hexagonshexagons
Blog / Fraud detection and prevention

Mastercard Fraud Monitoring Program: What to Do When You Get Enrolled

Morgan Ackley | Monday, July 17th, 2023 | 11 minutes

So you’ve been enrolled in the Mastercard® fraud monitoring program — also known as the Mastercard Excessive Fraud Merchant (EFM) program. Maybe you knew it was coming. Maybe it feels unfair. So what do you do now?

What is the Mastercard Excessive Fraud Merchant Program?

Mastercard’s EFM program is a way for the card brand to ensure you maintain compliance with their fraud thresholds. If you fall out of compliance, the program is partly meant to serve as a penalty. But mostly, the point of the program is to help merchants reduce fraud and develop better fraud management practices.

When you breach Mastercard’s fraud thresholds, you are automatically enrolled in the program by your acquiring bank. The program monitors your merchant account for compliance and issues fines for months that you fail to meet compliance requirements.

Risk thresholds

Merchants are enrolled in the Mastercard EFM Program only if all of the following criteria are met:

  • Volume requirements: At least 1,000 Mastercard transactions in the previous month
  • Amount threshold: $50,000 (USD/EUR) or more in fraud claims
  • Fraud ratio threshold: 0.50% or higher fraud-to-sales ratio

NOTE: Enrollment criteria differs for Australian-based merchants. If you operate a business in Australia, your ratio must be below 0.2% and your fraud amount below $15,000 USD.

If you use 3D Secure, there are additional thresholds you need to keep in mind. These thresholds vary depending on whether or not your country has legal or regulatory requirements for strong cardholder authentication.

How do I calculate my fraud rate?

Your fraud ratio or fraud rate is the total number of fraudulent transactions you process in a given month measured against your monthly sales volume. Mastercard calculates your fraud ratio by taking the total number of fraud claims filed against your business in the current month and dividing it by the sales count from the previous month.

The calculation looks like this:

Mastercard fraud ratio calculation

For example:

Mastercard fraud ratio example

Fines

Mastercard assesses fines for merchants enrolled in the EFM Program based on the amount of time you spend in the program. The first month is a grace period — Mastercard doesn’t issue any fines during that time. However, your processor might.

After the first month in the program, fines are issued monthly and increase the longer you are enrolled in the program. Amounts can range from $500 (or €500) to $100,000 (or €100,000) or more.

How Fraud Monitoring Programs Can Affect Your Business

Fraud alone can cause a plethora of problems for business — damaged reputation with banks and customers, increased labor costs, and more. Navigating fraud schemes like card testing and account takeover fraud are already challenging to overcome. But the addition of being enrolled in a fraud monitoring program can increase the strain on your business.

Not only is fraud costly to resolve, the fines you accrue from the program can put a huge dent in your bottom line and strain your resources.

What’s more, being enrolled in a program puts your merchant account in jeopardy. If you are enrolled in a program for too long, your merchant account will likely be terminated.

What to Do When You Are Enrolled in the Mastercard EFM

Navigating a monitoring program can be overwhelming. And it may feel like your options are limited or hope is dwindling. But there are actions you can take to get your business back on track.

Develop a remediation plan

Part of a fraud monitoring program is to help merchants develop an effective risk management strategy. Mastercard may request that you submit a remediation plan that outlines the steps you’re taking to resolve issues and regain compliance.

Most remediation plans include the following key elements.

Business description

Card networks first need to get a good sense of who you are. Let them know what type of business you own, payment and billing methods you accept, marketing efforts, and any other notable aspects of your business.

Policy outlines

Provide details about your return and refund policies, terms and conditions, and any other internal procedures that could be related to your fraud issues.

Fraud description

Provide details of the events that lead to the increased level of fraud and number of chargebacks with fraud reason codes. This step may involve taking a closer look at your data to figure out the root cause of the issues so you can tell a complete story about what happened.

Risk management strategy

Your strategy for reducing risk is one of the most important parts of the remediation plan. You’ll need to provide a description of all fraud tools and prevention methods you plan to use, when you will implement them, and how those will help prevent fraud issues in the future.

Action plan

Provide a detailed description of steps you will take to reduce fraud and chargebacks — what technologies you will use, when you will implement them, and your expected results. You’ll also need to include a backup plan in case the first plan fails.

Develop a complete fraud and chargeback management strategy

It’s important to start managing risk effectively as soon as you find yourself in a monitoring program. But it’s equally important to continue those efforts long after you exit a program so that you never face enrollment again. That’s why you want to develop a well-rounded strategy that can provide long-term protection.

