Summary of June 2025 Updates to the Mastercard Merchant Monitoring Program (MMP) 

Jun 26, 2025 | Knowledge

A graphic featuring the title "Updates to the Mastercard Merchant Monitoring Program (MMP)" with the date "June 2025" and the word "AUSTREME" at the bottom. The background consists of geometric shapes in shades of orange and black.

Mastercard has announced revisions to the Merchant Monitoring Program (MMP) standards, published on June 17, 2025 and effective January 14, 2025.  

 

Overview of Merchant Monitoring Program (MMP) Revised Standards 

The revised standards emphasize the importance of proactive monitoring and the responsibilities of Acquirers that choose to participate in the MMP. These changes will be included in the updated Security Rules and Procedures manual, available on Mastercard Connect™. 

Mastercard encourages Acquirers to actively monitor for BRAM violations and potential Merchant Transaction Laundering. Acquirers must engage one or more approved MMSPs to perform BRAM monitoring and Merchant Transaction Laundering detection services. These proactive approaches are essential in maintaining the integrity of the payment ecosystem.  

 

Merchant Monitoring Program (MMP) Participation Requirements 

To participate in the Merchant Monitoring Program, an Acquirer must:  

  • Confirm MMSP Approval – Ensure that the MMSP is approved by Mastercard for performing BRAM and/or Merchant Transaction Laundering monitoring services 
  • Register the MMSP – Register the MMSP as a Service Provider in accordance with Mastercard Rules 
  • Submit Merchant Information – Provide the MMSP with all necessary merchant details, including legal names, “doing business as” names, addresses, and URLs 
  • Conduct Initial Scans – Ensure the MMSP performs an initial scan of the merchant’s activities to identify potential violations before processing transactions 
  • Ongoing Monitoring – Mandate that the MMSP persistently monitors each merchant’s activities for BRAM violations and transaction laundering 
  • Complete URL Monitoring – Ensure that all merchant URLs are monitored, including any restricted members-only areas, unless prohibited by law 
  • Reporting Violations – Require the MMSP to report any identified potential violations to the Acquirer within five (5) business days 
  • Investigation and Resolution – Investigate any reported violations within 15 calendar days and ensure that all violating activities cease. Report the resolution back to the MMSP. 
  • Monthly Reporting to Mastercard – Provide Mastercard with monthly reports generated by the MMSP detailing monitored merchants and identified violations. These reports must be unaltered copies of the originals generated by the MMSP. 

 

Incident Reporting 

If an Acquirer receives a BRAM notification regarding a monitored merchant, they must submit an incident report created by the MMSP as part of their response. This report should not be altered, and must include:  

  • The date the merchant information was provided to the MMSP 
  • Confirmation of ongoing monitoring 
  • Details of any alerts (including date and content) generated by the MMSP during the relevant period and actions taken by the Acquirer 
  • Explanations of why any BRAM violations were not detected and how future detections will be improved 

 

Monthly Reporting Format and Submission: 

Monthly reports must be submitted in Microsoft Excel format and include detailed list of information about each Acquirer’s monitored merchants. Key data fields include:  

  • Acquirer name and ICA number 
  • MMSP name 
  • Merchant name and URL(s) 
  • Report submitter contact name and email address 
  • Dates of merchant information submission to MMSP 
  • Merchant MCC 
  • Applicable MMSP services(s) 
  • Violation types and categories – if applicable 
  • URL content details 
  • Date MMSP violation was reported to Acquirer  
  • Date Acquirer resolved and reported to MMSP 
  • Investigation findings and resolutions 

Each report must follow a specific naming convention: NNNNNN Acquirer Name – Service Provider Name – MMSP Name – Date of Report (where NNNNNN is the Acquirer ICA) and be submitted via email to mmp@mastercard.com, adhering to a maximum attachment size of 20 MB. The Acquirer must ensure that Mastercard receives the monthly report within 30 days of the completion of monitoring. 

 

Eligibility for Assessment Mitigation 

Acquirers that fully participate in the MMP and process transactions for merchants that have undergone initial scans and are being persistently monitored by an MMSP for BRAM or Merchant Transaction Laundering violations – may be eligible for mitigations concerning assessments related to BRAM violations. 

For more information about MMP, please visit the Mastercard website.

 

Contact Austreme and discover our Mastercard MMP services. 

Want to learn more? Explore our Mastercard MMP page.

Go to MMP page

Want to learn more about merchant risk services? Visit our Youtube Channel.

Subscribe to our newsletter

Keep up to date with the latest industry news and up and coming innovations!

About Austreme 

Austreme Technology is an industry leader specialising in ecommerce acquiring payment risk technologies and services. We provide a wide range of financial risk management services for global customers such as big data analytics, anti-transaction laundering, merchant website risk content monitoring, merchant onboarding and chargeback prevention. Austreme is a MasterCard Merchant Monitoring Service Provider (MMSP) since 2015, and a Visa Third Party Agent (TPA).  

Contact Us