Understanding the MATCH List: The Merchant Blacklist That Can End Your Payment Processing
Introduction: The Silent Barrier in Merchant Processing
In the payment ecosystem, reputation is currency — and nothing tarnishes it faster than being placed on the MATCH list. For many merchants, the term appears suddenly during a declined onboarding or a terminated account notice from their acquirer. Often, it’s the first time they’ve heard of it — and by then, the damage is already done.
The Mastercard MATCH List (formerly known as the Terminated Merchant File, or TMF) is a global database that tracks merchants whose accounts have been terminated for reasons ranging from fraud and excessive chargebacks to non-compliance and security breaches.
If your name — or your company’s — appears on it, most banks and payment processors will instantly reject your application.
This guide dives deep into what the MATCH List is, why it exists, how it impacts your business, and — most importantly — what you can do to avoid, dispute, or recover from it.
1. What Is the Merchant Account MATCH List?
The MATCH (Member Alert to Control High-Risk Merchants) list is a Mastercard-maintained database used by acquiring banks to identify merchants with a history of risky or non-compliant behavior.
It serves as a shared intelligence tool across acquirers, helping them make informed risk decisions before onboarding new merchants.
Originally called the Terminated Merchant File (TMF), it was developed in the early 1990s to reduce systemic fraud and financial exposure in the card ecosystem. Today, it’s integral to the global payment compliance and risk management network, connecting Visa, Mastercard, Amex, and Discover ecosystems through shared due diligence data.
Why the MATCH/TMF Database Exists
To Protect the Card Network: It prevents repeat offenders from hopping between acquirers under new names.
To Maintain Regulatory Compliance: Acquirers are mandated to report risky or fraudulent merchants under Mastercard’s Security Rules and Procedures.
To Promote Market Integrity: It ensures fair competition by discouraging fraudulent operations or data breaches that harm consumers.
2. Reasons for MATCH Listing
When an acquirer terminates a merchant account for specific reasons, they are obliged under Mastercard rules to register the merchant on the MATCH List with a specific reason code.
Here’s a structured view of the primary MATCH reason codes, their definitions, and examples:
Code
Reason for Listing
Example Scenario
01
Account Data Compromise
Merchant’s payment database hacked, exposing cardholder data.
02
Common Point of Purchase (CPP)
Fraudulent activity traced back to the merchant.
03
Laundering
Processing transactions for third parties through your MID.
04
Excessive Chargebacks
Chargeback ratio exceeds 1% threshold consistently.
05
Excessive Fraud
High volume of fraud-to-sale ratio detected.
06
Card Testing
Use of the site for validating stolen card data.
07
Fraudulent Activity
Intentional deception to gain financial benefit.
08
Merchant Collusion
Conspiring with cardholders to defraud acquirers.
09
PCI DSS Non-Compliance
Failure to maintain security certification or audit.
10
Illegal Transactions
Offering services or products prohibited by law.
11
Identity Theft
Merchant account opened under false credentials.
Comparison: MATCH Codes vs. Chargeback Reason Codes
Aspect
MATCH Codes
Chargeback Codes
Purpose
Merchant-level termination record
Transaction-level dispute code
Scope
Applies to merchant as a whole
Applies to a single transaction
Duration
5 years on file
Single incident per cardholder
Issuer/Authority
Mastercard (acquirer-reported)
Issuer bank (cardholder-reported)
Impact
Affects merchant’s ability to get accounts
Affects specific sale/refund
3. How MATCH Is Used by Acquirers and PSPs
Acquirer Responsibilities
Under Mastercard’s Security Rules and Procedures, acquiring banks must:
Report terminated merchants within five business days.
Check every new merchant application against the MATCH list before onboarding.
Maintain audit trails for inclusion and removal actions.
This is not optional — failing to report a qualified merchant can lead to acquirer fines or suspension from Mastercard’s network.
Impact Across Card Networks
Although maintained by Mastercard, the MATCH list influences all major card networks:
Visa refers to it during its VFMP (Visa Fraud Monitoring Program)
Amex and Discover use equivalent internal watchlists but cross-check high-risk entities.
Global PSPs (like Stripe, Adyen, or Worldpay) have internal systems that sync MATCH/TMF data with AI-driven risk scoring tools.
Anecdotal Case Example
A digital subscription merchant in the adult industry was terminated due to excessive chargebacks. Within 24 hours, his profile appeared on MATCH under Code 04. When he reapplied with another acquirer in Singapore, his application was auto-rejected — not because the PSP had prior dealings with him, but because the MATCH flag propagated through Mastercard’s database.
4. Consequences of Being on the MATCH List
The immediate effects can be devastating — but the long-term implications go even deeper.
Short-Term Impact
Processing Suspension: Immediate termination of active merchant accounts.
Fund Holds: Acquirers often freeze settlements for 180 days or longer.
Loss of Payment Gateway: PSPs integrated with card networks revoke MID access.
Long-Term Impact
Inability to Reapply with Major Acquirers: Most Tier-1 banks won’t onboard MATCHed merchants.
Higher Fees with Offshore Processors: High-risk providers charge up to 10–12% MDR plus reserves.
Brand Damage: Reputation risk among affiliates, partners, and investors.
Regulatory Scrutiny: Increased monitoring of connected entities or related companies.
Industry Voice
“Being MATCHed isn’t a death sentence, but it’s a massive credibility hit. Recovery is possible — but it takes transparency, documentation, and time.”
