Addition of Cryptocurrency and High-Risk Securities Merchants to Mastercard BRAM Program

Effective Date

• 12 April 2018—High-risk securities merchants are added to the BRAM program.
• 12 October 2018—The registration requirements stated in this announcement for high-risk securities merchants will become effective.

What is a High-Risk Securities Transaction?

A high-risk securities transaction can occur directly or indirectly in a card-present or card-not-present (CNP) environment when a consumer uses a Mastercard account to purchase, sell, or broker a financial instrument, including but not limited to derivatives (for example: forwards, futures, options, and swaps).

High-Risk Securities Merchant Criteria

Any securities merchant that facilitates one or more of the following activities as a high-risk securities merchant:

• Binary options trading
• CFD
• Forex currency options trading
• Cryptocurrency options trading
• ICOs

Coding Requirements

• All face-to-face high-risk securities transactions with card acceptor business code (MCC) 6211(Securities—Brokers/Dealers) and transaction category code (TCC) R; and
• All non–face-to-face high-risk securities transactions with MCC 6211 and TCC T

High-Risk Securities Merchant Registration Requirements

The acquirer of a high-risk securities merchant (regardless of whether the high-risk securities merchant is an existing merchant in the acquirer’s portfolio or a new merchant that the acquirer wants to add to its portfolio) must demonstrate that the acquirer performed an adequate due diligence review by providing the following items upon request:

• Evidence of legal authority. a copy of the merchant’s license (or similar document), a copy of the merchant’s license (or similar document) and any law applicable to the merchant that permits the high-risk trading activity
• Legal opinion. The acquirer must obtain a reasoned legal opinion, addressed to the acquirer, from a reputable law firm located in each country where high-risk trading activity will occur or be offered to cardholders.
• Effective controls. The acquirer must obtain certification from a qualified independent third party to verify the high-risk securities business
• Notification of changes. The acquirer must certify that the acquirer will notify Mastercard of any changes to the information that the acquirer has provided to Mastercard within 10 days of any such change
• Acceptance of responsibilities. The acquirer must specifically affirm that it will not submit restricted transactions from the merchant for authorization

Effective Date

• 12 April 2018—Cryptocurrency merchants are added to the BRAM program.
• 12 October 2018—The registration requirements stated in this announcement for cryptocurrency merchants will become effective.

What is a Cryptocurrency Transaction?

A cryptocurrency transaction can occur in a card-present or card-not-present (CNP) environment when a consumer uses a Mastercard account to:

• Directly purchase a digital asset recognized as a medium of exchange, unit of account, and store of value that uses cryptography to secure transactions associated with the digital asset, control the generation of additional cryptocurrency units, and verify the transfer of funds; or
• Purchase, sell, or trade such a digital asset by means of a digital currency, alternative currency, or virtual currency exchange platform.

Cryptocurrency Merchant Registration Requirements

The acquirer of a cryptocurrency merchant (regardless of whether the cryptocurrency merchant is an existing merchant in the acquirer’s portfolio or a new merchant that the acquirer wants to add to its portfolio) must demonstrate that the acquirer performed an adequate due diligence review by providing the following items upon request:

• Evidence of legal authority. a copy of the merchant’s license (or similar document), a copy of the merchant’s license (or similar document) and any law applicable to the merchant that permits the cryptocurrency activity
• Legal opinion. The acquirer must obtain a reasoned legal opinion, addressed to the acquirer, from a reputable law firm located in each country where the cryptocurrency activity will occur or be offered to cardholders.
• Effective controls. The acquirer must obtain certification from a qualified independent third party to verify the cryptocurrency business
• Notification of changes. The acquirer must certify that the acquirer will notify Mastercard of any changes to the information that the acquirer has provided to Mastercard within 10 days of any such change
• Acceptance of responsibilities. The acquirer must specifically affirm that it will not submit restricted transactions from the merchant for authorization

Effective Date: 2 Feb 2018

Acquirer Responsibilities

Before an acquirer enters into a Merchant Agreement with a merchant that proposes to accept Mastercard products for the purchase of cryptocurrency, as well as for the duration of the Merchant Agreement (regardless of whether the Agreement is existing or new), the acquirer must ensure the following:

• The sale of cryptocurrency is legal in the jurisdiction of the merchant location
• The merchant does not offer cryptocurrency services to cardholders in jurisdictions where such services (including but not limited to the sale of cryptocurrency) are illegal

The location of a merchant that accepts Mastercard products for the purchase of cryptocurrency must be within the acquirer’s licensed Area of Use.

Coding Requirements

An acquirer must properly identify transactions involving the purchase of cryptocurrency using merchant category code (MCC) 6051 (Quasi Cash—Merchant). Any fee(s) charged and included in the total transaction amount must be clearly disclosed by the merchant to the cardholder prior to completing the transaction.