The ability to accept credit and debit card payments is at the heart of most small businesses. Without this ability, you could find yourself closing your doors sooner than later, which can wreak havoc on your livelihood. Ending up on The Match List can do just that until you age out of it after five years — if you’re lucky enough to stay open that long. Keep reading to learn more about The Match List, the top 5 reasons you might be on it, and how to get off of it before the five-year waiting period.
The Match List, also known as Member Alert to Control High-Risk Merchants, is a database created and maintained by Mastercard Worldwide which alerts banks and credit card companies to high-risk merchants whose credit card processing privileges have been terminated for cause. This means you can, essentially, no longer accept credit card payments.
The list highlights all your business names in their various forms, the business owners, and, in some cases, the associates. Due to the comprehensive nature of the list, you will be unable to simply open up another account in a different name.
There are two ways to get off The Match List. They include:
The most common reason businesses are placed on the Match List is due to excessive chargebacks. Keeping a chargeback percentage of under 1% is ideal and will keep your business in the safe zone and off the Match List. Once you creep up into 2% or higher, you could start having some issues.
Reasons that customers may open chargebacks against you include:
If your business has consistent issues with fraud, whether it is your fault or not, you can be placed on the Match List. Dealing with fraud can be unavoidable in many instances. However, it is essential to do your best to protect yourself and your business. This way, if you are placed on the Match List, you can show your credit card processor how many steps you have taken to avoid this issue.
Ways to prevent issues with fraud include:
Similar to fraud issues, having frequent data breaches can land you on the Match List, whether it is your fault or not. According to Varonis, a data breach occurs when a cybercriminal infiltrates a data source and extracts confidential information. This can be done by accessing a computer or network to steal local files or bypassing network security remotely. While most data breaches are attributed to hacking or malware attacks, other breach methods include insider leaks, payment card fraud, loss or theft of a physical hard drive of files, and human error.
Common cyber attacks used in data breaches are:
It can be challenging to avoid a data breach against professional criminal hackers. However, having sophisticated network protection, difficult-to-guess passwords, practicing internet common sense, and adhering to safety rules and regulations will help protect you.
It should come as no surprise that engaging in illegal activity can put you on the fast track to The Match List. However, many legitimate businesses may not even know that they are engaging in unlawful activity. This can be due to identity theft or unscrupulous employees. Some of the illicit activities that can put you on the Match List include:
For this one, all you have to do is make sure you are running a legitimate business and maintaining proper ethical standards. If your identity has been stolen or an employee engages in illegal activity, make sure you collect as much proof and evidence as possible to protect yourself. This will help possibly remove your business from the Match List and clear your name.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. The PCI-DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits, or stores any cardholder data.
There are many penalties for being non-compliant, aside from being placed on The Match List. According to the PCI Compliance Guide, the payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine along until it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.
To protect yourself and comply with the PCI-DSS, familiarize yourself with the current PCI DSS documents. These can be found on the PCI Security Standards Council website.
The scary part about every reason you could end up on the Match List is that it might not even be your fault at all. Furthermore, you could become a victim and end up on the Match List. Ignorance won’t help you get off the Match List, however, making sure you protect yourself as much as possible will help. Luckily, there are ways to get off. If you have found yourself on the Match List, we can help you.
The Law Offices of Theodore Monroe focuses on litigation and counseling in payments, credit card processing, e-commerce, direct response marketing, and Federal Trade Commission enforcement. Last year the firm got 100% of the people who came to us off the MATCH list.
Theodore F. Monroe, Founder of TFM Law, has successfully:
Before opening his firm, Mr. Monroe practiced law with Crosby, Heafey, Roach & May (now Reed Smith LLP) and Lewis, D’Amato, Brisbois & Bisgaard (now Lewis, Brisbois, Bisgaard & Smith), where he defended numerous accounting and law firms in professional liability actions, and insurance carriers in bad faith actions.
Before becoming a lawyer, Mr. Monroe worked as a forensic accountant at Coopers & Lybrand, which provided him with a forensic accounting and financial analysis background that is unique among litigators in Los Angeles. Mr. Monroe studied at Duke University Law School, achieved a BS with Honors, Accounting, University of Kentucky, and is a member of the California State Bar and the Kentucky State Bar.