Mastercard’s new compliance program for card-not-present merchants, the Scam Merchant Monitoring Program (SMMP), becomes enforceable on July 24, 2026. It joins two programs merchants are already monitored under, the Excessive Chargeback Program (ECP) and the Excessive Fraud Merchant (EFM) program, but uses a different logic: instead of looking at chargeback or fraud ratios alone, it tracks scam signals.
The Mastercard SMMP program is built primarily to catch suspected scam merchants and broader scam-payment networks, including mule-like and laundering-adjacent activity. It is not aimed at typical merchants running clean operations. Even so, every CNP merchant needs to understand how it works, what could pull them into an investigation, and how to monitor their own metrics ahead of any acquirer doing it for them.
Mastercard SMMP at a Glance
| Effective from | July 24, 2026 |
| Scope | All card-not-present merchants globally, including payment facilitators and sponsored merchants |
| Primary trigger | A combined rate of refunds and chargebacks that exceeds 5% of total transactions over a rolling 30-day period (minimum 500 transactions) |
| Acquirer investigation window | 72 hours |
| Outcome if confirmed | Escalation and remediation processes, and in severe cases, immediate termination of Mastercard and Maestro processing, plus MATCH listing |
| Other Mastercard monitoring | Runs alongside ECP and EFM |
Key Takeaways
- Enforcement begins on July 24, 2026, adding a third Mastercard monitoring layer on top of ECP and EFM.
- The Mastercard SMMP program is built to detect scam, scam merchants and broader scam-payment networks, including mule-like and laundering-adjacent activity, not standard merchants with clean operations.
- Once flagged, an acquirer has 72 hours to investigate. If scam activity is confirmed, Mastercard and Maestro processing is terminated immediately.
- Triggers include a combined refunds + chargebacks rate above 5%, a sharp authorization-rate drop, multi-issuer fraud reports, and signals from approved monitoring providers.
- Winning a chargeback at representment does not reduce a merchant’s SMMP, ECP, or EFM ratio. The chargeback already counted. Prevention is the only effective lever.
What Is Mastercard’s Scam Merchant Monitoring Program (SMMP)?
SMMP is a global compliance program for card-not-present merchants, published in Mastercard’s Security Rules and Procedures Merchant Edition (July 2025 update). Enforcement begins on July 24, 2026.
Where ECP measures excessive chargeback activity and EFM measures excessive fraud, this program is signal-driven. A trigger can come from an issuer fraud report, chargeback documentation that references scam or manipulation behavior, Mastercard’s own intelligence (GRIP), or an alert from an approved Merchant Monitoring Service Provider (MMSP).
The three programs run concurrently. A merchant can comfortably clear ECP and EFM thresholds and still face an SMMP investigation if the signals point to scam-running behavior.
Who Does Mastercard SMMP Target?
The Mastercard SMMP program is built primarily to detect scam merchants and broader scam-payment networks, including mule-like and laundering-adjacent activity. These are not legitimate businesses going through a rough month. They are operations set up to launder funds, defraud cardholders through impersonation or advance-fee schemes, or otherwise exploit the payment system.
Merchants with normal customer behavior, compliant operations, and reasonable dispute hygiene are not the intended target. That said, two groups of legitimate merchants need to pay closer attention:
- Merchants with under 6 months of Mastercard acceptance. New CNP merchants face stricter scrutiny during the initial onboarding window.
- Merchants with volatile auth rates, multi-MID setups, or seasonal refund spikes. Even clean businesses can trip auth-rate or refund-volume triggers if they are not monitoring themselves.
How Is SMMP Different from ECP, EFM, and Visa VAMP?
| Program | Card Brand | Trigger Type | Primary Use |
| ECP (formerly ECM) | Mastercard | +1.5% chargeback ratio with +100 chargebacks | Excessive disputes |
| HECM (High ECP) | Mastercard | +3% chargeback ratio with +300 chargebacks | High excessive disputes |
| EFM | Mastercard | +0.5% fraud ratio with +$50K fraud volume (SAFE reports) | Excessive fraud |
| HEFM | Mastercard | +1.5% fraud ratio with +$50K fraud volume (SAFE reports) | High excessive fraud |
| SMMP | Mastercard | +5% combined refunds + chargebacks with +500 transactions over a rolling 30-day period, plus scam signals (RC56 disputes, GRIP alerts, MMSP alerts, issuer complaints) | Suspected scam activity |
| VAMP | Visa | +1.5% combined dispute + fraud ratio with +1,500 TC40s and TC15s | Acquirer portfolio monitoring |
ECP and EFM primarily monitor merchants based on historical chargeback and fraud thresholds, whereas SMMP combines those retrospective metrics with broader scam-related signals and behavioral patterns intended to identify scam activity earlier and more holistically.
