The TMF Match List: Data Security

By now, theft has likely happened to you and everyone you know. Whether it has been a physical item, credit card, identity, password, or bank information, breaches happen all the time and are all too common. When it comes to credit cards or bank information, have protocols set in place for the individual when something like this happens, and money is relatively easy to recoup. However, when it comes to the business at the center of the breach, the consequences can be devastating. Keep reading to learn more about the importance of data security within your business and how to avoid getting placed on the TMF MATCH List.

What is the TMF Match List?

Mastercard created and manages the Member Alert to Control High-Risk Merchants list, more commonly known as the Mastercard MATCH list. It is a detailed electronic database of merchants Mastercard has determined to be high-risk. This list is accessible through Mastercard Connect, 7 days a week, 24 hours a day. In order to avoid partnering with merchants considered high-risk, banks and registered third-party processors screen merchants through the MATCH list. This is a quick way to verify whether a merchant has a history of poor business activities or has ever had their ability to process payments revoked. Financial institutions rely on this list to control the level of risk they expose themselves to when providing services to merchants. However, it is solely up to the financial institution whether or not it rejects an application based on the information found on the Mastercard MATCH list.

Consequences of the MATCH List

When you are placed on the MATCH List, several things happen, including:

• You will not be able to use your Merchant Account anymore.
• All of your business’s information will be on the MATCH List, including names of owners and principals, addresses, phone numbers, and much more.
• You will not be able to accept credit cards or process payments.
• Your business stays on the MATCH List for five years.
• You may have to start using a high-risk merchant processor, which can include very high fees and long contracts.

There is no easy way to talk your way out of getting off the MATCH List. This is because the processor who placed you on the MATCH List does not have the ability to take you off as quickly as they were able to put you on. Unless you have ironclad proof that you were placed on the list incorrectly, it is very difficult to be taken off early. Fortunately, you can get help from professionals, such as TFM Law.

Why Data Security is So Important

Data is a valuable asset for any business. As such, it is extremely important to protect your business’s assets and make sure you don’t have data breaches. Data breaches can lead to:

• Financial loss
• Poor reputation
• Loss of trust with customers
• Damage to branding
• Bad reviews
• Poor social media comments
• Being placed on the TMF MATCH List

Reason Code 1: Account Data Compromise

As the last bullet states, you can be placed on the TMF MATCH List for not protecting your business’s data. One of the ways you can be placed on the MATCH List is by Reason Code #1: Account Data Compromise. The reason code reads:

An occurrence that results, directly or indirectly, in the unauthorized access to or disclosure of Account data.

Reason Code 5: Excessive Fraud

Fraud can happen with any business to a reasonable extent. However, when a business engages in excessive fraud, that is when eyebrows start to raise for a processing company. As such, excessive fraud can land you on the TMF MATCH List by way of Reason Code #5, which reads:

The Merchant effected fraudulent Transactions of any type (counterfeit or otherwise) meeting or exceeding the following minimum reporting Standard: the Merchant’s fraud-to-sales dollar volume ratio was 8% or greater in a calendar month, and the Merchant effected 10 or more fraudulent Transactions totaling USD 5,000 or more in that calendar month.

Reason Code 12: PCI DSS Non-Compliance

According to Tokenex, the PCI DSS consists of 12 requirements or demands, each made up of several more specific, related controls for a grand total of more than 300 security checks. For example, PCI Requirement 1 covers the construction and maintenance of a secure network infrastructure. Meeting this overall requirement entails confirming the presence of properly secured firewalls, routers, and other applications to prevent unauthorized access to the cardholder data environment.

As such, if you do not meet these 12 requirements, you can be placed on the MATCH List.

The Merchant failed to comply with Payment Card Industry (PCI) Data Security Standard (DSS) requirements.

The twelve requirements fall into six categories. These include:

1. Build and Maintain a Secure Network and Systems.
2. Protect Cardholder Data.
3. Maintain a Vulnerability Management Program.
4. Implement Strong Access Control Measures.
5. Regularly Monitor Test Networks.
6. Maintain an Information Security Policy.

Reason Code 14: Identity Theft

Getting placed on the TMF MATCH List can also happen through absolutely no fault of your own, including through Reason Code #14: Identity Theft.

The Acquirer has reason to believe that the identity of the listed Merchant or its principal owner(s) was unlawfully assumed for the purpose of unlawfully entering into a Merchant Agreement.

Whether you stole an identity to open your merchant agreement or your identity was stolen to open a separate merchant agreement, you can be placed on the MATCH List.

How to Avoid The MATCH List

When it comes to data security, it is essential that you comply with PCI DSS and ensure that you do not have any data leaks. Not only will you have a great reputation and happy customers, but you will also be able to continue doing business without any bumps in the road.

What to Do If Placed on The MATCH List

If you have been placed on the MATCH List and can no longer use your merchant account, there are a few options available to you:

1. Call your processor and see why you were placed on the list. Processors are not quick to let you know that you’ve been placed on the list; therefore, it is important that you call and politely ask why you have been placed on the list and how you can rectify the situation.
2. Go with a high-risk merchant processor. If your processor will not remove you or give you much information, you can switch to a high-risk merchant processor. However, these processors take large fees that eat into your profits and get you stuck in long contracts that are tough to get out of.
3. Wait out the five-year period. If you are placed on the MATCH List, you will be removed after five years. This includes all your information, personal and business-related, and you can go back to conducting business as usual. However, this is very unrealistic for most, if not all, businesses.
4. Seek early removal. You do not have to risk losing your business by waiting the five-year period or signing up with an expensive, high-risk merchant. You can seek early removal with the help of merchant law professionals, such as the team at TFM Law.

Early MATCH List Removal with TFM Law

Ready to remove your business and personal information from the MATCH List and go back to business as usual? We can help you navigate the choppy waters known as the TMF Match List!

If you have found yourself on the Match List, we can help you. The Law Offices of Theodore Monroe focuses on litigation and counseling in the areas of payments, credit card processing, e-commerce, direct response marketing, and Federal Trade Commission enforcement. Last year the firm got 100% of the people who came to us off the MATCH list.

Theodore F. Monroe, Founder of TFM Law, has successfully:

• Represented merchants recovering funds from processors
• Structured processing relationships to comply with Card Brand requirements
• Drafted and negotiated contracts involving payment facilitators and ISOs
• Represented continuity merchants in compliance and litigation issues
• Fought for numerous companies in suits brought by the Federal Trade Commission and obtained excellent results for firms in the digital products, loan modification, government grant, and nutraceuticals industries

Before opening his firm, Mr. Monroe practiced law with Crosby, Heafey, Roach & May (now Reed Smith LLP) and Lewis, D’Amato, Brisbois & Bisgaard (now Lewis, Brisbois, Bisgaard & Smith), where he defended numerous accounting and law firms in professional liability actions, and insurance carriers in bad faith actions.

Before becoming a lawyer, Mr. Monroe worked as a forensic accountant at Coopers & Lybrand, which provided him a background in forensic accounting and financial analysis that is unique among litigators in Los Angeles. Mr. Monroe studied at Duke University Law School, achieved a BS with Honors, Accounting, University of Kentucky, and is a member of the California State Bar and the Kentucky State Bar.