Card Scheme Compliance Programs

Home    Security    Risk Guide    Card Scheme Compliance Programs

On this page:

Visa Integrity Risk Program

The Visa Integrity Risk Program (VIRP) was created to ensure that acquirers maintain proper control over their merchants. Its primary goal is to protect the acquirers and the integrity of the Visa payment system by preventing merchants from:

  • Processing transactions that are illegal
  • Engaging in potentially deceptive marketing practices
  • Processing transactions that may adversely affect the goodwill of the Visa payment system

The program aims to address the increasing complexity of local laws and regulations, as well as rising potential for illegal and illicit activities in certain areas.

The Visa Rules require that acquirers submit only legal transactions into the Visa payment system and that all transactions must be lawful in both the seller’s and buyer’s jurisdiction.

The key benefits of VIRP are:

  • Risk reduction – Helps acquirers understand the unique challenges and possible exposures that can occur when doing business with card-absent merchants, especially those with high-integrity risk Merchant Category Codes (MCCs). This, in turn, reduces the potential risk of:
    • Significant program penalties
    • Acquirer’s brand and reputation damage.
    • Financial losses due to inadequate reserves or chargeback and credit risk exposure
    • Restrictions on future portfolio
  • Prompt remedial action – Acquirers are encouraged to implement immediate remedial action to reduce brand risk to their institutions and to Visa.
  • Acquirer risk controls – Visa initiates an assessment of acquirers, their merchants, and agents on a risk-prioritized basis to ensure compliance with the Visa Global Acquirer Risk Standards and the Visa rules.

Visa designates Merchants as High Integrity Risk when they operate in business types that are legal, but without proper controls pose elevated risk to the payment ecosystem.

Under this program, Visa may apply non-compliance assessments. Per the current process, Visa sends a formal notification for each potential or confirmed non-compliance case. The merchant must address in a timely and comprehensive manner the information shared by Visa. For each non-compliance case, Visa may apply assessments. If a Program non-compliance is not remediated, Visa reserves the right to take additional action, including suspension and termination of acceptance privileges.

Mastercard Programs

Mastercard Business Risk Assessment and Mitigation

The Mastercard Business Risk Assessment and Mitigation (BRAM) Program was designed to protect Mastercard and its customers from illegal and brand-damaging transactions, which may pose significant fraud, regulatory, or legal risk, or may cause reputational damage.

Here is a list of identified frequent situations and BRAM violations (the list of violations is not exhaustive):

  • Merchant transaction laundering where the  merchant processed card transactions on behalf of another merchant
  • Illegal sale of prescription drugs and/or tobacco products
  • Illegal Internet gambling or miscoded gambling
  • Illegal purchase, sale, or trade of cryptocurrency
  • Sale of certain types of drugs or chemicals (such as synthetic drugs)
  • Child exploitation
  • Sale of counterfeit merchandise
  • Cardholder coercion

As a result, a monitoring program called merchant Monitoring Program (MMP) was launched to encourage acquirers to proactively monitor and prevent BRAM violations and merchant transaction laundering.

  • Through the MMP, the Service Providers providing BRAM content monitoring and transaction laundering detection can be registered.
  • Mastercard has provided assessment mitigation on investigations where acquirers have implemented monitoring solutions for BRAM and transaction laundering detection.

To prevent assessments under the BRAM Program, the merchant must provide a full and comprehensive explanation of the case within the required time frame.

Mastercard Global Risk Investigation Program

Mastercard Global Risk Investigation Program (GRIP)  is a program that covers compliance cases and Mastercard rules and mandates violations that do not fall within the scope of the other Mastercard Compliance Programs.

GRIP’s most frequently observed non-compliances are related to:

  • Area of use of the License
  • High-risk merchant activities
  • Sanction requirements and prohibited activities
  • High-risk merchant activity – no license, wrong MCC, and so on
  • Subscription scam merchants
  • Discrimination in Digital Environment
  • Deceptive marketing practices
  • Incorrect application of merchant category code, descriptor, and so on

Merchants identified by the GRIP receive a formal investigation letter and are given an opportunity to respond and achieve compliance before potential non-compliance assessments are applied.

Merchants are required to respond to a GRIP investigation within 5 business days and either confirm that they are compliant or provide an action plan of how compliance will be achieved within a reasonable time frame.

If the merchant fails to come into compliance as communicated in the action plan, the compliance case is referred to the Compliance Communications Team for assessments.

This team sends a Non-compliance Assessment Notification that details the specific assessment amount and the billing date.

The merchant continues to receive escalating assessments until they reach compliance.

Last update iconLast modified August 2024