Top 5 Reasons You Might Be On The Match List (And How To Get Off)

The ability to accept credit and debit card payments is at the heart of most small businesses. Without this ability, you could find yourself closing your doors sooner than later, which can wreak havoc on your livelihood. Ending up on The Match List can do just that until you age out of it after five years — if you’re lucky enough to stay open that long. Keep reading to learn more about The Match List, the top 5 reasons you might be on it, and how to get off of it before the five-year waiting period.

What is The Match List?

The Match List, also known as Member Alert to Control High-Risk Merchants, is a database created and maintained by Mastercard Worldwide which alerts banks and credit card companies to high-risk merchants whose credit card processing privileges have been terminated for cause. This means you can, essentially, no longer accept credit card payments.

The list highlights all your business names in their various forms, the business owners, and, in some cases, the associates. Due to the comprehensive nature of the list, you will be unable to simply open up another account in a different name.

There are two ways to get off The Match List. They include:

1. Aging out of the Match List after five years. At this point, any history of being on the list will be cleared, and it’s like it never happened. However, waiting these five years can be devastating to many businesses.
2. Calling for removal. If you can prove that you don’t deserve to be on this list, there is a chance you may be removed. Whether you make that call yourself or choose professional help to assist you with TMF Law, it’s the move that could save your business.

1. Excessive Chargebacks

The most common reason businesses are placed on the Match List is due to excessive chargebacks. Keeping a chargeback percentage of under 1% is ideal and will keep your business in the safe zone and off the Match List. Once you creep up into 2% or higher, you could start having some issues.

Reasons that customers may open chargebacks against you include:

• Unrecognized charge. Make sure that the name you use for credit card processing is as straightforward and as close to your business name as possible. If customers don’t recognize the name on their statement, they may call their bank to dispute the charge—even if they did purchase something from you and the charge is legitimate. In addition, including your business’s phone number with your name can help encourage customers to call you directly, rather than their credit card, should they have any questions about what the charge was.
• Unauthorized charge. If you accidentally charge a customer twice, the customer pressed the Pay Now button more than once, or any other type of glitch could result in a chargeback. In addition, if the customer’s credit card was stolen and made unauthorized purchases, the customer could also open a chargeback for this unauthorized charge.
• Poor business practices. If you take too long to ship an item, have poor customer service, or an item is not delivered, a customer will likely open a chargeback. Make sure your business maintains excellent customer service, speedy shipping, advertising your products or services as real as possible, and fulfilling orders as promised to avoid disappointing customers. In turn, this will help chargebacks from happening.

2. Issues With Fraud

If your business has consistent issues with fraud, whether it is your fault or not, you can be placed on the Match List. Dealing with fraud can be unavoidable in many instances. However, it is essential to do your best to protect yourself and your business. This way, if you are placed on the Match List, you can show your credit card processor how many steps you have taken to avoid this issue.

Ways to prevent issues with fraud include:

• Staying compliant with rules and regulations
• Safeguarding passwords and access to sensitive information
• Due diligence with the hiring and firing of employees
• Maintaining a paper trail or process with who has access to what information
• Avoiding phishing scams and staying internet savvy

3. Frequent Data Breaches

Similar to fraud issues, having frequent data breaches can land you on the Match List, whether it is your fault or not. According to Varonis, a data breach occurs when a cybercriminal infiltrates a data source and extracts confidential information. This can be done by accessing a computer or network to steal local files or bypassing network security remotely. While most data breaches are attributed to hacking or malware attacks, other breach methods include insider leaks, payment card fraud, loss or theft of a physical hard drive of files, and human error.

Common cyber attacks used in data breaches are:

1. Ransomware
2. Malware
3. Phishing
4. Denial of Service

It can be challenging to avoid a data breach against professional criminal hackers. However, having sophisticated network protection, difficult-to-guess passwords, practicing internet common sense, and adhering to safety rules and regulations will help protect you.

4. Illegal Activity

It should come as no surprise that engaging in illegal activity can put you on the fast track to The Match List. However, many legitimate businesses may not even know that they are engaging in unlawful activity. This can be due to identity theft or unscrupulous employees. Some of the illicit activities that can put you on the Match List include:

• Money laundering
• Conspiracy
• Illicit transactions

For this one, all you have to do is make sure you are running a legitimate business and maintaining proper ethical standards. If your identity has been stolen or an employee engages in illegal activity, make sure you collect as much proof and evidence as possible to protect yourself. This will help possibly remove your business from the Match List and clear your name.

5. PCI-DSS Non-Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. The PCI-DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits, or stores any cardholder data.

There are many penalties for being non-compliant, aside from being placed on The Match List. According to the PCI Compliance Guide, the payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine along until it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can be catastrophic to a small business.

To protect yourself and comply with the PCI-DSS, familiarize yourself with the current PCI DSS documents. These can be found on the PCI Security Standards Council website.

About TFM Law

The scary part about every reason you could end up on the Match List is that it might not even be your fault at all. Furthermore, you could become a victim and end up on the Match List. Ignorance won’t help you get off the Match List, however, making sure you protect yourself as much as possible will help. Luckily, there are ways to get off. If you have found yourself on the Match List, we can help you.

The Law Offices of Theodore Monroe focuses on litigation and counseling in payments, credit card processing, e-commerce, direct response marketing, and Federal Trade Commission enforcement. Last year the firm got 100% of the people who came to us off the MATCH list.

Theodore F. Monroe, Founder of TFM Law, has successfully:

• Represented merchants recovering funds from processors
• Structured processing relationships to comply with Card Brand requirements
• Drafted and negotiated contracts involving payment facilitators and ISOs
• Represented continuity merchants in compliance and litigation issues
• Fought for numerous companies in suits brought by the Federal Trade Commission and obtained excellent results for firms in the digital products, loan modification, government grant, and nutraceuticals industries

Before opening his firm, Mr. Monroe practiced law with Crosby, Heafey, Roach & May (now Reed Smith LLP) and Lewis, D’Amato, Brisbois & Bisgaard (now Lewis, Brisbois, Bisgaard & Smith), where he defended numerous accounting and law firms in professional liability actions, and insurance carriers in bad faith actions.

Before becoming a lawyer, Mr. Monroe worked as a forensic accountant at Coopers & Lybrand, which provided him with a forensic accounting and financial analysis background that is unique among litigators in Los Angeles. Mr. Monroe studied at Duke University Law School, achieved a BS with Honors, Accounting, University of Kentucky, and is a member of the California State Bar and the Kentucky State Bar.