If you’re a merchant that accepts Mastercard, you need to understand how Mastercard’s chargeback monitoring program and fraud reporting work, and how your business measures up to increasingly stringent ratios.
Mastercard is the second largest payment provider in the world, and they take fraud and chargebacks seriously to protect their clients and their business. The Mastercard Excessive Chargeback Program (ECP) and Excessive Fraud Merchant Program (EFM) are in place to not only monitor fraud and chargeback patterns, but to enforce merchant compliance, ensuring that their customers are able to make purchases and complete transactions safely and securely.
Understanding these programs is an important task for any merchant that accepts Mastercard as a payment method. Merchants that fail to monitor their chargeback and fraud rates risk penalization—a difficult task considering thresholds are getting more stringent while chargebacks and fraud are on the rise.
In this article, we’ll be covering how the Mastercard Fraud Monitoring Programs (MFMP and EFM) and Mastercard Chargeback Monitoring Program work, what thresholds they have for merchants, and how merchants can keep rates low through best practices and chargeback prevention tools like Sift.
What is the Mastercard Fraud Monitoring Program (MFMP)?
The MFMP is a global initiative designed to identify and manage merchants exhibiting excessive levels of fraudulent activity and unauthorized transactions. Its purpose is to protect the integrity of the Mastercard network by ensuring merchants adhere to established fraud prevention standards.
Mastercard calculates merchant fraud using the equation:
(Fraud rate = (Number of Fraudulent Chargebacks / Total Transactions) x 100)
If the fraud rate passes a certain threshold, the merchant is included in the MFMP, and if the rate becomes severe enough, the EFM.
Note: This equation is calculated monthly based on the disputes from the current month divided by the total transaction from the prior month. It’s important to understand that other card providers perform this calculation differently.
Once a merchant is flagged for inclusion in the MFMP, they are subject to stricter monitoring and required to implement corrective actions. This can include improving their fraud detection systems or transaction security measures. Failure to improve this rate can result in increased fees or even termination of the ability to process Mastercard transactions.
What is the Excessive Fraud Merchant Program (EFM)?
The EFM is similar to the MFMP, but for more severe merchant fraud rates. It’s intended to provide further scrutiny for high-risk merchants who are not meeting Mastercard’s fraud prevention standards. It includes higher penalties, fines, and potential suspension of transaction privileges.
The key differences between the MFMP and the EFM are:
- Degree of focus for transactions
- Threshold breach percentage. The MFMP is for merchants with a 0.9% fraud-to-sales ratio, while the EFM is for merchants with a 1.5% ratio.
- Penalty severity
- Program duration. MFMP stipulates a one to three month monitoring period while the EFM is extended until corrective actions are implemented or the merchant is dropped from Mastercard.
What Triggers Inclusion in the Fraud Monitoring Program?
Merchants are included in Mastercard’s fraud monitoring programs if:
- They exceed fraud-to-sales thresholds of 0.9% (MFMP) or 1.5% (EFM) or if they experience more than $50,000 worth of fraud volume in a single month.
- If the merchant processes a high number of fraudulent transactions. This can occur even if the fraud-to-sales ratio is not breached and is common in industries with high-volume, low-value transactions.
When a merchant exceeds the defined thresholds, they are flagged by Mastercard for increased monitoring or additional fees over a certain duration of time. For the MFMP, the monitoring period typically lasts between 30 and 90 days, during which the merchant can attempt to lower their fraud-to-sales ratio to leave the program. If the merchant fails to take effective corrective action, they can be subject to further fees and increased monitoring.
What are the Mastercard Chargeback Monitoring Programs (ECP/ECMP)?
The Mastercard Chargeback Monitoring Program, which includes both the Excessive Chargeback Program (ECP) and the Excessive Chargeback Merchant Program (ECMP), are designed to monitor and address merchants with high chargeback rates. These programs are designed to help merchants maintain fair and secure transaction practices to protect both consumers and the Mastercard system’s integrity.
What Are the ECP and ECMP?
- Excessive Chargeback Program (ECP): The ECP is a program that goes into effect when a merchant exceeds chargeback thresholds, indicating a high number of consumer-disputed transactions or high levels of first-party fraud.
- Excessive Chargeback Merchant Program (ECMP): The ECMP is a program where merchants face more severe scrutiny. The risk of fines, increased fees, or even termination from the Mastercard network is greater, and merchants are expected to actively improve their chargeback situation.
Key Mastercard Chargeback Thresholds
- Chargeback Ratio: The standard Mastercard chargeback ratio is the number of chargebacks compared to the number of total transactions. If this number exceeds 1.0%, the merchant is flagged for inclusion in the ECP.
- Chargeback Volume: Similar to the fraud monitoring program, if a merchant experiences a high volume of chargebacks (typically 100 chargebacks per month) or exceeds a $50,000 threshold in chargebacks, they are subject to inclusion in the ECP.
