Establish clear escalation protocols: Define which MATCH reason codes trigger automatic decline versus escalation to senior risk review. Some acquirers decline all MATCH hits; others assess on a case-by-case basis depending on reason code, time elapsed, and mitigation measures. When working with referral partners or independent sales organizations (ISOs), a robust partner oversight framework ensures that third parties understand and enforce your MATCH screening requirements consistently.

‍

5. Document decisions and rationale: If you choose to onboard a MATCH-listed merchant, document the business justification, enhanced controls, and ongoing monitoring plan. This documentation becomes critical during audits or if the merchant defaults again.

‍

‍

‍

MATCH List in Practice

‍

A marketplace aggregator applies to a payment facilitator (PayFac) for merchant processing services. During merchant underwriting, the PayFac runs a MATCH query and identifies a hit under reason code 04 (excessive chargebacks). The hit shows the merchant's previous acquirer terminated the relationship 18 months ago.

‍

The PayFac's risk team investigates further. They discover the merchant had a chargeback rate exceeding 2% across six consecutive months due to unclear product descriptions and delayed shipping. The merchant has since implemented clearer refund policies, upgraded fulfillment partners, and brought chargeback rates below 0.5% with another processor (evidenced by recent processing statements).

‍

The PayFac decides to onboard the merchant under enhanced controls: a 10% rolling reserve held for 180 days, a $50,000 monthly processing cap for the first six months, mandatory use of 3D Secure authentication on card-not-present transactions, and weekly chargeback rate monitoring. This conditional approval mitigates risk while allowing the merchant a second opportunity under strict oversight.

‍

‍

‍

Strategic Context: The Limitations and Gaps of MATCH

‍

While MATCH is a widely used tool, it has structural limitations that risk teams should account for:

‍

• Five-year expiration: MATCH entries remain active for five years from the date of entry, then automatically drop off. A merchant terminated for fraud in 2020 will have a clean MATCH record in 2026, regardless of whether the underlying risk has been resolved. This makes continuous merchant monitoring essential, as initial screening alone cannot capture changes in merchant behavior or emerging risks over time.

‍

• Incomplete coverage: MATCH only captures terminations reported by Mastercard-affiliated acquirers. Merchants terminated by acquirers in other card networks (Visa has a similar system called the Visa Risk Identification Service, or VRIS) may not appear in MATCH. Cross-network screening requires multiple queries.

‍

• Voluntary reporting: While card scheme rules encourage MATCH reporting for certain violations, enforcement varies. Some acquirers under-report to avoid administrative burden, leaving gaps in the shared intelligence layer.

‍

• Principal name variations: MATCH matches rely on accurate identification. Principals who use name variations, middle initials, or omit information may evade detection. Acquirers should validate principal identities using government-issued identification and cross-reference against multiple databases.

‍

We recommend layering MATCH screening with other signals: business credit reports, litigation searches, negative news checks, and analysis of the merchant's online presence. MATCH is a starting point, not a comprehensive risk profile. For more technical detail on MATCH reason codes and card scheme reporting requirements, refer to the Mastercard Security Rules and Procedures.

‍