Visa and Mastercard Compliance Programs: A Guide to VNDP, MNP, and RDSP for High-Risk Merchants

For merchants who accept Visa and Mastercard, compliance with card network rules is not optional. The networks operate a sophisticated system of monitoring, enforcement, and penalty programs designed to ensure that all merchants and their acquiring banks follow the operating regulations. For high-risk merchants, who operate in categories that face elevated scrutiny from the networks, understanding these compliance programs is essential for maintaining the ability to accept card payments. A single compliance violation can result in fines, reserve requirements, or termination of the merchant's ability to process Visa or Mastercard transactions entirely.

The card network compliance landscape in 2026 is more demanding than ever. Visa and Mastercard have both strengthened their monitoring capabilities, invested in automated compliance detection systems, and increased the financial penalties associated with violations. The networks have also expanded the scope of their compliance programs to cover new areas including data security, transaction transparency, and brand representation. Merchants who ignore compliance requirements do so at their peril, as the consequences of non-compliance extend beyond fines to include placement on industry blacklists that can prevent a merchant from obtaining processing services from any provider.

Visa's Global Brand Protection Program (VNDP)

The Visa Net Debit Program, commonly known as VNDP, was renamed in 2024 to the Visa Global Brand Protection Program, but it continues to function under the same general framework. This program is Visa's primary mechanism for monitoring and enforcing compliance with its operating regulations. The Global Brand Protection Program targets several categories of violations including transaction laundering, where a merchant processes transactions for a different business than the one that was approved for the merchant account; excessive chargebacks and fraud rates that exceed Visa's thresholds; unauthorized transaction types, where a merchant processes transactions in a category that was not disclosed during underwriting; and brand misuse, where a merchant uses Visa's trademarks or branding in unauthorized ways.

Visa operates the Global Brand Protection Program through automated monitoring systems that analyze transaction data from all acquiring banks. The system flags merchants whose activity patterns deviate from expected norms or exceed preset thresholds. When a potential violation is detected, Visa notifies the merchant's acquiring bank, which is then responsible for investigating and resolving the issue. The acquiring bank must respond to Visa within specified timeframes, typically 15 to 30 days, with a remediation plan or evidence that no violation occurred. Visa may impose fines on the acquiring bank, which are typically passed through to the merchant. Fines for first-time violations typically range from $10,000 to $50,000, while repeat violations or egregious cases can result in fines exceeding $100,000 and mandatory termination of the merchant's processing relationship.

For high-risk merchants, the most common trigger for Global Brand Protection Program scrutiny is excessive chargeback ratios. Visa's chargeback monitoring threshold is 0.9 percent of transactions for most merchants, though high-risk merchants may be subject to lower thresholds of 0.5 percent or less under their acquiring bank's internal policies. Merchants who exceed the chargeback threshold for two consecutive months enter Visa's chargeback monitoring program, which requires them to submit a remediation plan and may result in fines. Merchants who fail to reduce their chargeback ratio within the specified timeframe face termination from the Visa network.

Mastercard's Merchant Monitoring Program (MNP)

Mastercard operates its own compliance monitoring framework known as the Merchant Monitoring Program (MNP). The MNP is Mastercard's system for identifying merchants that pose elevated risk to the network, either through excessive chargebacks, suspicious transaction patterns, or violations of Mastercard's operating rules. Mastercard classifies merchants into three risk tiers: Standard Risk, Elevated Risk, and High Risk. Merchants assigned to the Elevated Risk or High Risk categories face additional monitoring, higher reserve requirements imposed by their acquirer, and potential restrictions on their processing volume.

The MNP evaluates merchants based on multiple factors including chargeback ratios, fraud-to-gross-sales ratios, transaction growth patterns, average transaction amounts, and the merchant's category code. Mastercard's chargeback threshold for the MNP is 1.0 percent of transactions for standard merchants, though this threshold may be lower for specific merchant categories that Mastercard has identified as higher risk. Merchants who exceed the chargeback threshold for two consecutive months are placed on the MNP chargeback monitoring list and must work with their acquirer to implement a chargeback reduction plan.

Mastercard also operates the Excessive Chargeback Program (ECP), which applies to merchants whose chargeback ratio exceeds 1.5 percent for three consecutive months. Merchants in the ECP face escalating penalties including mandatory chargeback reduction plans, reserve requirements, and ultimately termination from the Mastercard network. The ECP includes a graduated fine structure that starts at $1,000 per month for initial violations and increases to $25,000 per month for persistent non-compliance.

