Mastercard Excessive Fraud Merchant: What is This Program & How Do You Get Out of it?
The Mastercard Excessive Chargeback Merchant (or ECM) and the Excessive Fraud Merchant (or EFM) designations are two initiatives instituted in 2019 by Mastercard. The programs are meant to track fraud and chargebacks, and to try and keep incidents of both under control.
Do they work, though? What does entry into the Mastercard EFM mean for your business? Most importantly: is there a way out?
We covered the ECM in more detail in another article. Today, though, let’s take a look at the EFM and see what this platform means for anyone who accepts Mastercard transactions.
Recommended reading
- High-Risk Credit Card Processing: The Best Providers of 2024
- What is the Amex Fraud Full Recourse Program?
- High-Risk Merchant Accounts: The Best Providers of 2024
- How the Terminated Merchant File Can Affect Your Business
- Merchant Account Reserves: What You Need to Know in 2024
- Visa Dispute Monitoring Program: What is the VDMP?
What is the Excessive Fraud Merchant Program?
- Excessive Fraud Merchant
The Mastercard Excessive Fraud Merchant program is a fraud compliance scheme created by the card network. The program's purpose is to exercise oversight regarding eCommerce merchant activity and prevent excessive fraud from occurring on the Mastercard network. This is achieved by imposing penalties on merchants for noncompliance.
[noun]/ik • ses • iv • frôd • mər • CHənt/As we mentioned above, the Mastercard EFM is a counterpart program to the Excessive Chargeback Merchant program. Both are part of the North America Assurance Framework.
The basic point of the EFM program is to stop fraud instances resulting from eCommerce transactions. Mastercard explains that this program creates “a more secure ecosystem and provides a better experience for cardholders.”
How Does the Excessive Fraud Merchant Program Work?
With the Mastercard Excessive Fraud Merchant program, the card network sets pre-established fraud thresholds (we’ll examine these in more detail below). These thresholds mean there’s a hard limit on the number of transactions you can process each month that later turn out to be fraudulent.
Of course, not all fraudulent transactions are the same. Mastercard only counts card-not-present, eCommerce transactions for which a chargeback is filed using reason code 4837 (“No Cardholder Authorization”). Chargebacks filed using legacy reason code 4863 (“Cardholder Does Not Recognize — Potential Fraud”) were also subject, but this reason code has been retired and is no longer used.
Mastercard tracks your compliance with their fraud threshold at the merchant ID level. If you breach those thresholds, Mastercard will send a notification to your acquirer. This could result in significant financial penalties for you as a non-compliant merchant. Specific penalties will also be communicated to the acquirer by Mastercard.
In other words, you’ll face stiff fines imposed by the card network if you experience excessive fraud. Plus, these fines could increase the longer the problem persists.
Where is the Mastercard EFM in Effect?
Although the EFM is a global program, there are specific regions and countries in which the rule does not apply. Current exceptions to the program include merchants based in any of the following markets:
- Ascension and Tristan Da Cunha
- Germany
- India
- Liechtenstein
- Helena
- Switzerland
Why is Mastercard Doing This?
Card networks like Mastercard acknowledge that identifying and preventing all fraudulent activity is unrealistic for most merchants. Mistakes can happen. A bad actor might slip through merchants’ defenses from time to time.
But, while preventing 100% of fraud may be unrealistic, the company still wants to minimize the number of incidents that occur on its network. Their reputation is tied to the security and stability of card payments. Thus, allowing uncontrolled fraud on their network could damage their reputation. It could shake consumer confidence in payment card security over time.
The Mastercard Excessive Fraud Merchant program isn’t designed to punish merchants for incidents outside of their control. Rather, the EFM program is meant to provide negative reinforcement to motivate merchants to keep fraud in check.
Some merchants find this unnecessary or unfair. They’ve argued that the merchant’s own self-interest would motivate any legitimate business to mitigate their fraud risk. But, this is why the program specifically focuses on identifying and removing bad actors from the Mastercard system.
Each card network wants to create a fair and sustainable payments ecosystem for cardholders, banks, and merchants. Unfortunately, that means some legitimate merchants who experience excessive attacks from fraudsters may get caught in the crosshairs.
Calculating EFM Fraud Thresholds & Fees
Fraud thresholds — and the associated noncompliance penalties — are nothing new. Mastercard has had similar requirements in place for years. Other card networks like Visa also have programs outlining acceptable levels of fraud incidents.
