
Diana Vorniceanu
07 Jul 2026 / 8 Min Read
Amber McGirr, Founder & Principal Consultant of Chargeback Nerd, unpacks Mastercard's new scam merchant initiative, set to take effect 24 July 2026. In this analysis, she explains what the revised approach means for merchants, acquirers, and payment facilitators alike – and why it signals a broader shift in how the card network thinks about fraud.
Mastercard's latest merchant trust update asks a different question than previous monitoring initiatives. Instead of asking ‘has this merchant already caused harm?’ it increasingly asks ‘can this merchant be trusted before significant harm occurs?’
Effective 24 July 2026, Mastercard requires all global acquirers and payment facilitators to investigate merchants exhibiting specific scam-related risk signals within 72 hours. If the investigation confirms scam activity, acceptance of Mastercard and Maestro must be terminated immediately.
One of several merchant-level indicators might trigger an investigation by your PSP, including:
For newer merchants, Mastercard has introduced heightened scrutiny. If refunds and chargebacks combined exceed 5% of purchase transactions over a rolling 30-day period (at least 500 transactions), an investigation may be required.
The objective is straightforward: identify scam operations before they can generate significant consumer harm. The challenge is that some of the same signals associated with scams can also appear in legitimate businesses. That makes this about more than compliance. It represents a broader shift toward evaluating merchant trust throughout the merchant lifecycle – and it affects merchants, PSPs, and acquirers alike.
Mastercard’s update boils down to two main changes.
First, it raises the bar for merchant onboarding. Stronger onboarding isn't about collecting more paperwork. It's about understanding a merchant's business before risk appears. What does the merchant sell? How do customers pay? How are products delivered? What happens when something goes wrong?
Second, it adds tougher monitoring requirements. The goal is to spot scam merchants faster and keep the ecosystem cleaner.
Together, these changes expand the role of PSPs and acquirers beyond payment processing to ongoing merchant oversight. Merchants should expect greater scrutiny from onboarding onward.
Let’s get clear on three terms Mastercard uses before we talk about what all this actually means.
Monitoring uses to flag merchants that may warrant further review
In plain English: Merchant Trust Services is the umbrella, Scam Merchant Monitoring sits underneath it, and the Scam & Risk Indicator is one of the tools that feeds data into the process.
The real story with Merchant Trust Services isn’t just another set of monitoring requirements from Mastercard.
It’s that the industry is beginning to evaluate merchants differently.
Old-school monitoring waited for problems to show up in the numbers. Merchant Trust Services tries to get ahead of the curve by tightening onboarding and detecting issues earlier in the merchant lifecycle.
That’s a real shift for the industry.
Scam merchants don’t announce themselves. Most look fine until complaints, refund spikes, or other red flags start to surface. Catching them earlier is good for everyone except the scammers.
The catch is that legitimate businesses can trigger the same signals.
Fast growth, shipping delays, more refunds, recurring billing headaches, or a rough patch in customer service don’t always mean fraud. But they look a lot like the patterns that get flagged by monitoring systems.
You don’t have to be a bad actor to end up under the microscope, and that’s why transparency matters more than ever.
One of the most important questions surrounding any scam-focused initiative is how legitimate businesses may be affected.
Plenty of legitimate businesses end up with operational patterns that look risky from the outside.
Rapid growth, high refunds, fulfilment delays, customer service gaps, or recurring billing disputes all create friction. None of these mean fraud by default, but they do light up the dashboards.
Recurring billing, cancellations, forgotten renewals, and refund requests all create more friction than a simple retail sale. Digital services, SaaS, travel, and anyone with delayed fulfilment run into the same headaches.
These merchants are not inherently higher risk.
Their business models just make it more likely that customer issues will trigger the signals monitoring systems are built to spot.
It just shows how important it is to know how your operations look to a risk monitoring system. As oversight becomes more proactive, being able to clearly show how your business operates may become just as important as what you actually do.
Under the new requirements, acquirers may have significantly shorter investigation windows when potential scam activity is identified.
Acquirers have always had to balance fraud prevention with merchant support. Investigations usually mean digging through documentation, looking at transaction patterns, asking for more info, and trying to get the full picture before making a call. Shorter timelines increase reliance on available data and established risk signals, leaving merchants less time to provide context for unusual activity.
That’s a problem for merchants who’ve a good reason for odd activity but can’t get that context across quickly.
A supply chain hiccup might look like a blip to the merchant, but to a risk analyst staring at a spike in refunds and complaints, it can look like something else entirely.
The faster the window, the more prep matters.
Merchants will have less time to explain themselves after the fact and more responsibility to make sure their practices are clear before anyone starts asking questions.
While many implementation details are still emerging, merchants don't need to wait to begin preparing.
The common thread is simple: reduce ambiguity. Make your business easy to understand. For customers, PSPs, and acquirers alike.
The easier it is for all parties involved to understand how your business operates, the easier it becomes to distinguish a legitimate merchant from one that simply appears legitimate.
There are three practical places to start.
Scams thrive when customers feel confused, misled, or unable to obtain support. The same pain points that drive complaints and disputes also light up risk systems.
Merchants should review:
A legitimate merchant should be able to quickly demonstrate what it sells, how customers are billed, what customers agreed to, how products or services are delivered, and how refunds and cancellations are handled.
Transparency helps customers, but it also helps acquirers and risk teams understand the business if questions arise.
Most merchants track disputes and fraud. Fewer actually know how their business looks from a risk monitoring perspective. Keep an eye on trends in refunds, complaints, authorisation rates, fulfilment hiccups, and customer service stats.
A business does not need to be fraudulent to raise concerns. Understanding those signals before someone else notices them is often the best defence.
These recommendations are not new, they’ve always represented good business practices. What’s changed is that now you must prove you’re doing these things, because the payments ecosystem is watching for trust signals.
Networks aren’t just measuring fraud after it happens anymore. They’re investing in preventing consumer harm earlier and before it becomes widespread through earlier intervention and greater scrutiny of merchant behaviour.
For legitimate merchants, the goal isn’t just to avoid investigations. It’s about building businesses that are transparent, understandable, and trustworthy – from onboarding through every customer interaction.
As more details come out, we’ll get a better sense of how Merchant Trust Services works in the real world. For now, merchants, PSPs, and acquirers should treat this as an early signal that merchant risk management is changing. Time to get ready. The strongest defence against being mistaken for a scam merchant may be making your legitimacy impossible to misunderstand.
Mastercard, Merchant Trust Services, 2026.
Solidgate, Mastercard Scam Merchant Monitoring Program (SMMP): What Merchants Need to Know, 2026.

Amber McGirr is a payments industry advisor specialising in chargeback risk strategy, and founder of Chargeback Nerd. With more than a decade of experience in payments and dispute operations, she translates network rules, transaction data, and operational insights into practical risk-management strategies.

Chargeback Nerd is a payments risk advisory firm specialising in dispute strategy, card network compliance, and fraud prevention. We help merchants, payment providers, and technology companies reduce risk, improve recovery outcomes, translate evolving payment rules, and build more effective dispute management solutions.
The Paypers is a global hub for market insights, real-time news, expert interviews, and in-depth analyses and resources across payments, fintech, and the digital economy. We deliver reports, webinars, and commentary on key topics, including regulation, real-time payments, cross-border payments and ecommerce, digital identity, payment innovation and infrastructure, Open Banking, Embedded Finance, crypto, fraud and financial crime prevention, and more – all developed in collaboration with industry experts and leaders.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright