Cover Story:
BEWARE
OF THE PERFECT
MATCH

by Lisa Dowling

    Fraud. Chargebacks. Losses. These words strike fear in the hearts of every ISO, acquirer and processor. To protect themselves from the evil of criminal merchants, payment-processing organizations look to a myriad of weapons. One such weapon is MATCH.
    MasterCard introduced this program back in 1987 to help bankcard issuing and processing companies determine whether to sign up a merchant. It was intended to function as one of many tools to be utilized against fraudulent merchants. At that time, it was called “Combined Terminated Merchant File” as a joint venture with Visa. In 1995, that joint venture ended and the system was re-invented as “Member Alert To Control High Risk (Merchants)” or MATCH. Why did Visa pull out? It was all about access, or lack thereof. Since this database resided on MasterCard’s system, it created unavoidable delays in usage from Visa’s point-of-entry. Attempts to rectify the situation were futile and Visa bowed out, giving MasterCard the go ahead to run it exclusively.
    Designed to provide acquirers with the ability to develop or enhance risk information, MATCH is a database containing the names of merchants that have defrauded the industry. Association members and processors utilize this database to check for merchants who, for one reason or another, created issues within the system and were terminated by an ISO, processor or member. As a result, their business name appears in MATCH as a reference point for others to be wary or outright avoid doing business with them.
    How does the data get into the system? According to a member of MasterCard’s legal department, when an acquirer terminates a merchant and a certain condition exists, such as excessive chargebacks, the acquirer is obligated to report that merchant to the MATCH file.
    It is important to note that those certain conditions have evolved since MATCH first came into the industry. Going back 10 years, reasons for reporting merchants were subjective in definition. At that time, MasterCard didn’t clearly define what conditions needed to be reported. As a result, the system was used for more broad issues. Merchants who had small numbers of chargebacks but were interpreted by their acquirers as more than met their internal standards, found themselves in the MATCH system. About four or five years ago, MasterCard re-examined its policies and quantified them. Now, if an acquirer reports a merchant at the time of termination, it is because the chargebacks-to-sales ratio is in excess of a percentage clearly defined in MasterCard’s rules and regulations. The end result, MATCH has become more objective…but not the final word.
    One obvious flaw in this system is the fact that there is no back up in place if acquirers don’t send in accurate merchant information. MATCH is only as good as the data it receives.
    It is also important to point out that MATCH is not an open file to the industry. MasterCard has proprietary ownership over it and only allows association members to access the data.
    How does access occur? An acquirer will send in a merchant name through its processor or member bank. That name is then passed on to MasterCard where internal staff run it through the MATCH file to see what comes out—either a possible match or no match. The results of that run are delivered back to the processor and/or member bank who then forward it back to the originating acquirer.
    MasterCard’s legal rep is quick to point out that the results of the MATCH run are fed back not as gospel but as a simple statement that this is what information was in MATCH regarding the name submitted. In essence, the acquirer is on its own. MasterCard can’t guarantee that the information is even related to that particular merchant and emphasizes the acquirer to use it to its own ability. MasterCard specifically disclaims any warranty of accuracy or fitness of information. MasterCard stresses that site inspections, business license checks, principal checks through Dunn & Bradstreet, inventory checks and prior relationship checks are what each ISO and processor should initiate when signing up a merchant–in addition to a MATCH check.
    The question then arises as to who holds the liability regarding boarding undesirable merchants.
    Since MasterCard is structured legally with banks as its members and those banks have their own agent relationship with ISOs and processors, MasterCard looks to its members for liability and responsibility.
    This particular issue of liability and responsibility has caused a number of unfortunate situations amongst ISOs and processors. Take for example, the recent dispute between Global Payments and Money Tree Merchant Services.
    Money Tree started to see an unusually high volume of chargebacks with a handful of merchants and became concerned that something wasn’t right. During the course of their internal investigation, they contacted the suspect merchants, examined transactions and inquired of Global to recheck if these merchants had been successfully run through MATCH. As is the case with all ISOs, Money Tree is not granted access to the MATCH file and thus had to rely on its processor to successfully make the MATCH request. If MATCH sends back a red flag, the processor should then inform its ISO partner.