Visa runs its own scheme-level monitoring through the Visa Acquirer Monitoring Program (VAMP), introduced in October 2025. VAMP consolidates dispute and fraud monitoring into one ratio, covering areas that Mastercard manages separately through ECP and EFM. SMMP adds a third Mastercard-specific layer focused on scam signals, with no direct Visa equivalent today.
What Triggers an SMMP Investigation?
When any of the following signals are present, the acquirer or payment facilitator must open an investigation within 72 hours.
1. Combined refunds and chargebacks above 5%
A potential SMMP trigger may occur when the combined rate of refunds and chargebacks exceeds 5% of total transactions over a rolling 30-day period, for merchants processing at least 500 transactions during that timeframe.
2. Sharp decline in authorization approval rate
An SMMP trigger may occur if a merchant’s authorization approval rate declines by more than 50 percentage points within a 72-hour period, or falls below 30% overall. A sharp drop is a leading indicator that issuers are flagging the merchant’s transactions as suspicious, often before the chargebacks arrive.
3. Fraud Reason Code 56 reports from multiple issuers
Fraud Reason Code 56 (Manipulation of Cardholder) reports from two or more different issuers can trigger an investigation. This is the reason code Mastercard uses for cases where a cardholder was manipulated into authorizing a transaction.
4. Chargeback documentation referencing scams
Chargebacks from two or more issuers with supporting documentation referencing scams, manipulation, or similar language can also trigger an investigation. This is discretionary, requiring acquirer judgement on the documentation.
5. Multiple MID requests without business justification
Merchants requesting multiple Merchant IDs from their acquirer without a clear business reason are flagged. This pattern is common in scam operations trying to spread risk across multiple processing identities.
6. Mastercard intelligence or MMSP alerts
Mastercard’s own intelligence (GRIP notifications) or alerts from approved Merchant Monitoring Service Providers can trigger an investigation directly.
What Happens If a Merchant Is Flagged?
Once a flag occurs, the acquirer has 72 hours to investigate. If scam activity is confirmed, Mastercard and Maestro processing is terminated immediately. The merchant may also be added to the MATCH list, which prevents them from getting acceptance with other acquirers.
Payment facilitators and sponsored merchants are explicitly in scope. Marketplaces and platforms need to ensure their sub-merchant onboarding and monitoring practices keep them out of the trigger zone.
How Can Legitimate Merchants Stay Clear of SMMP?
A critical point: winning a chargeback at representment does not reduce the count of chargebacks for SMMP, ECP, or EFM purposes. Once the chargeback is filed, it is counted in the ratio regardless of who eventually wins the dispute. Prevention is the only effective lever.
Legitimate merchants have three practical defenses, covered in detail below: balancing pre-chargeback alerts with dispute fighting, building strong evidence on every dispute that does get filed, and monitoring your own metrics against the SMMP triggers.
Balance pre-chargeback alerts and dispute fighting
Legitimate merchants have two primary levers for managing SMMP, ECP, and EFM exposure: preventing disputes before they become chargebacks, and demonstrating legitimacy to acquirers, issuers, and Mastercard by robustly contesting invalid chargebacks. The impact, however, differs across programs. Refund-based pre-chargeback alerts primarily help ECP by preventing first chargebacks, but refunds may still count toward SMMP metrics and do not necessarily prevent SAFE reporting under EFM. By contrast, Consumer Clarity and First-Party Trust can help prevent transactions from being classified as fraud or scams in the first place. The key is knowing when to use each approach to maximize ROI while staying below program thresholds.
How Consumer Clarity and First-Party Trust work. Consumer Clarity provides issuers and cardholders with enhanced transaction context before a dispute is filed, while First-Party Trust helps establish that the transaction was legitimate and properly authorized. If the issuer accepts the transaction as valid, the case may never be classified as fraud or a scam in the first place, reducing the likelihood of SAFE reporting under EFM or scam signaling under SMMP.
When Verifi and Ethoca solutions are the right call. When merchants are close to the ECP, EFM, or SMMP ratio limits, the Verifi and Ethoca solutions can help keep them below the limits.
When fighting the chargeback is the right call. Representment is the right path when the merchant has strong evidence (clear delivery confirmation, terms acceptance, usage data, prior support history), when win rates on that dispute type are reliably high, and when the merchant has comfortable headroom against the thresholds. Auto-refunding alerts in this scenario carries two costs: the direct alert fee paid regardless of refund, and the lost recoverable revenue on disputes that would have been won. For merchants with strong evidence and high win rates, refunding alerts they would otherwise have beaten erodes revenue without adding meaningful protection.
Finding the mix. The right balance shifts with volume, win rate, vertical, dispute type, and current position against the thresholds. A merchant comfortably inside the ratio can lean on representment and use alerts selectively. A merchant close to the threshold needs to lean more on alerts and Consumer Clarity until the ratio is back in safe territory. The mix should be reviewed at least quarterly, and immediately whenever one of the inputs moves significantly.