- ECMP Thresholds: Merchants with chargeback ratios that exceed 1.5% are moved to the Excessive Chargeback Merchant Program (ECMP), where they face stricter penalties and longer monitoring periods.
Consequences of Exceeding Chargeback Limits
- Fines and Penalties: Merchants may be required to pay penalties if their chargeback rates remain above the acceptable thresholds.
- Increased Fees: High chargeback merchants often face increased fees, which can be substantial, adding to the cost of doing business.
- Termination of Payment Processing: In extreme cases, merchants who fail to reduce their chargeback rates may have their ability to process Mastercard transactions revoked.
Timeline for Resolution or Reduction
After a merchant is placed in the ECP or ECMP for a set monitoring period, during which they must attempt to lower their chargeback rates.
Corrective action, such as implementing a payment protection solution like Sift, is strongly recommended. A merchant is also advised to take practical action to slow chargeback rates, such as improving customer service and offering clearer billing descriptions. If the merchant reduces their chargeback ratio to an acceptable level, they can be removed from the monitoring programs.
Mastercard Chargeback Time Limit and Reporting Rules
Chargebacks are typically subject to time limits, during which a merchant can gather evidence to prove that a transaction was legitimate and that service or products were rendered. One of the most effective ways to approach this concept is with a payment protection platform.
Sift, for example, helps streamline the dispute resolution process by putting all dispute operations on one console so a merchant can make data-driven decisions and build a case quickly and effectively. The Sift Platform also uses a Global Data Network to flag users who have high numbers of chargebacks or are making transactions in other suspicious ways, such as from multiple IP addresses or with unusual spending patterns.
The standard time limit for Mastercard customers to file chargebacks is 120 days from the transaction date. This time period may vary slightly depending on the reason for the chargeback. This time period is also applicable to customers who discover their card has been used without their authorization.
For merchants, the response time once a chargeback has been filed is just 45 days. During this time, the merchant should collect evidence to prove the transaction was legitimate and that services were rendered or products delivered. If the merchant exceeds the 45 days, the chargeback may automatically be upheld.
How to Reduce Fraud and Chargebacks
The easiest way to avoid entry into the Mastercard fraud and chargeback programs is to be proactive and utilize payment protection platforms. These services flag users during the transaction process if they present a pattern of suspicious activity or fraudulent history. Sift flags users based on 16 thousand signals and with AI-powered decisioning, preventing a potential chargeback, first-party fraudster, or standard fraudulent transaction before it can affect your bottom line, ratios, and reputation.
Besides enrolling in Sift, merchants with high fraud or chargeback ratios should:
- Use AVS/CVV verification: Address verification and card verification systems are an effective way to determine if the cardholder is who they say they are.
- Monitor unusual spending patterns: If a user is making several purchases quickly, random large purchases, or exhibit other strange purchasing behavior, a merchant should exercise extra caution. Sift makes this step easier through the Global Data Network and Clearbox Decisioning, where a merchant can understand why a user is flagged and adjust risk thresholds to meet their own industry and business needs.
- Improve customer service: Chargebacks are increasingly common, with Sift recording a nearly 80% increase in the average dispute rate YoY in Q3 2024. This can indicate a rise in first-party fraud, but also shows that more customers feel chargebacks are more convenient than settling with the merchant. Good customer service, clear communication, and speedy dispute resolution not only encourages legitimate customers to work with you, but also inspires loyalty.
- Educate staff and customers about fraud: Learning how to identify phishing attempts, secure transaction portals, and how to use 2FA, and password best practices are all great ways to show your users you care about their well-being while cutting fraud down. Consider using your blog as a platform for this or simply include messaging on password and transaction pages.
Mastercard’s Thresholds Encourage Honest, Safe Merchants
While Mastercard’s chargeback and fraud monitoring programs incorporate penalties, they are primarily in place to offer protection to your business and customers. If your business is flagged, there are actionable, reasonable steps you can take to leave the program, meaning that a flagging is less punishment and more warning. Fraud is growing every year, and not having a clear read on your fraud and chargeback ratios can severely damage your business, users, reputation, and bottom line.
A good first step when preparing prevention measures is to incorporate a service like Sift. Sift has industry-leading fraud detection and chargeback prevention, but what sets us apart is our transparent approach to decisioning. When a user is flagged, Sift tells you why with data collected from every industry and across the globe, allowing you to make your own conclusions, set risk thresholds, create workflows specific to your business, and make unparalleled, data-driven insights.
Mastercard’s fraud and chargeback monitoring programs are here to help your business attract loyal customers and protect them, and when paired with a payment protection platform, actually increases your growth. If you’re curious about Sift and want to learn more, schedule a free demo today.
Take Control of Your Chargebacks
Flag suspicious users and stop chargeback fraud in its tracks.