The MATCH List and Merchant Termination

The most severe consequence of network non-compliance is placement on the Member Alert to Control High-Risk (MATCH) list, operated by Mastercard. The MATCH list, formerly known as the Terminated Merchant File, is a database of merchants who have been terminated for cause by an acquirer. When a merchant is terminated for excessive chargebacks, fraud, or other compliance violations, the acquiring bank is required to report the termination to the MATCH list within five business days. Once on the MATCH list, a merchant cannot obtain a new merchant account from any acquirer until their listing expires, typically after five years.

Visa operates a similar system called the Visa Acquirer Monitoring Program (VAMP), which tracks merchant terminations and enforces consequences for acquirers who repeatedly onboard merchants who are later terminated. While Visa does not maintain a publicly accessible terminated merchant database equivalent to the MATCH list, the network shares termination data among acquirers, and a merchant terminated by one acquirer for Visa rule violations will find it extremely difficult to obtain processing through another acquirer.

Being placed on the MATCH list does not necessarily mean a merchant's business is permanently shut down. Some high-risk processors specialize in working with MATCH-listed merchants, though the terms are typically unfavorable, with higher reserves, longer hold periods, and elevated processing fees. The most effective strategy for avoiding the MATCH list is proactive compliance management, including maintaining chargeback ratios below network thresholds, responding promptly to acquirer inquiries, and operating transparently with full disclosure of business activities to the acquirer.

Brand Monitoring and RDSP Programs

Visa and Mastercard have both expanded their brand monitoring programs in recent years, using advanced web crawling and data analytics to identify merchants who misuse network trademarks or engage in unauthorized transaction processing. The Visa Rapid Dispute Resolution Program (RDSP) is an automated dispute resolution system that applies to merchants who meet certain criteria. Under RDSP, qualifying disputes are automatically resolved in the cardholder's favor without the merchant having the opportunity to submit representment evidence. While RDSP was initially positioned as a convenience for merchants who wanted to avoid the cost of dispute management, it has evolved into a mandatory program for some merchant categories, effectively shifting liability for certain dispute types entirely to the merchant.

Mastercard's Ethoca Alerts program provides real-time notification to merchants when a cardholder contacts their issuing bank about a potential dispute. Merchants who receive an Ethoca Alert can choose to refund the transaction before it becomes a formal chargeback, avoiding the chargeback fee and the impact on their chargeback ratio. Participation in Ethoca Alerts is mandatory for many high-risk merchant categories and is increasingly viewed by acquirers as a requirement for maintaining a processing relationship. Merchants who do not participate in Ethoca Alerts face higher chargeback ratios and increased scrutiny from their acquirer and from Mastercard's compliance programs.

Visa offers a similar program called Visa Resolve Online (VROL) that provides merchant notification of potential disputes, though the functionality differs from Ethoca in several respects. VROL operates through Visa's dispute resolution platform and is integrated into the chargeback lifecycle at the point where the cardholder contacts the issuer. Merchants who respond to VROL alerts with timely refunds can prevent disputes from progressing to formal chargebacks and protect their chargeback ratios.

Best Practices for Staying Compliant

Successful navigation of card network compliance programs requires a proactive approach. Merchants should monitor their chargeback ratios on a weekly basis, not monthly, to identify problems before they trigger network monitoring thresholds. Automated chargeback management platforms can provide real-time visibility into chargeback activity and alert merchants when their ratios approach critical levels. Merchants should also maintain open communication with their acquirer's risk or compliance team, as early notification of emerging issues allows for collaborative problem-solving before formal compliance action is initiated.

Transaction transparency is essential for compliance. Merchants should ensure that their merchant category code accurately reflects their business activities, that their business name appears consistently across all processing channels, and that they are not processing transactions for any business that was not disclosed during underwriting. Many compliance violations arise not from malicious activity but from administrative oversights that accumulate over time. For high-risk merchants, an annual compliance audit conducted either internally or by a third-party consultant can identify potential issues before they attract network attention.

Finally, merchants should understand that their acquirer is their first line of defense against network compliance action. A strong relationship with an experienced acquirer who understands the merchant's industry and has established protocols for managing compliance inquiries can make the difference between a minor remediation and a MATCH list placement. Merchants should choose their acquiring partner carefully and invest in the relationship through regular communication and transparent disclosure of business activities.