    According to Lance Maiss, attorney for Money Tree, Global denied any knowledge of a match for the merchants in question. Money Tree persisted and gained temporary access to MATCH and obtained reports that they allege showed that nine merchants were on MATCH prior to their being boarded. Money Tree accused Global of never having run these merchants through MATCH, or if they had, never informing Money Tree of the results. The bottom line according to Money Tree, was, had they had those reports, they never would have signed up those merchants. As a result, Money Tree incurred six figure hits and sued Global.
    On the other side of the table are the facts according to Global. Jim Kelly, CFO for Global Payments, weighed in on the dispute. He contends that the settlement was in payment of a billing issue and not a MATCH issue.
    “There is a lot of focus on the MATCH system as way to root out fraud and merchants that have had problems in the past,” says Kelly. “It is not a fool proof system. It is a means of sharing information. Merchants try to cover their tracks. MasterCard does not indemnify you if you found that XYZ Company was not in the system at the time of boarding and then popped up later.”
    When Money Tree argued that Global never told them of any matches found, Global retaliated by saying they had no evidence that the system ever ran a MATCH check. Global argued that Money Tree never prompted the MATCH inquiry to occur. A classic case of he said, he said!
    This difference of opinion is evident in the many exchanges Transaction World had with both sides. The final judgment is a matter of public record. The months of discussions leading up to that judgment do not need to be detailed in this article. Basically, after a year of legalese, document exchanges and heated meetings, the two parties decided to settle out of court. This past November, Money Tree was awarded $50,000.00.
    “We settled out of court for financial reasons, time element and the difficulty in obtaining information needed to prevail,” says Maiss. “MasterCard was very difficult to deal with in getting the facts about MATCH. It wasn’t a typical settlement but an agreement was reached between the parties.”
    Based upon contracts he has seen between ISOs and processors, Maiss stresses that very clearly defined obligations, responsibilities and duties be set forth in ISO/processor agreements as to risk issues, especially relative to MATCH. Additionally he believes that if ISOs had limited access to MATCH, these types of losses could be avoided.
    As CEO of Money Tree, Mitch Lau echoes that sentiment and feels it was important to pursue this matter. He sees it as a moral victory and contends that his company is not alone in this plight.
    “I talked with a number of other ISOs who claimed they were taking hits as well because of the failings of the process,” says Lau. “The MATCH system was never designed for ISOs, but we take the most risk. I think its workings need to be distributed away from the members to the organizations that are taking all the risks.”
    “MATCH is an information data base that is used by parties to keep track of merchants that we need to stay away from,” says Kelly. “Ultimately whether you are an ISO or processor or member, the liability falls back to you. ISOs are very successful at what they do. They are balancing economics of adding new business with the risk associated with that. I’m sure they can figure out that balance, factor it into their operation and achieve success. They have to do their due diligence. MATCH is not an insurance plan. ISOs are not purchasing a policy that insures them against losses. They must use a lot of tools of which MATCH is just one. In hindsight, if the ISO does the right underwriting, they will find the information. We use MATCH in concert with many other traditional underwriting tools. ISOs are hanging too much on this one system.”
    With all the changes in the industry with third parties selling bankcards as well as ISOs and processors needing accurate information, does MATCH ultimately meet their needs? Fundamentally, MATCH has not changed since its inception. The most significant change was taking subjective list reasons and turning them into objective list reasons. It operates largely as it did in 1987 with the most notable difference being that American Express is now a participant in MATCH. According to MasterCard’s legal representative, AMEX found it to be an attractive and worthwhile tool for their merchants and joined forces with MasterCard about the same time MATCH requirements were quantified.
    MasterCard’s legal rep also stated that no changes are in the works to MATCH. It will stand as is, at least for the present time. That means that ISOs and processors must not rely solely on MATCH to check out a merchant. MasterCard’s message is clear—use MATCH for the purpose that it was intended, i.e. one more tool in their counter-fraud measures tool belt. Don’t rely on it for more than that, but don’t stay away from it either. MATCH is one more arrow in your quiver and if you use it in that way, it will be a valuable arrow. It doesn’t excuse all other pre-signing activities in which a competitive professional organization should engage.