The Excessive Fraud Merchant Program: Mastercard’s New Approach to Managing Fraud
The Mastercard Excessive Chargeback Merchant (or ECM) and the Excessive Fraud Merchant (or EFM) designations are two new programs instituted in 2019 by Mastercard. The goal of these programs is to track fraud and chargebacks and try to keep fraud instances under control.
We’ll discuss the ECM program at a later date. First, let’s take a look at the EFM, and see what this new designation means for merchants who accept Mastercard transactions.
What is the EFM?
- Mastercard Excessive Fraud Merchant Program
The Excessive Fraud Merchant program is a fraud compliance scheme created by Mastercard. The purpose of the program is to exercise oversight in regards to eCommerce merchant activity and prevent excessive fraud from occurring on the Mastercard network. This is achieved by imposing penalties on merchants for noncompliance.
Mastercard announced the Excessive Chargeback Merchant program back in April 2019. It is part of the North America Assurance Framework.
Although EFM is a global program, there are specific regions and countries in which the rule does not apply. Current exceptions to the program include merchants based in any of the following markets:
- Ascension and Tristan Da Cunha
The EFM program’s purpose is to reduce fraud instances tied to eCommerce transactions. As Mastercard explains, this program will create “a more secure ecosystem and provid[e] a better experience for cardholders.”
EFM will involve measuring compliance with established fraud thresholds at the merchant ID level. If merchants breach those thresholds, Mastercard will send a notification to the merchant’s acquirer.
This could also result in significant financial penalties for non-compliant merchants. These penalties which will be communicated to the acquirer by Mastercard. In other words, merchants who experience excessive fraud will face stiff fines imposed by the card network. Plus, these fines will increase the longer the problem persists.
Seeing Excessive Chargebacks Due to Criminal Fraud?
Chargebacks911® is the only service provider capable of identifying—and eliminating—chargebacks by their source. Give us a call today.
Why is Mastercard Doing This?
Card networks like Mastercard acknowledge that identifying and preventing all fraudulent activity is unrealistic for most merchants. Mistakes can happen and, from time to time, a bad actor might slip through merchants’ defenses.
Preventing 100% of fraud may be unrealistic. However, the company still wants to minimize the number of incidents that occur on their network. Their reputation is tied to the security and stability of card payments. Thus, allowing uncontrolled fraud on their network could damage their reputation. It could shake consumer confidence in payment card security over time.
The point of the Mastercard Excessive Fraud Merchant program is not to punish merchants. The EFM program has a two-fold purpose. First, it’s meant to provide negative reinforcement that will motivate merchants to keep fraud under control. Some merchants might argue that this is unnecessary. They could say the merchant’s own self-interest would motivate them to mitigate fraud risk. This is where the second purpose comes in: identifying and removing bad actors from the Mastercard system.
The card networks want to create a fair and sustainable payments ecosystem for cardholders, banks, and merchants. Unfortunately, that means some legitimate merchants who experience excessive attacks from fraudsters may get caught in the crosshairs.
What are the EFM Fraud Thresholds & Fees?
Fraud thresholds—and associated noncompliance penalties—are nothing new. Mastercard has had similar requirements in place for years. Other card networks like Visa also have programs outlining acceptable levels of fraud incidents.
The Excessive Fraud Merchant program is targeted at streamlining enforcement and facilitating faster communication between acquirers and the card network. The goal is to make merchant compliance a more accurate process with greater accountability.
Below are the monthly thresholds that would make a merchant liable to end up in the program:
Mastercard Changes: Navigating the Chargeback Rule Changes in 2019 and Beyond
Like Visa with 2018’s VCR, Mastercard is implementing sweeping changes to its chargeback and dispute systems. Download our whitepaper to learn what changes are coming, and how to prepare.Free Download
Table 5: EFM Assessment Structure
|Number of Months Above EFM Thresholds||Violation Assessment|
|4 to 6||EUR/USD 5,000|
|7 to 11||EUR/USD25,000|
|12 to 18||EUR/USD 50,000|
|19 +||EUR/USD 100,000|
Mastercard began monitoring for EFM threshold violations back in November 2019. They didn’t initially start assessing penalties, though.
November 1, 2020, marked the date on which the company began assessing financial penalties associated with the program. These penalties are based on the number of fraud incidents reported in the previous month; any penalties assessed in November, for instance, would be tied to incidents that occurred in October. So now, if you breach acceptable fraud thresholds, you may end up in the EFM program, and be responsible for paying the fee.
How to Avoid the EFM & Associated Fees
Merchants may be able to request an extension for compliance by contacting their acquirer. However, this would be at Mastercard’s discretion and is not likely to be approved.
If Mastercard determines that the merchant is subject to the EFM program, there’s no way to appeal the decision or avoid the resulting penalties. At that point, the only option is to try and get one’s fraud incidents below the acceptable thresholds.
We always recommend merchants adopt a multilayer approach to fraud management. This should include a number of complimentary fraud tools, including:
- Address Verification Service (AVS)
- CVV verification
- 3-D Secure 2.0 technology
- Fraud blacklists
- Velocity limits
These tools should be backed by dynamic fraud scoring, which looks at a range of indicators to gauge the amount of risk posed by each transaction. The tool can then flag transactions for manual review or reject them automatically (depending on the merchant’s settings).
Fraud isn’t a monolithic problem. There are countless different angles and schemes that criminals can leverage to take advantage of the situation. Plus, as technologies and business practices evolve, these crafty criminals can constantly devise new methods of separating merchants from their money. With a multilayer strategy in place, though, merchants stand a fighting chance of preventing fraud and keeping themselves clear of those substantial Excessive Fraud Merchant program penalties.