Mastercard is making a major change to how scam activity is handled across its network, and it will directly impact how online businesses are monitored and approved.
Starting July 24, 2026, acquirers and payment facilitators are required to actively monitor merchant behavior and investigate potential scam activity within a 72 hour window. If a merchant is determined to be operating a scam, the processor must immediately stop that business from accepting Mastercard transactions.
This is a shift toward faster enforcement and tighter oversight. It also means that many merchants who believe they are operating normally may still be flagged based on how their data looks.
What Is Changing
The most important update is the required response time.
Once a merchant meets certain risk thresholds, the acquiring bank must initiate an investigation within 72 hours. This is not a recommendation. It is a required action across the network.
If the investigation confirms scam activity, processing must be blocked. There is no gradual ramp down or extended warning period.
This compresses the timeline between being flagged and being shut down.
What Mastercard Considers a Scam
Mastercard defines several categories of scam activity that are already common across online commerce.
These include advance fee scams, impersonation scams, investment schemes, fake product sales, and relationship based fraud. While these are clearly fraudulent at the extreme end, many legitimate businesses operate in adjacent areas where customer expectations and marketing claims can create risk.
The important point is that enforcement is not based on intent. It is based on behavior.
Why Legitimate Merchants Get Flagged
Most merchants assume these rules only apply to obvious bad actors. That is not how the system works.
A business can be flagged based on data signals alone. These include sudden drops in authorization rates, unusually high refund or chargeback activity, or multiple issuer reports tied to the same merchant.
For example, if approval rates fall sharply over a short period, or if more than five percent of transactions are refunded or disputed within a rolling window, the account can trigger an investigation.
Newer merchants face even more pressure. With limited processing history, it takes fewer signals to raise concern. A small number of disputes across different issuers can be enough to initiate a review.
This means a business does not need to be fraudulent to be treated as high risk.
Why Speed Changes Everything
The biggest difference is not the criteria. It is the speed at which action must be taken.
In the past, monitoring programs allowed time to correct issues. Merchants could adjust operations, improve customer support, or refine billing practices.
Under the new standard, the window is much smaller. Once thresholds are met, the investigation starts immediately. If the outcome is negative, processing can stop just as quickly.
For merchants, this removes the margin for error.
Multiple Merchant Accounts Are Under Scrutiny
The update also calls out the use of multiple merchant accounts.
While there are valid reasons to operate more than one account, such as separating business lines or complying with regulatory requirements, requesting multiple accounts without a clear justification can raise concerns.
This is especially relevant for online businesses that segment traffic, products, or billing descriptors across different accounts. Without proper structure, this can look like an attempt to obscure activity rather than manage it.
What This Means for Merchants
This update changes how merchants need to think about payment processing.
It is no longer just about getting approved and maintaining basic chargeback thresholds. It is about how your data behaves over time and how quickly issues can escalate.
Merchants need to pay closer attention to approval rates, refund patterns, and customer experience. Small issues can compound quickly and trigger automated reviews.
This is particularly important for subscription models, high ticket products, and aggressive marketing funnels where customer expectations may not always align with the offer.
How Corepay Approaches This Environment
Most processors react after a problem has already occurred. By the time a merchant is flagged, the options are limited.
Corepay focuses on preventing those situations before they escalate.
That includes monitoring approval rate changes, identifying patterns that could trigger investigations, and helping merchants structure their accounts in a way that aligns with network expectations.
It also means building redundancy and flexibility into payment setups so that merchants are not exposed to a single point of failure.
In an environment where action can be taken within days, that level of preparation is no longer optional.
Final Thoughts
Mastercard’s updated standards are not just about fraud. They are about enforcing consistency across the network and removing merchants that do not fit expected behavior patterns.
For legitimate businesses, the takeaway is simple.
You need to operate in a way that looks clean, consistent, and predictable from a data perspective. Because once something looks off, the time to fix it is very limited.
The merchants that adapt early will have a clear advantage.
