Mastercard Excessive Fraud Merchant ProgramKeep Fraud Incidents in Check to Avoid the EFM & Reduce Your Mastercard Fees

November 1, 2022 | 9 min read

Mastercard Excessive Fraud Merchant Program

In a Nutshell

Card networks are determined to stop card-not-present fraud. Since 2020, Mastercard has held merchants increasingly liable for excessive fraud through the Excessive Fraud Merchant (EFM) program. So, what exactly is the EFM, how much can it cost you, and can you avoid being added to the MATCH List due to excessive fraud chargebacks?

Mastercard Excessive Fraud Merchant: What is This Program & How Do You Get Out of it?

The Mastercard Excessive Chargeback Merchant (or ECM) and the Excessive Fraud Merchant (or EFM) designations are two initiatives instituted in 2019 by Mastercard. The programs are meant to track fraud and chargebacks, and to try and keep incidents of both under control.

Do they work, though? What does entry into the Mastercard EFM mean for your business? Most importantly: is there a way out?

We covered the ECM in more detail in another article. Today, though, let’s take a look at the EFM and see what this platform means for anyone who accepts Mastercard transactions.

What is the Excessive Fraud Merchant Program?

Excessive Fraud Merchant

[noun]/ik • ses • iv • frôd • mər • CHənt/

The Mastercard Excessive Fraud Merchant program is a fraud compliance scheme created by the card network. The program's purpose is to exercise oversight regarding eCommerce merchant activity and prevent excessive fraud from occurring on the Mastercard network. This is achieved by imposing penalties on merchants for noncompliance.

As we mentioned above, the Mastercard EFM is a counterpart program to the Excessive Chargeback Merchant program. Both are part of the North America Assurance Framework.

The basic point of the EFM program is to stop fraud instances resulting from eCommerce transactions. Mastercard explains that this program creates “a more secure ecosystem and provides a better experience for cardholders.”

How Does the Excessive Fraud Merchant Program Work?

With the Mastercard Excessive Fraud Merchant program, the card network sets pre-established fraud thresholds (we’ll examine these in more detail below). These thresholds mean there’s a hard limit on the number of transactions you can process each month that later turn out to be fraudulent.

Of course, not all fraudulent transactions are the same. Mastercard only counts card-not-present, eCommerce transactions for which a chargeback is filed using reason code 4837 (“No Cardholder Authorization”). Chargebacks filed using legacy reason code 4863 (“Cardholder Does Not Recognize — Potential Fraud”) were also subject, but this reason code has been retired and is no longer used.

Mastercard tracks your compliance with their fraud threshold at the merchant ID level. If you breach those thresholds, Mastercard will send a notification to your acquirer. This could result in significant financial penalties for you as a non-compliant merchant. Specific penalties will also be communicated to the acquirer by Mastercard.

In other words, you’ll face stiff fines imposed by the card network if you experience excessive fraud. Plus, these fines could increase the longer the problem persists.

Where is the Mastercard EFM in Effect?

Although the EFM is a global program, there are specific regions and countries in which the rule does not apply. Current exceptions to the program include merchants based in any of the following markets:

  • Ascension and Tristan Da Cunha
  • Germany
  • India
  • Liechtenstein
  • Helena
  • Switzerland

Why is Mastercard Doing This?

Card networks like Mastercard acknowledge that identifying and preventing all fraudulent activity is unrealistic for most merchants. Mistakes can happen. A bad actor might slip through merchants’ defenses from time to time.

But, while preventing 100% of fraud may be unrealistic, the company still wants to minimize the number of incidents that occur on its network. Their reputation is tied to the security and stability of card payments. Thus, allowing uncontrolled fraud on their network could damage their reputation. It could shake consumer confidence in payment card security over time.

The Mastercard Excessive Fraud Merchant program isn’t designed to punish merchants for incidents outside of their control. Rather, the EFM program is meant to provide negative reinforcement to motivate merchants to keep fraud in check.

Confused? You’re not alone. Chargebacks911® is here to help merchants navigate the complexities of fraud and chargeback management.REQUEST A DEMO

Some merchants find this unnecessary or unfair. They’ve argued that the merchant’s own self-interest would motivate any legitimate business to mitigate their fraud risk. But, this is why the program specifically focuses on identifying and removing bad actors from the Mastercard system.

Each card network wants to create a fair and sustainable payments ecosystem for cardholders, banks, and merchants. Unfortunately, that means some legitimate merchants who experience excessive attacks from fraudsters may get caught in the crosshairs.

Calculating EFM Fraud Thresholds & Fees

Fraud thresholds — and the associated noncompliance penalties — are nothing new. Mastercard has had similar requirements in place for years. Other card networks like Visa also have programs outlining acceptable levels of fraud incidents.