Best business practices for an effective strategy usually consists of the following items.

storage Scalable, accurate, and flexible technology

Using fraud protection software is the quickest way to reduce fraud accurately and effectively — which is especially important when you have a limited amount of time. You want to look for technology that allows you to customize policies so that it fits your business needs and can scale as you grow.

It’s important to find a solution that can resolve your issues and get you out of the monitoring program. However, keep in mind that the best solution is one that will benefit your business long-term.

security Web security protocols

An important element to mitigating fraud is to boost your website security. Add a firewall so that you can monitor incoming and outgoing traffic on your site and block suspicious traffic. Additionally, add CAPTCHAs during checkout to verify that the user interacting with your site is a human.

Using these protocols will help you block bad traffic from bots — software that is programmed to run automated tasks such as card testing fraud and credential stuffing.

account_box Verification tools

Another way to combat fraud is to implement verification protocols during checkout. This helps determine if the cardholder — or fraudster — is making the purchase.

One method is to require the shopper to enter the security code (CVV) printed on the card. This step helps ensure the shopper has the card in hand and isn’t just using stolen card information from online hacks.

You can also sign up for address verification service (AVS) — which allows you to compare the billing address a customer provides during checkout to the billing address on file with their bank. If the addresses don’t match, the transaction could be declined.

Lastly, you can use 3D Secure 2.0 — an identity verification tool that authenticates card-not-present transactions. When a customer makes a purchase, you can send information like shipping address and order history to the customer’s issuing bank. The bank then reviews the information to determine the likelihood of fraud. This analysis can help determine if the transaction should be accepted or declined.

poll Data analysis

It’s great to stop fraud, but it’s better to discover the root cause of fraud.

Fraud reports provided by the card brands are pretty generic — they simply inform you that the cardholder claimed the transaction was fraudulent. But how do you know if that fraud claim was legit or not?

What about opportunistic shoppers who try to get items for free? Or spouses making purchases without the cardholder’s knowledge?

Oftentimes, the only way to discover the true cause of fraud is with data analysis. You need to look for patterns to identify anomalies. The easiest and most accurate way to analyze data is to use fraud detection software.

assignment Up-to-date policies and procedures

Sometimes fraud happens because your refund and return policies aren’t very clear or are hard to find. Or sometimes your employees aren’t trained to recognize social engineering tactics — methods of manipulation fraudsters and customers use to get goods for free.

The best thing you can do is to keep your policies up-to-date and your employees well-trained on fraud trends — such as refund fraud, e-gift card fraud, chargeback fraud, and more.

Exiting the program

To get out of the Mastercard EFM program, your merchant account needs to be below the EFM program thresholds for three consecutive months. And because you must meet all requirements to be enrolled in the program, if you fall below the threshold for any of the requirements, your account will be considered compliant for the month.

Want help exiting a Mastercard fraud monitoring program? 

If you’ve been enrolled in a monitoring program, you need rapid results. And the best way to see quick and accurate improvements to your fraud situation is to use fraud detection technology. Kount® can help. Kount has the industry’s leading fraud detection and prevention software with proven-effective solutions. Sign up for a demo today to learn more.

