Additional Requirements for Key-entry Telecom Merchants

A key-entered telecom transaction occurs when a person calls a central access phone number to access a system that enables the placement of a subsequent local or long-distance call, and bills the cost of the call(s) to a cardholder's payment card account. The account number and expiration date are entered using the phone's key pad. The transactions may include, but are not limited to, voice calls, fax calls, data connections, or other dialed connections using voice or data lines.

A key-entry telecom merchant enters a merchant agreement with an acquiring bank to initiate key-entered telecom transactions, which must be identified with card acceptor business code (MCC) 4813 and Transaction Category Code (TCC) T. These codes specify a key-entry telecom merchant providing single local and long-distance phone calls using a central access number in a card-not-present environment using key entry.

• Registration and monitoring of key-entry telecom merchants. Before an acquiring bank may process key-entered telecom transactions from a merchant, it must register the merchant with MasterCard as described above.The acquiring bank must ensure that the key-entry telecom merchant complies with the fraud control standards and maintains a total chargebacks-to-interchange sales volume ratio below the Excessive Chargeback Program thresholds.
  
  The acquiring bank must maintain an individual fraud control action plan for each of its key-entered telecom merchants before acquiring these transactions. MasterCard may request a copy of this action plan and require changes as a condition to the initiation or continuation of acquiring key-entered telecom transactions.
  
  The acquiring bank must notify MasterCard (through the MasterCard Registration Program system) of each of its key-entry telecom merchant with a chargebacks-to-interchange sales volume ratio exceeding 1% (transaction count) or 2.5% (dollar amount) for any two consecutive months. The acquiring bank must notify MasterCard by the 15th day of the month immediately following the two consecutive months in which the ratio exceeds these thresholds.
  
  The acquiring bank continuously must monitor:
  
  
  
  • Call duration.
    
  • Originating and terminating phone number frequency.
    
  • Multiple geographic origins for the same account.
    
  • High-risk countries.
    
  • Known fraud-prone account numbers.
    
  • Originating and terminating phone numbers known to be used for fraud or attempted fraud.
    

General MasterCard Monitoring Requirements

The monitoring requirements described in this section apply to members that acquire key-entry telecom transactions, eCommerce adult content (videotext) transactions, or transactions from merchants identified under the MasterCard Excessive Chargeback Program:

• The acquiring bank must ensure that each such merchant implements real-time and batch procedures to monitor continually all of the following:
  
  • Simultaneous multiple transactions using the same MasterCard card account number.
    
  • Consecutive or excessive attempts using the same MasterCard card account number.
    
  
  When attempted fraud is evident, a merchant should implement temporary BIN blocking as a fraud deterrent.


• On a monthly basis, effective one calendar month from the date of such merchant's registration with MasterCard, the acquiring bank must submit to MasterCard (via the MasterCard Registration Program) a report of sales, chargeback, and credit activity by calendar month.
  

General MasterCard Registration Requirements

Acquiring banks must provide the following information for each merchant or Third Party Processor (TPP) to be registered under the MasterCard Registration Program:

• The name, doing business as (DBA) name, and address of the merchant or TPP.
  
• The central access phone number, customer service phone number, or email address of the merchant or TPP.
  
• The name(s), address(es), and tax identification number(s) (or other relevant national identification number) of the principal owner(s) of the merchant or TPP.
  
• A detailed description of the service(s) that the merchant or TPP will offer to cardholders.
  
• A description of payment processing procedures, cardholder disclosures, and other practices including, but not limited to:
  
  • Data solicited from cardholder.
    
  • Authorization process (including floor limits).
    
  • Customer service return policies for card transactions.
    
  • Disclosure made before soliciting payment information.
    
  • Data storage and security practices.
    
• The identity of any previous business relationship(s) involving the principal owner(s) of the merchant or TPP.
  
• A certification, by the officer of the acquiring bank with direct responsibility to ensure compliance of the registered merchant or TPP with MasterCard Standards, stating that after conducting a diligent and good faith investigation, the acquiring bank believes that the information contained in the registration request is true and accurate.
  

Only MasterCard can modify or delete information about a registered merchant or TPP. Acquiring banks must submit any modification(s) about a registered merchant or TPP in writing to MasterCard, with explanation for the request.

MasterCard may assess a member that acquires transactions for any of these merchant types without first registering the merchant in accordance with the requirements of the MasterCard Registration Program. A violation will result in an assessment of up to $5,000.

If, after notice by MasterCard of the acquiring bank's failure to register a merchant, that acquiring bank fails to register its merchant within 10 days of notice, MasterCard may assess the acquiring bank up to $25,000 for each calendar month until the acquiring bank satisfies the requirement. In addition, the acquiring bank must ensure that the violation is corrected promptly.

MasterCard Registration Program

The MasterCard Registration Program (formerly Merchant Registration Program) requires the registration of the following merchant types, using the MasterCard Registration Program (MRP) system, available through MasterCard Online:

• Key-entry telecom merchants.
  
• Electronic commerce adult content (videotext) merchants.
  
• Internet gambling merchants - MCC 7995.
  
• Non–face-to-face prescription drug merchants - MCC 5122 and MCC 5912.
  
• Non–face-to-face tobacco product merchants - MCC 5993.
  
• Merchants identified under the Excessive Chargeback Program.
  
• Entities required to implement the MasterCard Site Data Protection Program.
  

If a member bank acquires transactions for any of these merchant types without first registering the merchant in accordance with the MasterCard Registration Program, MasterCard may assess the member as described in the program. In addition, the acquiring bank must ensure that the violation is corrected promptly.

MasterCard Evaluation

If an acquiring bank becomes aware that it is acquiring for a fully collusive merchant, the acquiring bank must notify MasterCard promptly. MasterCard will then determine whether to declare the audited merchant a fully collusive merchant. If MasterCard does determine that the merchant is a fully collusive merchant, MasterCard will:

• Notify the merchant's acquiring bank in writing, and
  
• Identify the merchant as a fully collusive merchant in a Global Security Bulletin, and
  
• Modify the merchant's MATCH record to reflect a reason code change from 00 (Questionable Merchant) to 23 (Merchant Collusion).
  

If the acquiring bank has terminated the merchant, the acquiring bank is required to identify the merchant with reason code 11 (Merchant Collusion). If the acquiring bank continues to acquire from the merchant after MasterCard declares the merchant a fully collusive merchant, the acquiring bank must accept liability for chargebacks with Integrated Product Messages (IPM) message reason code 48491—Questionable Merchant Activity for all fraudulent transactions reported to SAFE at the identified merchant location, for a period of at least one year following publication of the Global Security Bulletin listing that merchant.