Effective July 24, 2026, Mastercard’s new scam-merchant monitoring rule will require acquirers and payment facilitators (payfacs) to investigate certain warning signs within 72 hours. If the merchant is confirmed to be engaged in scam activity, Mastercard processing must be blocked.
The rule applies to card-not-present merchants and sponsored merchants. It targets online fraud models that can move faster than normal portfolio controls.
The 72-Hour Investigation Clock
If one of Mastercard’s scam-monitoring triggers is met, the acquirer or payfac must start an investigation within 72 hours. The trigger does not automatically require termination, but it does require a timely investigation.
Blocking authorization, and where applicable clearing, is required only after confirmation. The acquirer/payfac should be able to show when the trigger occurred, who reviewed it, what was done, and the basis for the decision.
What Triggers an Investigation
The revised standards identify four triggers.
First, a sharp drop in authorization approvals. If a merchant conducts at least 25 purchase transactions over at least a 72-hour period, and its approval rate drops by at least 50 percentage points or falls below 30%, the acquirer/payfac must investigate. BIN attacks and system issues are excluded.
Second, a Mastercard GRIP letter tied to suspected scam activity triggers the investigation requirement.
Third, Mastercard added specific triggers for merchants with six months or less of Mastercard acceptance history. For those merchants, an investigation is required if: (a) two issuers report scam transactions using fraud type 56, “Manipulation of Cardholder,” meaning the cardholder authorized the transaction but allegedly did so because of deception or manipulation; (b) two issuers initiate fraud or non-fraud chargebacks with documentation referring to scams, manipulation of the cardholder, or similar conduct; or (c) more than 5% of purchase transactions are subject to refunds, chargebacks, or both over a rolling 30-day period with at least 500 purchase transactions.
Fourth, one or more Merchant Monitoring Service Provider (MMSP) alerts identifying the merchant as a potential scam merchant or as suspected of illegal activity also trigger the rule.
New Merchants Need Closer Monitoring
Mastercard creates separate triggers for merchants with six months or less of Mastercard acceptance history.
The concern is the period immediately after boarding, when scam activity can develop before the merchant has a meaningful processing record. Under the new rule, if one of those merchants crosses the 5% refund/chargeback threshold, the acquirer or payfac has to investigate.
Onboarding approval is not enough. Acquirers and payfacs need post-boarding monitoring, clear escalation rules, and a file showing what they did when warning signs appeared.
Daily FLD Review
The revised standards require acquirers to check the Fraud and Loss Database daily for new scam-merchant listings, using Fraud Insights alerts and/or daily Acquirer Loss File reports.
This may become a common examination point. Acquirers should be able to document the daily review, escalation of any hits, and the outcome. A written policy will not be enough if it doesn’t match the operating record.
Payment Facilitator Oversight
Payfacs have direct monitoring obligations for sponsored merchants. They must monitor that activity and stop Mastercard and Maestro transactions for any sponsored merchant confirmed to be engaged in scam activity.
Acquirers should review their payment facilitator agreements before the effective date to ensure access to monitoring data, investigation files, escalation records, and termination actions. Acquirers should also be able to show documented oversight of the payfac’s monitoring and escalation process.
Multiple MIDs
Mastercard also cautions that requests for multiple merchant IDs may indicate potential scam activity. Multiple MIDs may be appropriate where there is a legitimate business reason, such as separate business lines, different MCCs, operational segmentation, or legal requirements.
Acquirers and payfacs should document the business reason and monitor whether multiple MIDs are being used to spread fraud, chargebacks, refunds, or issuer complaints across accounts.
What to Do Before July 24, 2026
Acquirers and payfacs should use the time before the effective date to test whether their monitoring programs actually detect the new rule triggers.
At a minimum, they should confirm they can identify approval-rate drops, new-merchant refund and chargeback thresholds, fraud type 56 reports, scam-related chargeback documentation, GRIP letters, FLD listings, and MMSP alerts.
They should also create a simple investigation record for each event. The record should show what prompted the review, who handled it, what was reviewed, and how the decision was made.
If the merchant is cleared, the reason should be documented. If the merchant is confirmed as a scam merchant, authorization and clearing (where applicable) must be blocked.
Practical Risk
The problem is not missing a perfect fraud signal. The problem is receiving a warning sign, failing to escalate, and being unable to prove a timely investigation. By July 2026, acquirers and payfacs should be able to show how warning signs are detected, reviewed, documented, and blocked when scam activity is confirmed.
Source: Mastercard GLB 12772.1, Revised Standards for Potential Scam Merchant Monitoring, amending Security Rules and Procedures Sections 6.2.2.8 and 7.2.1.
About Rome LLP
Based in Los Angeles, Rome LLP specializes in electronic payments litigation and complex business disputes nationwide. Eugene Rome and Bradley O. Cebeci alone have more than 30 years of combined experience litigating payment processing disputes. Rome LLP regularly represents “high-risk” merchants, sales agents, ISOs, payfacs, platforms, marketplaces, and acquirers, and routinely handles litigation and transactional matters on their behalf which traverse all aspects of payments law.
Contacts
Rome LLP
Bradley O. Cebeci, Esquire
[email protected]