Help me manage fraud

Related content

See more related content
Related Blog Post
Big opportunities, bigger risks in booming health and beauty market
It’s an exciting time for health and beauty merchants, but they need to know these top fraud issues affecting the market, as the space grows.
Related Blog Post
Precision & Recall: When Conventional Fraud Metrics Fall Short
A lot of businesses turn to conventional fraud metrics to set that all-important approval-decline threshold. But a one-size-fits-all approach is not always the most profitable. Let’s look at how a…
Related Blog Post
Why Promo Abuse Fraud Hurts and How to Prevent It
If you aren't accounting for promo abuse, you may experience significant financial losses from decreases in sales and user retention. Find out how to respond.
Related Blog Post
Buy Now, Pay Later: BNPL Risk Management Is Essential
Are you a buy now, pay later service provider? If so, you need to be aware of these BNPL risks -- and know how to manage them. Click here to learn more.
Related Blog Post
What Is Chargeback Insurance?
Chargeback insurance sounds great at first. See what a chargeback guarantee actually covers and find a better way to stop loss from fraudulent transactions.
Related Analyst report
Liminal Names Kount an Industry Leader in Ecommerce Fraud Prevention
Liminal Strategy recently conducted a report analyzing the top 50 ecommerce vendors. Find out here why Kount was named a leading provider in the space.
Related News
Adam Gunther feature on The Future of Identity Podcast
In this Future of Identity podcast episode, Adam talks about his journey in the identity space and tactical factors needed for reusable identity adoption.
Related Guide
7 Fraud Schemes Targeting Restaurants and QSRs
Online ordering and delivery services are great ways to boost revenue for QSRs, but some of those sales are likely from restaurant fraudsters.
Related News
Equifax and VTEX Join Forces with Strategic Partnership
Equifax has joined forces with VTEX to enable customers on the VTEX platform to seamlessly integrate with the Kount Payment Fraud solution.
Related Page
Fraud Detection Software
Kount offers the most accurate risk assessments possible. Our fraud detection software uses machine learning to identify more fraud with fewer false positives.
Related Blog Post
SAFE & TC40 Data: 6 Things You Need to Know
What is TC40 data? How is SAFE data used? Learn more about fraud reporting and how this data can impact chargeback management.
Related Guide
7 Features to Look For When Buying Fraud Technology for Restaurants
It’s important to find fraud protection technology from a provider that truly understands the challenges facing restaurants today.
Related News
Fireside Chat on Post-Transaction Fraud
In this PYMNTS.com interview, Robert Painter talks Visa's CE 3.0 key takeaways and the best strategies for merchants to protect against post-transaction fraud.
Related Blog Post
Card Testing Fraud: Prevent Big Loss From Small Purchases
Card testing fraud can steal revenue and expose your business to other harmful threats. Stop carding before it impacts you. Click here to learn how.
Related Blog Post
Building vs. Buying a Fraud Solution: The Costs and Benefits
Wondering if it’s better to buy a pre-built fraud solution or build your own? Check out this blog to figure out which path is right for you.
Related Blog Post
Elder Financial Exploitation: What Businesses Need to Know
Your business can become a conduit for elder financial abuse. And that could damage your reputation. Learn how to identify and prevent it.
Related Blog Post
5 Major Fraud Risks Edtech Companies Face and How to Avoid Them
Are you getting chargeback but can’t figure out why? Learn about the 5 major fraud threats that could be hurting your business and how to deal with them.
Related Blog Post
Online Streaming Fraud Risks Every Streaming Business Should Know
From password sharing to account takeover, streaming fraud is on the rise. A digital fraud solution can stop fraud risks and improve growth opportunities.
Related Blog Post
Refunding Services Introduce New Risk for Merchants
Ecommerce fraud is always evolving, and refunding services are the latest threat for online businesses. Click to learn how the trend could impact you.
Related Blog Post
Loyalty Program Fraud Prevention: Everything You Need to Know
Loyalty program fraud happens when fraudsters steal customer loyalty rewards. Find out how to protect your customers and your business.
Related Blog Post
How to Detect and Prevent Social Engineering Attacks
Ever heard of social engineering? It’s the newest threat to your business. Find out what it is, how to detect it, and ways to protect your company.
Related Blog Post
Fraud Detection Rules: What They Are & How They Impact Outcomes
Shopping for a fraud prevention vendor? The topic of fraud detection rules will probably come up. Here's what to know - and how to evaluate a solution provider.
Related Blog Post
Egift Card Fraud Prevention: The Complete Guide
Egift card fraud can drain revenue and frustrate customers. Check this guide to learn everything you need to know about how it happens and ways to prevent it.
Related Blog Post
Refund Fraud: What It Is and How to Stop It
Refunding fraud is unfairly stealing your revenue. Find out how to stop online return fraud scams and protect your business.
Related Blog Post
Digital Wallet Fraud: Protect Your Business From Evolving Risks
Digital wallet payments are on the rise, and so are the risks to merchants. Find out how to protect your business from threats that come with new payment types.
Related Page
Ethoca Alerts
Stop more chargebacks with less effort today! Easy to use and proven results to protect your revenue.
Related Blog Post
Online Gaming Fraud Detection: How to Secure Your Online Games
Understand the fraud threats facing your business so you can stay ahead of fraudsters. Check out this blog for prevention tips.
Related Blog Post
Machine Learning Fraud Detection and Prevention Guide
Using machine learning fraud detection can improve business processes and increase revenue. Read more in our detailed guide.
Related Blog Post
Why Restaurants are Experiencing an Increase in Fraud
Restaurants and QSRs have experienced a massive shift in customer buying behaviors – which has brought a lot of new fraud threats. Learn more here.
Related Blog Post
What Is Account Takeover Fraud? Expert Prevention Tips and More
Struggling with account takeover attacks? Check this free guide. We reveal everything you need to know about account takeover (ATO) fraud and how to prevent it.

AUTHOR

Morgan Ackley

Content Strategist

Morgan has worked in the tech industry for over 5 years. Her breadth of knowledge and curiosity about technology and all things fraud-related drive her to craft compelling, educational pieces for readers seeking answers.