Mastercard has a global fraud monitoring program called the Excessive Fraud Merchant Program (EFM) that monitors your account for fraud, defines non-compliance thresholds, identifies when merchant accounts have excessive fraud activity, and requires merchants to reduce instances of fraud to remain compliant with Mastercard's standards.
Mastercard identifies a merchant by merchant account id and will review all merchant accounts monthly for merchant accounts exceeding the thresholds.
For general information about card brand monitoring programs and important terms, visit the Card Brand Monitoring Program's Overview article.
The Excessive Fraud Merchant Program monitors your merchant account. It uses the criteria below to determine if your account will be part of the program. Based on the number of months your account remains in the Excessive Fraud Merchant Program, you will be assessed different levels of fines.
The formula the Excessive Fraud Merchant Program uses to calculate your Mastercard fraud ratio is the count of fraud chargebacks received in a given month divided by the count of sales processed in the prior month (example: June fraud chargeback count / May sales count.) All the following criteria must be met to be flagged in the Excessive Fraud Merchant Program:
All of the following criteria must be met to be flagged in the Excessive Fraud Merchant Program:
|Mastercard sales transactions count in the previous month||1,000||1,000|
|Mastercard fraud chargeback amount under the reason codes
-4387 (No Cardholder Authorization))
-4863 (Cardholder Does Not
Recognize - Potential Fraud)
|$50,000 (USD/EUR)||$15,000 (USD)|
|Fraud chargeback count to sales count ratio||0.50%||0.20%|
|3D Secure processing volume||Less than 50% regulated countries* / Less than 10% non-regulated countries||Less than 10%|
* Non-regulated countries refer to countries without a legal or regulatory requirement for strong cardholder authentication (e.g. US, Canada, and some European countries). Regulated countries refer to countries with legal or regulatory requirements for strong cardholder authentication (e.g. some European and APAC countries).
After you are in the Excessive Fraud Merchant Program, the following fine assessments are eligible:
|Number of Excessive Fraud Merchant Program Months||Fine Assessments (USD/EUR)|
Mastercard offers an extension to be filed, which will place a hold on fine assessments for 6 months if granted. During the extension timeframe, you can still be identified in the Excessive Fraud Merchant (EFM) program, and fine assessments will accrue with each identification. However, these fines will not be assessed during the extension. If, at the end of the extension, you are below EFM thresholds, no fines will be assessed. Regardless, if you flag over the thresholds at the end of the extension, all accrued fines will be assessed at that time.
If you have been identified in the Excessive Fraud Merchant Program, a remediation plan may be requested by Mastercard. A remediation plan aims to show Mastercard what actions you are taking to remedy the situation and regain compliance. Information communicated is also reviewed and considered when the card brand issues fine assessments.
The main details you should provide for your remediation plan include, but are not limited to:
- Business description
- Events leading to the increased fraud
- Actions taken to reduce fraud, including implementation dates
- Description of all fraud tools currently enabled
To exit the Excessive Fraud Merchant Program, your merchant account must be below Excessive Fraud Merchant Program thresholds for 3 consecutive months. After your merchant account fully exits either program, any subsequent flaggings would start over at Month 1 of that program.
Because you have to hit all criteria to be placed in the program, if either the count or ratio is less than the thresholds, your account would be considered compliant for that month.