Learn about rules Mastercard and Visa have created to protect card brands and consumers from illegal and/or brand-damaging activity

What is BRAM and GBPP, and what do they cover?

BRAM and GBPP rules Both are Visa’s Global Brand Protection Program (GBPP) and Mastercard’s Business Risk Assessment and Mitigation (BRAM) Program are created to safeguard card brands and customers from unlawful and/or brand-damaging behaviour. These programs penalize acquiring banks for any fraud, unlawful behaviour, or activity that may put their reputation or regulatory compliance at jeopardy. Examples of such destructive behaviour include child exploitation or prohibited pornography, the unlawful sale of prescription medications or fake goods, illegal or incorrectly coded gambling, and so forth. This is by no means a comprehensive list, but it does highlight the significant contribution these programs make to maintaining the consumer safety of the payment’s ecosystem. This is by no means a complete list, but it does demonstrate the important contribution these programs play to preserving the payment ecosystem’s customer safety.

How do these programs work?

BRAM and GBPP both are Different methods are used by the card companies to identify transactions that they view as “brand-damaging.” When it comes to detection, certain card brands appear to be proactive, while in other situations, external parties like law enforcement organizations, rights holders, or card brand investigators file a complaint about a retailer. The card brand will alert the acquiring bank of the noncompliant behaviour after identifying the merchant account and acquiring bank and requesting a prompt response, which may include taking action against the offending merchant. The merchant is then subject to action by acquirers or payment processors, which may include account cancellation, a warning, or other corrective measures.

What happens to violative merchants?

The Member Alert to Control High-Risk (MATCH) list, a registry of merchants whose accounts were closed during the previous five years, may in some circumstances include the business. MATCH can assist an acquirer in determining whether a merchant has been terminated by another acquirer and if so, why, while the acquirer is considering signing the merchant. This information may influence whether or not to acquire this merchant and, if so, whether or not to carry out specified actions or conditions with regard to the acquisition.

How can I follow the BRAM and GBPP rules?

Acquirers must correctly categorize high-risk merchants and make sure that none of their merchants are processing fraudulent or transactions that could harm their brand. Accurate MCC classifications are part of the solution. Card brands have a lot of power to impose fines for noncompliance, and they can even forbid acquirers from working with any kind of high-risk merchant altogether. We encourage acquirers to proactively look into potential illegal activity and promptly tell card brands of any issues that occur.

How much can penalties cost? Who is accountable for fines? How are fines and penalties calculated?

By card brand, fine amounts vary. The possible sanctions for Mastercard are generally larger and can reach far into the six digits per transaction. However, there is fine mitigation of up to 75% to 100% if the acquirer is using Legit Script or another Merchant Monitoring Solutions Provider (MMSP). However, the fines are frequently in the five-figure level per transaction. Visa does not offer such a mitigating option. The cost of noncompliance assessments can occasionally reach the hundreds of thousands of dollars, depending on the severity of the infraction and other circumstances. Additionally, if the offending merchant is a repeat offender or the acquirer disregarded card brand standards or other regulatory requirements, fines are frequently compounded. Accounts that are not properly closed out could incur additional fees.

How can I tell if a good or service is against BRAM and GBPP rules?

The restrictions for these programs’ operations are revised frequently (see the links below). The transaction will very certainly not adhere to BRAM and GBPP rules if the merchant is promoting something that is prohibited in the country where the buyer or seller resides. To keep track of your portfolio of merchants, find transaction launderers, and spot other problematic conduct, you can collaborate with a licensed Merchant Monitoring Service Provider (MMSP), such as Legit Script.

Effective through 30 April 2023 of BRAM and GBPP rules

A Member that does not comply with these requirements will be subject to non-compliance assessments prescribed under the Global Brand Protection Program.

(or, in the LAC Region [Brazil], effective through 30 September 2023) The Acquirer, Payment Facilitator, and Sponsored Merchant must not be identified in any Visa risk programs (for example: Visa Dispute Monitoring Program, Visa Fraud Monitoring Program, Global Brand Protection Program) or have had excessive risk program violations in the 3 years before entering into a Merchant Agreement or Payment Facilitator Agreement.

Include the provisions specified in Section 4.7 of the Visa Global Brand Protection Program Guide for Acquirers, if the Merchant is an adult content provider assigned with MCC 5967 (Direct Marketing – Inbound Teleservices Merchant).

An Acquirer must provide information relating to any request for information presented by Visa, its designees, or any regulatory agency, as required under the Global Brand Protection Program.

Effective 1 May 2023 of BRAM and GBPP rules

A Member that does not comply with these requirements will be subject to non-compliance assessments prescribed under the Visa Integrity Risk Program.

(or, in the LAC Region [Brazil], effective 1 October 2023) The Acquirer, Payment Facilitator, and Sponsored Merchant must not be identified in any Visa risk programs (for example: Visa Dispute Monitoring Program, Visa Fraud Monitoring Program, Visa Integrity Risk Program) or have had excessive risk program violations in the 3 years before entering into a Merchant Agreement or Payment Facilitator Agreement.

Include the provisions specified in Section 3.1.1 of the Visa Integrity Risk Program Guide, if the Merchant is an adult content provider assigned with MCC 5967 (Direct Marketing – Inbound Teleservices Merchant).

An Acquirer must provide information relating to any request for information presented by Visa, its designees, or any regulatory agency, as required under the Visa Integrity Risk Program