Learn about the Visa Fraud Monitoring ProgramThe Mastercard Excessive Fraud Merchant program is targeted at streamlining enforcement and facilitating faster communication between acquirers and the card network. The goal is to make merchant compliance a more accurate process with greater accountability.
Below are the monthly thresholds that could place you in the program:
EFM Monthly Criteria
Number of Electronic- Commerce Transactions | Fraud Chargeback Amount | Fraud Chargeback Basis Points | 3DS Utilization (Including Data Only Transactions) |
1,000 or more | EUR/USD 50,000 or more | 50 or more | - Less than 10% (Non-regulated Countries) - Less than 50% (Regulated Countries) |
If you surpass these thresholds, you could get hit with monthly financial penalties. And, these penalties increase with each month you spend in the program.
Listed below is the assessment schedule based on the number of months that you remain above the program criteria:
EFM Assessment Structure
Number of Months Above EFM Thresholds | Violation Assessment |
1 | 0 |
2 | EUR/USD 500 |
3 | EUR/USD 1,000 |
4 to 6 | EUR/USD 5,000 |
7 to 11 | EUR/USD 25,000 |
12 to 18 | EUR/USD 50,000 |
19 + | EUR/USD 100,000 |
Mastercard started assessing financial penalties associated with the program in November 2020. Penalties are based on the number of fraud incidents reported in the previous month. For example, any penalties assessed in November would be tied to incidents that occurred in October.
Avoiding EFM & Associated Fees
You may be able to request an extension for compliance by contacting your acquirer. However, this would be at Mastercard’s discretion and is not likely to be approved.
If Mastercard determines that you’re subject to the EFM program, there’s no way to appeal the decision or avoid the resulting penalties. At that point, the only option is to try and get your fraud incidents below the acceptable thresholds.
We always recommend that merchants adopt a multilayer approach to fraud management. This should include a number of complimentary fraud tools, including:
- Address Verification Service (AVS)
- CVV verification
- 3-D Secure 2.0 technology
- Fraud blacklists
- Velocity limits
- Geolocation
These tools should be backed by dynamic fraud scoring, which looks at a range of indicators to gauge the amount of risk posed by each transaction. The tool can then flag transactions for manual review or reject them automatically (depending on your settings).
Learn more about fraud detectionFraud isn’t a monolithic problem. There are countless different angles and schemes that criminals can leverage to take advantage of the situation. Plus, as technologies and business practices evolve, these crafty criminals will constantly devise new methods of separating you from your money.
With a multilayer strategy in place, you stand a fighting chance of preventing fraud. This is the only way to keep yourself clear of those substantial Excessive Fraud Merchant program penalties.
A Multi-Tiered Strategy is Best
Adopting a comprehensive, multi-tiered approach to fraud and chargeback prevention will go a long way to reducing the risk you face from both threats. The smartest and most efficient way to do this is to:
- Combine complementary fraud tools
- Prioritize customer service and order follow-ups
- Keep excellent records
- Limit your exposure to friendly fraud
- Fight back against illegitimate chargebacks
We always recommend merchants start by identifying chargebacks according to their true source. Tools like Intelligent Source Detection™ can help merchants trace their chargebacks to missteps and errors, criminal fraud, or friendly fraud. We then recommend a two-part approach to chargeback management: fight chargebacks caused by friendly fraud and prevent all other chargebacks.
Ready to learn more about how to stop fraud and chargebacks, recover your revenue, and avoid costly Mastercard fees? We’re here to help. Click below to speak with one of our qualified chargeback experts today.
FAQs
What is the Mastercard EFM program?
The Excessive Fraud Merchant program is a fraud compliance scheme created by Mastercard. The program's purpose is to exercise oversight regarding eCommerce merchant activity and prevent excessive fraud from occurring on the Mastercard network. This is achieved by imposing penalties on merchants for noncompliance.
What is an excessive Mastercard fraud rate?
Mastercard will designate your fraud rate as “excessive” if the number of chargebacks you receive each month with a “fraud” reason code exceeds 0.5% of transactions. You must also receive 1,000 or more fraud-designated transactions per month, and the dollar value of those transactions must exceed $50,000.
What happens if a merchant has too many fraud incidents?
Merchants who surpass acceptable thresholds could be liable for penalties that increase with each month they spend in the program. Merchants will see no penalties after one month. However, nineteen or more months in the program would result in a monthly penalty of $100,000.
How do you get out of the Mastercard EFM program?
The only way to get out of the Mastercard Excessive Fraud Merchant program is to lower your exposure to fraud. Using and combining various fraud tools and best practices can go a long way to reducing merchant risk.