The Global Brand Protection Program (GBPP) was created to ensure that acquirers maintain proper control over their merchants. Its primary goal is to protect the acquirers and the integrity of the Visa payment system by preventing merchants from:
- Handling transactions that are illegal
- Engaging in potentially deceptive marketing practices
- Processing transactions that may adversely affect the goodwill of the Visa payment system
The Visa Rules require that acquirers submit only legal transactions into the Visa payment system and that all transactions must be lawful in both the seller’s and buyer’s jurisdiction.
The key benefits of GBPP are:
- Risk reduction – Helps acquirers understand the unique challenges and possible exposures that can occur when doing business with card-absent merchants, especially those with high-brand risk Merchant Category Codes (MCCs). This, in turn, reduces the potential risk of:
- Significant program penalties
- Acquirer’s brand and reputation damage.
- Financial losses due to inadequate reserves or chargeback and credit risk exposure
- Restrictions on future portfolio
- Prompt remedial action – Acquirers are encouraged to implement immediate remedial action to reduce brand risk to their institutions and to Visa.
- Acquirer risk controls – Visa initiates an assessment of acquirers, their merchants, and agents on a risk-prioritized basis to ensure compliance with the Visa Global Acquirer Risk Standards and Visa International Operating Regulations.
The Business Risk Assessment and Mitigation (BRAM) program was designed to protect Mastercard and its customers from illegal and brand-damaging transactions, which may pose significant fraud, regulatory, or legal risk, or may cause reputational damage.
Here is a list of identified frequent situations and BRAM violations (the list of violations is not exhaustive):
- Most recent BRAM compliance cases involve merchant transaction laundering where the acquirer may not be aware of the activity
- Merchant transaction laundering is the action where a merchant launders credit card transactions on behalf of another merchant
- Acquirers expressed difficulty in detecting BRAM activity resulting from unknown merchant transaction laundering
- Technologies have been created to monitor and detect events of transaction laundering
- Illegal sale of prescription drugs and/or tobacco products
- Illegal Internet gambling or miscoded gambling
- Illegal purchase, sell, or trade of cryptocurrency
- Sale of certain types of drugs or chemicals (such as synthetic drugs)
- Child exploitation
- Sale of counterfeit merchandise
As a result, a monitoring program called Merchant Monitoring Program (MMP) was launched to encourage acquirers to proactively monitor and prevent BRAM violations and merchant transaction laundering.
- Through the MMP, the Service Providers providing BRAM content monitoring and TL detection can be registered.
- Mastercard has provided assessment mitigation on investigations where acquirers have implemented monitoring solutions for BRAM and transaction laundering detection.
- Mastercard has witnessed many potential violations that have been identified by the MMSP and resolved by the acquirer prior to Mastercard identification thereby proving that the solutions are working.
- For BRAM prevention, acquirers should have a strong merchant on-boarding process to detect and reject suspicious or high-risk merchant applications.
- Acquirers should have implemented strong fraud control strategy to monitor sharp increases in merchant authorization requests and deposits.
- Proactively investigate all incidents of suspected non-compliance through fraud detection or MMP Alert.
- Create clear and obtainable action plans and timelines to resolve issues and deliver requirements on time.
- Develop a set of procedures and supporting process flows for non-compliance investigations.
- In cases of non-compliance, submit a comprehensive investigation response to Mastercard providing answers to all questions and all required documentation.
- Consider termination of the Merchant Agreement within 2 days.
- Provide full and detailed report on the incident, including all investigation steps and actions taken.
GRIP is a program that covers compliance cases and Mastercard rules and mandates violations that do not fall within the scope of the other existing Mastercard Compliance Programs.
GRIP’s most frequently observed non-compliances are related to:
- Monitor Area of Use of the License
- Monitor high-risk purchase merchants
- Sanction requirements and prohibited activities
- High-risk merchant activity – no license, wrong MCC, and so on
- Subscription scam merchants
- Discrimination Digital Environment
Merchants identified by the GRIP receive a formal investigation letter and are given an opportunity to respond and achieve compliance before potential non-compliance assessments are applied.
Merchants are required to respond within 5 business days and either confirm that they are compliant or provide an action plan of how compliance is achieved within a reasonable time frame.
If a merchant fails to come into compliance within a reasonable amount of time, the compliance case is referred to the Compliance Communications Team for assessments.
This team sends a Non-compliance Assessment Notification that details the specific assessment amount and the billing date.
The merchant continues to receive escalating assessments until they reach compliance.