MasterCard Rules for Merchant Chargeback Liability

When a processing bank chooses to accept chargeback responsibility for MasterCard card transactions, processed by one of its merchants, MasterCard lists the affected merchant’s name and location in a Global Security Bulletin with an applicable chargeback liability period, which can vary as we will see below.

The card issuer then has the right to charge back any transaction that is reported within the specified time period and that has occurred during the applicable period, however the card issuer cannot charge back fraudulent transactions.

Once a merchant is listed in the Global Security Bulletin, the card issuer’s chargeback rights start to apply. The chargeback liability period is for a minimum of six months, however MasterCard can increase it to a 12-month period. A six-month chargeback period is applied for less than $8,000 in cumulative fraud for three months following the month in which the chargeback identification criteria are met. A 12-month chargeback period is applied for $8,000 or more in cumulative fraud for three months following the month in which the identification criteria are met or for more than $10,000 in fraud during the month in which the identification criteria are met. The applicable chargeback period begins on the first day of the month following the month in which the merchant is identified in MasterCard’s Global Merchant Audit Program (GMAP).

Once a merchant is listed in a Global Security Bulletin with an applicable chargeback period, the card issuer cannot use the message reason code for Questionable Merchant Activity, in any of the following situations:

• The transaction was not reported properly within the applicable time frame.
• The reported transaction was the result of a fraudulent application or account takeover.
• The merchant is participating in?áMasterCard SecureCode, the card issuer provided the UCAF data for this transaction, all other e-commerce authorization request message and clearing requirements were satisfied, and the authorization request response message reflected the card issuer’s approval of the transaction.
• If the transaction was processed at a chip-compliant?ápoint-of-sale (POS) terminal, the intra-regional chip liability shift program is in effect, the transaction was reported to SAFE as counterfeit fraud, the transaction was identified properly as an offline chip transaction in the clearing record, or the transaction was identified properly as an online transaction in the authorization request message, and the authorization request response message reflected the card issuer’s approval of the transaction.

Image credit: Wikimedia Commons.