Scheme Enforcement Is Rising. Are You Prepared?
Getting approved for a merchant account can be viewed as a major milestone, especially for businesses with complex setups, multi-jurisdictional footprints or high-risk service models. It’s the result of months of document gathering, underwriting reviews, and compliance checks. But in reality, onboarding is just the starting point. The most critical phase begins after onboarding in performance management, where gradual shifts in business activity, customer behaviour, or operational processes start to challenge the risk assumptions an acquirer originally approved.
These changes rarely present themselves through sudden failures. They surface quietly through subtle increases in refund rates, shifts in decline codes, overlooked compliance updates that, over time, alter how a merchant’s risk profile is perceived.
Although these changes may not set off immediate alarms, they still have consequences. Once internal thresholds are crossed, acquirers typically will take action by delaying payouts, increasing reserves, and, in some cases, even terminating accounts.
For merchants, staying ahead of these silent shifts is not optional. The ability to detect small deviations early and provide clear, data-backed explanations often determines whether the processing relationship remains stable. This requires more than passive monitoring; it demands an active, structured approach to managing how the business’s evolving activity is perceived by the acquirer.
Over the years, our team at Stream Payments has learnt that strong performance management isn’t a one-off task, it’s a continuous process. Any shift in operations, whether it’s a new marketing campaign, a product change, or a fulfilment delay, needs to be identified, understood, and communicated before an acquirer has to guess what’s going on.
The first warning usually comes from the merchant own data i.e. a spike in refunds, a sudden change in decline codes, or an unexpected jump in volume. How quickly and clearly merchants respond to those signals often decides whether a MID remains active or is suspended.
How a MID Starts to Drift
From a merchant’s perspective, the concerns from acquirers can appear sudden, but in reality, they usually stem from small, gradual shifts in operational data that accumulate over time. These changes often go unnoticed until they start to affect the merchant’s risk profile, causing acquirers to intervene. For example:
Refund rates may increase gradually, often by ten basis points each week.
Chargeback ratios can rise from 0.5% to 0.9% over a couple of months.
Authorisation rates may drop from 88% to 74%, with an increase in issuer decline codes such as 05 (Do Not Honour), 62 (Restricted Card), and 65 (Exceeds Withdrawal Limit), even when the gateway systems report stability.
These shifts can accumulate over time without triggering immediate alerts, causing significant exposure. In addition, changes within a merchant’s business, such as expanding the product offerings, adjusting the billing structures, or entering new markets can introduce risk dynamics that alter the transaction behavior and affect the acquirer’s view of the merchant's risk profile.
While any of these deviations can be addressed if identified and explained promptly, delays in providing clear, data-supported narratives often lead acquirers to take precautionary measures. These may include raising reserve requirements, delaying settlements, or terminating the merchant account. To avoid such outcomes, merchants must implement monitoring systems that detect subtle shifts in transaction patterns, such as geographic anomalies or unusual refund clusters. Proactive detection and immediate communication of these shifts are essential to maintaining the acquirer confidence and preserving account stability.
Early Signals of an Acquirer Discomfort and Risk Management
EU acquirers monitor their merchant portfolios by continuously tracking key risk indicators such as chargeback ratios, fraud levels, geographic shifts in transactions and the issuer decline patterns. These metrics are analyzed in real-time using sophisticated dashboards that consolidate the data across the entire portfolio.
When risk signals are detected, whether from a single merchant or multiple merchants, acquirers follow a structured internal escalation process. Initially, they may reach out to the affected merchant for clarification or documentation, such as updated PCI compliance records or a dispute management plan. However, if the merchant fails to respond promptly or adequately, the acquirer’s approach becomes more cautious. This may involve less frequent communication from account managers while the acquirer’s internal teams, including legal and risk, begin preparing for potential account restrictions or termination.
Acquirers are also vigilant about systemic risk, which affects not just one merchant but the entire portfolio. For instance, if one merchant in the portfolio is experiencing high chargebacks or fraud, it can elevate the overall risk level for the acquirer. To manage this, the acquirer may take broad risk mitigation actions that affect all merchants in the portfolio, even those whose individual performance is stable.
This escalation process is typically done without direct communication with the affected merchants, making it rare but highly consequential when it happens. Acquirers prefer to manage risk through internal processes and aggregated data rather than relying solely on real-time merchant communication. This means merchants might not realize the full extent of the acquirer’s actions until funds are delayed or reserve requirements are raised.
In such cases, the acquirer may implement precautionary measures, such as:
Raising reserves (the funds set aside to cover potential future risks)
Delaying payouts for all merchants in the portfolio
These actions help protect the acquirer from the cumulative risk that could arise if multiple merchants contribute to higher exposure levels. Essentially, the acquirer increasingly prioritises the overall stability of the portfolio over individual merchant performance.
