Understanding the MATCH List: The Merchant Blacklist That Can End Your Payment Processing

October 31, 2025 • Blogs

Introduction: The Silent Barrier in Merchant Processing

In the payment ecosystem, reputation is currency — and nothing tarnishes it faster than being placed on the MATCH list. For many merchants, the term appears suddenly during a declined onboarding or a terminated account notice from their acquirer. Often, it’s the first time they’ve heard of it — and by then, the damage is already done.

The Mastercard MATCH List (formerly known as the Terminated Merchant File, or TMF) is a global database that tracks merchants whose accounts have been terminated for reasons ranging from fraud and excessive chargebacks to non-compliance and security breaches.
If your name — or your company’s — appears on it, most banks and payment processors will instantly reject your application.

This guide dives deep into what the MATCH List is, why it exists, how it impacts your business, and — most importantly — what you can do to avoid, dispute, or recover from it.

1. What Is the Merchant Account MATCH List?

Definition and Purpose

The MATCH (Member Alert to Control High-Risk Merchants) list is a Mastercard-maintained database used by acquiring banks to identify merchants with a history of risky or non-compliant behavior.
It serves as a shared intelligence tool across acquirers, helping them make informed risk decisions before onboarding new merchants.

Originally called the Terminated Merchant File (TMF), it was developed in the early 1990s to reduce systemic fraud and financial exposure in the card ecosystem. Today, it’s integral to the global payment compliance and risk management network, connecting Visa, Mastercard, Amex, and Discover ecosystems through shared due diligence data.

Why the MATCH/TMF Database Exists

To Protect the Card Network: It prevents repeat offenders from hopping between acquirers under new names.
To Maintain Regulatory Compliance: Acquirers are mandated to report risky or fraudulent merchants under Mastercard’s Security Rules and Procedures.
To Promote Market Integrity: It ensures fair competition by discouraging fraudulent operations or data breaches that harm consumers.

2. Reasons for MATCH Listing

When an acquirer terminates a merchant account for specific reasons, they are obliged under Mastercard rules to register the merchant on the MATCH List with a specific reason code.

Here’s a structured view of the primary MATCH reason codes, their definitions, and examples:

Code	Reason for Listing	Example Scenario
01	Account Data Compromise	Merchant’s payment database hacked, exposing cardholder data.
02	Common Point of Purchase (CPP)	Fraudulent activity traced back to the merchant.
03	Laundering	Processing transactions for third parties through your MID.
04	Excessive Chargebacks	Chargeback ratio exceeds 1% threshold consistently.
05	Excessive Fraud	High volume of fraud-to-sale ratio detected.
06	Card Testing	Use of the site for validating stolen card data.
07	Fraudulent Activity	Intentional deception to gain financial benefit.
08	Merchant Collusion	Conspiring with cardholders to defraud acquirers.
09	PCI DSS Non-Compliance	Failure to maintain security certification or audit.
10	Illegal Transactions	Offering services or products prohibited by law.
11	Identity Theft	Merchant account opened under false credentials.

Comparison: MATCH Codes vs. Chargeback Reason Codes

Aspect	MATCH Codes	Chargeback Codes
Purpose	Merchant-level termination record	Transaction-level dispute code
Scope	Applies to merchant as a whole	Applies to a single transaction
Duration	5 years on file	Single incident per cardholder
Issuer/Authority	Mastercard (acquirer-reported)	Issuer bank (cardholder-reported)
Impact	Affects merchant’s ability to get accounts	Affects specific sale/refund

3. How MATCH Is Used by Acquirers and PSPs

Acquirer Responsibilities

Under Mastercard’s Security Rules and Procedures, acquiring banks must:

Report terminated merchants within five business days.
Check every new merchant application against the MATCH list before onboarding.
Maintain audit trails for inclusion and removal actions.

This is not optional — failing to report a qualified merchant can lead to acquirer fines or suspension from Mastercard’s network.

Impact Across Card Networks

Although maintained by Mastercard, the MATCH list influences all major card networks:

Visa refers to it during its VFMP (Visa Fraud Monitoring Program)
Amex and Discover use equivalent internal watchlists but cross-check high-risk entities.
Global PSPs (like Stripe, Adyen, or Worldpay) have internal systems that sync MATCH/TMF data with AI-driven risk scoring tools.

Anecdotal Case Example

A digital subscription merchant in the adult industry was terminated due to excessive chargebacks. Within 24 hours, his profile appeared on MATCH under Code 04. When he reapplied with another acquirer in Singapore, his application was auto-rejected — not because the PSP had prior dealings with him, but because the MATCH flag propagated through Mastercard’s database.

4. Consequences of Being on the MATCH List

The immediate effects can be devastating — but the long-term implications go even deeper.

Short-Term Impact

Processing Suspension: Immediate termination of active merchant accounts.
Fund Holds: Acquirers often freeze settlements for 180 days or longer.
Loss of Payment Gateway: PSPs integrated with card networks revoke MID access.

Long-Term Impact

Inability to Reapply with Major Acquirers: Most Tier-1 banks won’t onboard MATCHed merchants.
Higher Fees with Offshore Processors: High-risk providers charge up to 10–12% MDR plus reserves.
Brand Damage: Reputation risk among affiliates, partners, and investors.
Regulatory Scrutiny: Increased monitoring of connected entities or related companies.