Learn about the Visa Fraud Monitoring Program

The Mastercard Excessive Fraud Merchant program is targeted at streamlining enforcement and facilitating faster communication between acquirers and the card network. The goal is to make merchant compliance a more accurate process with greater accountability.

Below are the monthly thresholds that could place you in the program:

EFM Monthly Criteria

Number of Electronic-
Commerce Transactions
Fraud
Chargeback
Amount
Fraud Chargeback
Basis Points
3DS Utilization
(Including Data Only Transactions)
1,000 or moreEUR/USD 50,000 or more50 or more- Less than 10%
(Non-regulated Countries)
- Less than 50%
(Regulated Countries)

If you surpass these thresholds, you could get hit with monthly financial penalties. And, these penalties increase with each month you spend in the program.

Listed below is the assessment schedule based on the number of months that you remain above the program criteria:

EFM Assessment Structure

Number of Months Above EFM ThresholdsViolation Assessment
10
2EUR/USD 500
3EUR/USD 1,000
4 to 6EUR/USD 5,000
7 to 11EUR/USD 25,000
12 to 18EUR/USD 50,000
19 +EUR/USD 100,000

Mastercard started assessing financial penalties associated with the program in November 2020. Penalties are based on the number of fraud incidents reported in the previous month. For example, any penalties assessed in November would be tied to incidents that occurred in October. 

Avoiding EFM & Associated Fees

You may be able to request an extension for compliance by contacting your acquirer. However, this would be at Mastercard’s discretion and is not likely to be approved.

If Mastercard determines that you’re subject to the EFM program, there’s no way to appeal the decision or avoid the resulting penalties. At that point, the only option is to try and get your fraud incidents below the acceptable thresholds.

We always recommend that merchants adopt a multilayer approach to fraud management. This should include a number of complimentary fraud tools, including:

  • Address Verification Service (AVS)
  • CVV verification
  • 3-D Secure 2.0 technology
  • Fraud blacklists
  • Velocity limits
  • Geolocation

These tools should be backed by dynamic fraud scoring, which looks at a range of indicators to gauge the amount of risk posed by each transaction. The tool can then flag transactions for manual review or reject them automatically (depending on your settings).

Learn more about fraud detection

Fraud isn’t a monolithic problem. There are countless different angles and schemes that criminals can leverage to take advantage of the situation. Plus, as technologies and business practices evolve, these crafty criminals will constantly devise new methods of separating you from your money.

With a multilayer strategy in place, you stand a fighting chance of preventing fraud. This is the only way to keep yourself clear of those substantial Excessive Fraud Merchant program penalties.

A Multi-Tiered Strategy is Best

Adopting a comprehensive, multi-tiered approach to fraud and chargeback prevention will go a long way to reducing the risk you face from both threats. The smartest and most efficient way to do this is to:

  • Combine complementary fraud tools
  • Prioritize customer service and order follow-ups
  • Keep excellent records
  • Limit your exposure to friendly fraud
  • Fight back against illegitimate chargebacks

We always recommend merchants start by identifying chargebacks according to their true source. Tools like Intelligent Source Detection™ can help merchants trace their chargebacks to missteps and errors, criminal fraud, or friendly fraud. We then recommend a two-part approach to chargeback management: fight chargebacks caused by friendly fraud and prevent all other chargebacks.

Ready to learn more about how to stop fraud and chargebacks, recover your revenue, and avoid costly Mastercard fees? We’re here to help. Click below to speak with one of our qualified chargeback experts today.

FAQs

What is the Mastercard EFM program?

The Excessive Fraud Merchant program is a fraud compliance scheme created by Mastercard. The program's purpose is to exercise oversight regarding eCommerce merchant activity and prevent excessive fraud from occurring on the Mastercard network. This is achieved by imposing penalties on merchants for noncompliance.

What is an excessive Mastercard fraud rate?

Mastercard will designate your fraud rate as “excessive” if the number of chargebacks you receive each month with a “fraud” reason code exceeds 0.5% of transactions. You must also receive 1,000 or more fraud-designated transactions per month, and the dollar value of those transactions must exceed $50,000.

What happens if a merchant has too many fraud incidents?

Merchants who surpass acceptable thresholds could be liable for penalties that increase with each month they spend in the program. Merchants will see no penalties after one month. However, nineteen or more months in the program would result in a monthly penalty of $100,000.

How do you get out of the Mastercard EFM program?

The only way to get out of the Mastercard Excessive Fraud Merchant program is to lower your exposure to fraud. Using and combining various fraud tools and best practices can go a long way to reducing merchant risk.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form