Beyond Compliance: Navigating Mastercard’s New Scam Merchant Monitoring Standards

Highlights: 

• Mastercard’s updated scam merchant monitoring standards mandate a 72-hour investigation window for acquirers, requiring a shift to proactive, near-real-time intervention.

• To maintain compliance and reduce fraud risk, organizations can leverage automated Fraud and Loss Database (FLD) monitoring and enhanced due diligence tools to verify new merchant risk.

The payments landscape is shifting. To combat the rise of sophisticated fraud, Mastercard recently announced revised Standards aimed at more efficiently identifying and removing scam merchants. The new standards mandate a faster, more rigorous investigation process for acquirers and payment facilitators to ensure the integrity of the payments ecosystem.

Effective July 24, 2026, Mastercard’s new scam merchant monitoring standards require acquirers and payment facilitators to move from reactive monitoring to proactive, near-real-time intervention.

The core of the revised guidance is the 72-hour mandate. Acquirers must now initiate a formal investigation within three days of a merchant meeting ‘potential scam merchant’ criteria. If a scam is confirmed, the acquirer must immediately terminate the merchant’s ability to process Mastercard or Maestro transactions.

For many organizations, the 72-hour window represents a significant operational challenge. Success requires more than just a manual check; it demands a synchronized data strategy that can flag anomalies the moment they surface.

Mastercard has tightened the definitions of high-risk activity, particularly for new merchants (defined as those with six months or less of history). An investigation is triggered if a merchant hits any of the following benchmarks:

• Sudden Performance Drops: A 50% drop in authorization approval rates or a fall below 30% over 72 hours (min. 25 transactions).

• New Merchant Volatility: For entities under six months old, receiving scam reports from two different issuers via the Fraud and Loss Database (FLD) or encountering chargebacks citing cardholder manipulation.

• Excessive Friction: More than 5% of purchase transactions resulting in refunds or chargebacks over a rolling 30-day period.

While the standards don't explicitly state whether Ethoca or Mastercard Collaboration-initiated refunds are excluded, until the standards clarify otherwise, they should be considered in calculations to ensure full compliance and a "safety-first" risk posture.

Mastercard’s updated focus targets specific, high-velocity fraud types that exploit consumer trust. Understanding these is the first step in building better predictive models: 

As these global standards take effect (covering all markets except Jordan), the need for robust, data-driven merchant lifecycle management has never been greater. Equifax serves as a critical thought partner and solution provider in several key areas:

• Daily FLD Monitoring & Automation: The mandate requires daily checks of the Fraud and Loss Database. Equifax can help automate these workflows, integrating alerts directly into your risk dashboard to help reduce the risk of merchant slips through the cracks.

• Enhanced Due Diligence for New Merchants: For retailers with less than six months in the marketplace who are under the microscope, our business and related entity and individual verification tools provide the granular detail needed to vet entities long before they hit the 72-hour investigation threshold.

• Mitigating Multiple Merchant ID (MIDs) Stuffing: Mastercard is rightly cautious about the misuse of MIDs. Equifax’s cross-linkage data helps acquirers identify when a single entity is artificially spreading volume across multiple MIDs to hide high chargeback rates.

Protecting the payment network is a collective responsibility. While Mastercard provides these new requirements, Equifax helps acquirers and payment facilitators in their compliance efforts. Using the Equifax suite of data-driven solutions, merchants can meet the 72-hour requirement with confidence, reducing fraud losses while maintaining a frictionless experience for their customers. As a long-standing partner in risk management, we are committed to helping our clients turn these new requirements into a competitive advantage through robust data insights and streamlined workflows.