Industry Voice

“Being MATCHed isn’t a death sentence, but it’s a massive credibility hit. Recovery is possible — but it takes transparency, documentation, and time.”
— Eric M., Senior Risk Analyst, Global PSP Network

5. Removal and Remediation

Automatic Removal

Merchants are automatically delisted after 5 years, provided no further violations occur.

Error Correction

If a merchant is incorrectly added:

Contact the reporting acquirer immediately.
Provide documentation disproving the listing reason.
If unresolved, escalate to Mastercard’s Merchant Registration Team.

PCI DSS Compliance Remediation

For Code 09 (PCI non-compliance), once the merchant becomes PCI certified, they can request acquirer confirmation for delisting.

Step-by-Step Checklist for Disputing Inclusion

Step	Action	Details
1	Identify Reporting Acquirer	Request official MATCH notice with reason code.
2	Gather Evidence	Transaction logs, PCI certificates, legal documents.
3	Draft Dispute Letter	Formal request citing Mastercard Rule 11.1.2 compliance.
4	Submit to Acquirer	Include supporting evidence; maintain copies.
5	Await Review	Usually 30–90 days for acquirer or Mastercard response.
6	Confirm Resolution	Obtain written confirmation if delisted.

6. Prevention Strategies: Staying Off the MATCH List

1. Data-Driven Risk Monitoring

Use fraud analytics tools (like Sift, or Riskified) to monitor patterns in transactions, IPs, and chargeback velocity.

2. Chargeback Alerts and Dispute Prevention

Integrate Ethoca Alerts or Verifi CDRN to resolve cardholder disputes before they escalate to chargebacks.

3. Proactive Compliance

Conduct quarterly PCI DSS audits.
Maintain KYC/KYB verification for affiliates and resellers.
Keep billing descriptors clear and recognizable.

4. Regional Strategies

EU Merchants: Follow PSD2 and GDPR guidelines for data retention and SCA.
US Merchants: Ensure FTC and State-level compliance for product claims.
Asia-Pacific Merchants: Implement real-name authentication and AML screening for cross-border payments.

Visual Tip (for infographic):

A flowchart illustrating “Early Warning to MATCH Inclusion” helps merchants understand the risk escalation stages — from disputes → chargeback → acquirer monitoring → termination → MATCH flagging.

7. Industry Trends and Risk Mitigation Tools

Evolution in Due Diligence

Acquirers are increasingly using AI-driven merchant scoring systems, combining transaction behavior, social presence, and previous PSP records.

Tech Tools for MATCH Avoidance

Tool	Functionality

Chargebacks911	End-to-end chargeback mitigation
Verifi	Real-time dispute alerts
Sift Science	Behavioral risk scoring for payments
Fraud.net	AI consortium for cross-platform risk sharing

Fintech Innovations

Blockchain-based risk registries may soon offer decentralized transparency for merchant histories.
Open Banking data is helping acquirers assess merchants beyond card-based signals, reducing false positives.

8. Success Stories and Recovery Insights

Case Study: A High-Risk Merchant Rebuilds Trust
A CBD product seller was MATCHed under Code 04 for “excessive chargebacks.” By overhauling refund policies, improving descriptor clarity, and integrating Ethoca alerts, chargebacks dropped by 70% within 6 months. After continuous compliance reports, the merchant successfully secured processing through a high-risk acquirer in 14 months.

Merchant Takeaway:

“Transparency, proper documentation, and proactive engagement with acquirers are your best assets post-MATCH.”

9. FAQs: Merchant MATCH List Explained

Q1. Can I check if I’m on the MATCH List myself?
No. Only acquirers can access it. You must request confirmation from the acquiring bank that terminated your account.

Q2. How long does a MATCH listing last?
Five years, unless removed earlier by the reporting acquirer or Mastercard.

Q3. Can another processor remove me instantly?
No legitimate processor can. Only the original reporting acquirer can request delisting.

Q4. Is MATCH the same as Visa’s Terminated Merchant File?
MATCH replaced TMF, but Visa and other networks have their own equivalent risk databases.

Q5. Can I still process payments while on the MATCH List?
Yes, but only with offshore or high-risk acquirers, often with higher fees and stricter rolling reserves.

Q6. Does being MATCHed affect personal credit?
No, but it impacts your merchant reputation and future business credibility.

Q7. How can I reduce chargebacks to avoid being MATCHed?
Use clear descriptors, timely refunds, transparent billing, and implement dispute alerts.

Q8. What documents are needed to dispute a MATCH entry?
Legal identity proofs, PCI compliance certificates, transaction reports, and a formal letter to the acquirer.

Q9. Can a company related to a MATCHed entity apply for a new MID?
Not without disclosure — acquirers often cross-reference directors and business registration data.

10. Key Takeaways for Merchants

Proactive compliance beats post-crisis remediation.
Document everything. The cleaner your audit trail, the faster your recovery.
Invest in real-time risk tools to monitor and prevent early red flags.
Maintain transparent communication with acquirers and partners.
Regularly train teams in chargeback and fraud detection best practices.

Conclusion: Reputation Is Recoverable — But It Takes Strategy

The Mastercard MATCH list is not designed to punish merchants — it’s built to protect the integrity of the global payments system.
However, for merchants caught in its net, the consequences can be existential.

Understanding why MATCH exists, how it’s used, and how to proactively manage your risk exposure is crucial for long-term survival in the fintech and payment ecosystem.
For those already listed, structured remediation, data transparency, and continuous compliance are the only reliable paths to redemption.

Because in payment processing, trust isn’t permanent — it’s something you rebuild, transaction by transaction.