In this context, communication from merchants is crucial. If merchants are proactive in identifying potential risks or changes in their business operations, they can prevent escalation and mitigate the impact on their accounts. This is key to maintaining stability and avoiding unnecessary risk management actions by the acquirer.
Understanding Scheme-Level Consequences
When acquirers detect risk signals such as fraud spikes, high chargebacks, or unusual dispute patterns, they don’t just act on individual merchant accounts. They are bound by strict guidelines from Visa and Mastercard designed to safeguard the health of the entire acquiring portfolio. In recent years, this has evolved into a more focused, portfolio-first approach, where one merchant’s issues can trigger consequences for many others.
This shift reflects two main priorities:
Portfolio-Level Risk Management
The schemes now expect acquirers to detect and address issues across their whole merchant base, not just in isolation. This means proactive intervention before smaller problems escalate into systemic risk.Long-Term Merchant Stability
Blacklist programs like Visa’s VMSS and Mastercard’s MATCH have become more impactful, restricting a merchant’s ability to secure new acquiring partners and keeping them under heightened monitoring for extended periods.
Both Visa and Mastercard operate multiple independent programs that act as triggers for different categories of risk. Each program has a distinct focus, but together they give schemes and acquirers a layered approach to protecting portfolio health.
VAMP (Visa Acquirer Monitoring Program) monitors fraud and chargeback patterns at the portfolio level. It looks for sustained risk trends rather than reacting to one-off incidents. When thresholds are breached, Visa alerts the acquirer, who may then increase reserves, delay settlements, or issue compliance notices. Because VAMP aggregates data across the entire portfolio, a merchant with clean individual KPIs can still be affected by underperformance elsewhere. Risk algorithms do not always distinguish between seasonal surges and persistent issues, meaning even predictable spikes can trigger intervention.
BRAM (Mastercard Business Risk Assessment and Mitigation) and VIRP (Visa Integrity Risk Program) go beyond transaction metrics. They assess whether a merchant’s business model, products, and marketing practices still align with scheme and acquirer rules, even if the data is clean. High-risk sectors such as payday lending, subscription services with elevated refund rates, or regulated products are often flagged. A single complaint or regulatory inquiry can also trigger investigation and corrective measures.
ECMP (Excessive Chargeback Merchant Program) and EFMP (Excessive Fraud Merchant Program), both from Mastercard, apply when a merchant crosses defined chargeback or fraud thresholds. Breaching these ratios prompts compliance reviews, operational changes, and sometimes temporary restrictions until performance stabilises.
VMSS (Visa Merchant Screening Service) and MATCH (Mastercard Member Alert to Control High-Risk Merchants) are the industry’s blacklists for severe or repeated violations. Being listed can severely limit acquiring options, increase reserves and fees, and subject merchants to intrusive ongoing monitoring. Removal is possible but requires sustained clean performance and, often, formal appeals.
Why This is Important for Merchants
These programs act sooner, enforce more broadly, and keep merchants under closer watch than in the past. Staying compliant now means more than managing fraud and chargebacks, it requires keeping the business model, marketing, and operational practices aligned with scheme rules at all times. Merchants who ignore these signals risk being caught in portfolio-level measures that can disrupt operations even if their own metrics appear stable.
A Structured Performance Management Framework
Performance management is the difference between getting approved and staying approved. For complex business models and high-risk merchants, the stakes are higher, but so is the opportunity. Acquirers who trust your ability to manage risk are more likely to extend better terms, faster payouts, and long-term processing relationships.
The best time to manage your account’s performance is before there’s a problem. With disciplined monitoring, quick response to early signals, and transparent acquirer relationships, you can turn onboarding from a fragile starting point into a sustainable advantage.
StreamPayments Framework for Staying Healthy
At Stream Payments, we believe performance management begins the moment a MID is activated, not when risks surface. In complex acquiring models, trust is earned daily through proactive monitoring. Our role is to interpret acquirer signals early, enabling merchants to stay ahead of reserves, payout delays, and compliance scrutiny.
We recommend embedding a four-step framework into merchant operations:
Baseline Your Risk Profile
Know exactly what you were approved for, including industry, MCC, volumes, average ticket, and countries, and track any deviations from this baseline.Build Real-Time Dashboards
Combine PSP and internal data so you have a single, consolidated view of your processing health.Set Internal Alert Thresholds
Establish limits that trigger action well before you approach scheme or acquirer thresholds.Document and Report
Maintain a concise monthly performance summary you can share with your acquirer to demonstrate control.
Our team monitor merchant performance in real time to spot early risk indicators and act before issues escalate. Daily alerts flag spikes in fraud, chargebacks, or unusual volume changes, enabling swift action. By balancing transaction volumes across multiple PSPs, we reduce the risk of reserve increases or processing caps. Regular checks on content, descriptors, and KYC data help maintain compliance and avoid penalties.