Build strong, legitimate evidence on every dispute
Even if winning a representment does not change the ratio, the quality of the evidence a merchant submits matters. Strong, well-documented evidence demonstrates to the ecosystem (the PSP/acquirer, the issuer, and the card scheme) that the merchant is running a legitimate operation. That reputation effect, over time, reduces the likelihood that a merchant is flagged by issuer fraud teams or scheme intelligence in the first place.
This is particularly important under SMMP, where the program looks at patterns and signals rather than just numbers. A merchant with a long, consistent record of clean, legitimate evidence is far less likely to be pattern-matched against a scam profile.
Monitor yourself
Most merchants do not have a single view of their combined refund and chargeback ratio, their authorization rate trends, or their per-issuer chargeback distribution. Setting up internal monitoring against the SMMP triggers, before July 2026, is the most effective proactive step a legitimate merchant can take. Knowing your numbers a few days before your acquirer does is the difference between heading off a problem and reacting to one.
How Justt Helps Merchants Navigate SMMP
Justt sits across the full pre-chargeback and post-chargeback workflow. For SMMP specifically, three parts of the Justt platform are directly relevant.
Pre-chargeback solutions, scoped to your situation. Justt offers the suite of Verifi and Ethoca solutions with Automated Response Rules and Smart Refund. Merchants can configure rules that decide how each alert is handled by reason code, transaction value, or issuer, and Smart Refund executes refunds automatically through the merchant’s PSP. Because alerts and dispute fighting are not the same trade-off for every merchant, Justt works through the right mix with each customer: which alerts to auto-refund, which to escalate to representment, and how the balance should shift if a ratio starts moving toward a threshold.
Strong, legitimate dispute evidence. Justt builds high-quality, AI-driven evidence packages for every chargeback that does get filed. This is not about countering scam framing on a specific case, since most scam-driven chargebacks come in as fraud or service-level reason codes with no scam-specific signal. It is about demonstrating legitimate operations consistently, across the ecosystem, so that the PSP/acquirer, the issuer, and the card scheme all have visibility into a merchant who is running their business properly.
Dedicated scheme advisory. Justt’s team tracks every relevant change to Mastercard’s ECP, EFM, and SMMP programs, as well as Visa VAMP. When thresholds shift or new triggers ship, customers hear from us before the change affects their ratio. This includes proactive briefings and tailored guidance on how to adjust the alerts-and-representment mix.
If you’re unsure where you stand or want to think through your chargeback strategy, talk to the team at Justt.
Frequently Asked Questions
When does Mastercard SMMP take effect?
July 24, 2026. It was published in Mastercard’s Security Rules and Procedures Merchant Edition in July 2025.
Who does SMMP apply to?
All card-not-present merchants globally, including merchants sponsored by payment facilitators. The program targets suspected scam merchants and broader scam-payment networks, including mule-like and laundering-adjacent activity, but legitimate merchants need to be aware of the triggers.
What is the main SMMP trigger merchants should watch?
The combined rate of refunds and chargebacks above 5% over a rolling 30-day period, with a minimum of 500 transactions. Most merchants track refunds and chargebacks separately. Under SMMP, only the combined number matters.
Does winning a chargeback reduce SMMP risk?
No. Once a chargeback is filed, it is counted in the SMMP, ECP, and EFM ratios regardless of who wins the representment. The only way to keep a chargeback out of the ratio is to prevent it from being filed in the first place, typically through pre-chargeback alerts and Consumer Clarity.
How is SMMP different from Visa VAMP?
VAMP is Visa’s acquirer-level monitoring program based on combined dispute and fraud ratios. SMMP is Mastercard’s scam-signal-driven program. The two run in parallel. A merchant can pass VAMP thresholds and still be flagged under SMMP.
What is the difference between SMMP, ECP, and EFM?
ECP monitors chargeback ratios. EFM monitors fraud ratios. SMMP monitors scam signals (refund & chargeback ratios, issuer scam reports, chargeback documentation, Mastercard intelligence, MMSP alerts). All apply concurrently.
Does Justt help merchants stay compliant with SMMP?
Yes, in two ways. Justt supports Verifi and Ethoca solutions, which protects ratios across SMMP, ECP, and EFM. Justt scopes the right balance with each merchant rather than recommending these solutions by default, since alerts are not the right answer for every merchant or every scenario. Justt also builds high-quality dispute evidence that demonstrates legitimate operations across the ecosystem. Scheme-level monitoring is on Justt’s product roadmap.
Are there any industries most likely to be affected by the Mastercard SMMP changes?
Yes. Industries with naturally higher refund and chargeback activity see more SMMP exposure, particularly SaaS and subscription businesses, online education, dating, FX and online financial services, marketplaces, and digital goods. These verticals tend to combine high transaction volumes, recurring billing models, and customer-driven cancellation patterns that can drive the combined refund and chargeback ratio up faster than other categories. Merchants in these sectors should monitor the combined ratio especially closely and plan their pre- and post-chargeback strategies accordingly.