— Eric M., Senior Risk Analyst, Global PSP Network
5. Removal and Remediation
Merchants are automatically delisted after 5 years, provided no further violations occur.
If a merchant is incorrectly added:
Contact the reporting acquirer immediately.
Provide documentation disproving the listing reason.
If unresolved, escalate to Mastercard’s Merchant Registration Team.
PCI DSS Compliance Remediation
For Code 09 (PCI non-compliance), once the merchant becomes PCI certified, they can request acquirer confirmation for delisting.
Step-by-Step Checklist for Disputing Inclusion
Step
Action
Details
1
Identify Reporting Acquirer
Request official MATCH notice with reason code.
2
Gather Evidence
Transaction logs, PCI certificates, legal documents.
3
Draft Dispute Letter
Formal request citing Mastercard Rule 11.1.2 compliance.
4
Submit to Acquirer
Include supporting evidence; maintain copies.
5
Await Review
Usually 30–90 days for acquirer or Mastercard response.
6
Confirm Resolution
Obtain written confirmation if delisted.
6. Prevention Strategies: Staying Off the MATCH List
1. Data-Driven Risk Monitoring
Use fraud analytics tools (like Sift, or Riskified) to monitor patterns in transactions, IPs, and chargeback velocity.
2. Chargeback Alerts and Dispute Prevention
Integrate Ethoca Alerts or Verifi CDRN to resolve cardholder disputes before they escalate to chargebacks.
3. Proactive Compliance
Conduct quarterly PCI DSS audits.
Maintain KYC/KYB verification for affiliates and resellers.
Keep billing descriptors clear and recognizable.
4. Regional Strategies
EU Merchants: Follow PSD2 and GDPR guidelines for data retention and SCA.
US Merchants: Ensure FTC and State-level compliance for product claims.
Asia-Pacific Merchants: Implement real-name authentication and AML screening for cross-border payments.
Visual Tip (for infographic):
A flowchart illustrating “Early Warning to MATCH Inclusion” helps merchants understand the risk escalation stages — from disputes → chargeback → acquirer monitoring → termination → MATCH flagging.
7. Industry Trends and Risk Mitigation Tools
Evolution in Due Diligence
Acquirers are increasingly using AI-driven merchant scoring systems, combining transaction behavior, social presence, and previous PSP records.
Tech Tools for MATCH Avoidance
Tool
Functionality
Chargebacks911
End-to-end chargeback mitigation
Verifi
Real-time dispute alerts
Sift Science
Behavioral risk scoring for payments
Fraud.net
AI consortium for cross-platform risk sharing
Fintech Innovations
Blockchain-based risk registries may soon offer decentralized transparency for merchant histories.
Open Banking data is helping acquirers assess merchants beyond card-based signals, reducing false positives.
8. Success Stories and Recovery Insights
Case Study: A High-Risk Merchant Rebuilds Trust
A CBD product seller was MATCHed under Code 04 for “excessive chargebacks.” By overhauling refund policies, improving descriptor clarity, and integrating Ethoca alerts, chargebacks dropped by 70% within 6 months. After continuous compliance reports, the merchant successfully secured processing through a high-risk acquirer in 14 months.
“Transparency, proper documentation, and proactive engagement with acquirers are your best assets post-MATCH.”
9. FAQs: Merchant MATCH List Explained
Q1. Can I check if I’m on the MATCH List myself?
No. Only acquirers can access it. You must request confirmation from the acquiring bank that terminated your account.
Q2. How long does a MATCH listing last?
Five years, unless removed earlier by the reporting acquirer or Mastercard.
Q3. Can another processor remove me instantly?
No legitimate processor can. Only the original reporting acquirer can request delisting.
Q4. Is MATCH the same as Visa’s Terminated Merchant File?
MATCH replaced TMF, but Visa and other networks have their own equivalent risk databases.
Q5. Can I still process payments while on the MATCH List?
Yes, but only with offshore or high-risk acquirers, often with higher fees and stricter rolling reserves.
Q6. Does being MATCHed affect personal credit?
No, but it impacts your merchant reputation and future business credibility.
Q7. How can I reduce chargebacks to avoid being MATCHed?
Use clear descriptors, timely refunds, transparent billing, and implement dispute alerts.
Q8. What documents are needed to dispute a MATCH entry?
Legal identity proofs, PCI compliance certificates, transaction reports, and a formal letter to the acquirer.
Q9. Can a company related to a MATCHed entity apply for a new MID?
Not without disclosure — acquirers often cross-reference directors and business registration data.
10. Key Takeaways for Merchants
Proactive compliance beats post-crisis remediation.
Document everything. The cleaner your audit trail, the faster your recovery.
Invest in real-time risk tools to monitor and prevent early red flags.
Maintain transparent communication with acquirers and partners.
Regularly train teams in chargeback and fraud detection best practices.
Conclusion: Reputation Is Recoverable — But It Takes Strategy
The Mastercard MATCH list is not designed to punish merchants — it’s built to protect the integrity of the global payments system.
However, for merchants caught in its net, the consequences can be existential.
Understanding why MATCH exists, how it’s used, and how to proactively manage your risk exposure is crucial for long-term survival in the fintech and payment ecosystem.
For those already listed, structured remediation, data transparency, and continuous compliance are the only reliable paths to redemption.
Because in payment processing, trust isn’t permanent — it’s something you rebuild, transaction by transaction.
