With SMMP, Mastercard Makes Refunds as Dangerous as Chargebacks
Mastercard’s Scam Merchant Monitoring Program (SMMP) becomes enforceable on July 24, 2026 for every card-not-present merchant. Most of the coverage so far has treated it as a fraud rule. Read the mechanics closely and it is something else. SMMP is about economics while dressed up in a fraud prevention rule’s clothing, and it quietly rewrites the cost of three things merchants thought they understood: the refund, the representment win, and the new merchant’s first six months with the world’s second largest credit card network.
Let’s start with what makes it different. Mastercard already runs ratio programs. The Excessive Chargeback Merchant (ECM) program and the Excessive Fraud Merchant (EFM) program count your disputes, fine you when you cross a line, and give you time to work back under it. They are uncomfortable, but survivable. SMMP does not count ratios and does not hand you a remediation window. It is signal-driven. When a scam signal appears, the acquirer or payment facilitator has 72 hours to investigate, and if scam activity is confirmed, Mastercard and Maestro processing stops immediately. No fine to absorb. No way back. The signals that start the clock are an authorization rate collapse, a GRIP letter from Mastercard’s own intelligence, an alert from an approved monitoring provider, or, for merchants that have been processing Mastercard payments for less than six months, a set of early fraud triggers. That last bucket is where economics gets interesting.
Shift #1: Refunds Stop Being Safe
For new merchants, one trigger is a combined refund and chargeback rate above 5% over any rolling 30-day window, once you have processed at least 500 transactions. Read that again. Refunds and chargebacks, counted together.
The refund has always been the merchant’s release valve. You issue it to make a customer “happy” before they call their bank, and it keeps your chargeback ratio down. Every dispute-prevention playbook leans on it. SMMP closes that valve. A subscription business refunding aggressively to stay clean under the chargeback program is now feeding the exact metric that can get it cut off the network. The tool you use to avoid one penalty now leads you toward the other. That is not a rounding error in how merchants should think about refunds. It is a reversal.
Shift #2: Representment Wins Stop Mattering
Here is the part that should bother anyone who fights disputes for a living. A chargeback you win at representment is still counted under SMMP. The ratio does not care that you were right. SMMP, like all other credit card network programs beside, is a counting program, not a truth program.
This is the year’s recurring lesson stated as plainly as Mastercard will ever state it. Disputes are not resolved based on truth. They are resolved based on incentives. You can assemble flawless compelling evidence, overturn the chargeback, recover the revenue, and move your SMMP exposure by exactly zero. Recovery economics and compliance economics have fully decoupled. Prevention is the only lever that touches the compliance number.
Shift #3: Growth Now Looks Like Fraud
The SMMP program was built to catch a specific pattern: Scam operators spin up a merchant account, process a large volume of payments for 90 days, accumulate complaints, and vanish before the chargebacks mature. The six-month scrutiny window exists to catch that exit.
The problem is that the signals correlate with building a real business, not just a fake one. An authorization rate that swings because an issuer recalibrated its model. A refund spike during a launch when descriptors and cancellation flows have not stabilized. A geographic expansion into a higher-dispute market. Two issuers filing under reason code 56, Mastercard’s “Manipulation of Cardholder” code for scam-induced payments, because two genuinely defrauded customers used your platform. These are signals of a legitimate company being established, and statistically they look like the characteristics of a scam. The difference is that the scam operator planned to disappear, and the real merchant has 72 hours to prove it is not one.
Reading & Understanding SMMP incentives
Map it onto the three corners that decide every dispute outcome. Network rule architecture has pushed the investigation cost and the blocking decision onto acquirers and payment facilitators. Issuers became the signal source through reason code 56 and Fraud and Loss Database reporting. Merchants are left holding the risk. Notice what is missing from that arrangement: nobody’s incentive is anchored to whether a given merchant is actually a scammer! The acquirer’s incentive is to avoid carrying a confirmed scam on its books. When the cost of a false positive lands on the merchant and the cost of a missed scam lands on the acquirer, you can predict which way close calls break.
What to Do about SMMP?
The operational takeaway is uncomfortable but simple. Seventy-two hours is not enough time to build a defense from nothing, so the defense has to exist before the question is asked – you must have a strategy in place. Monitor your own authorization approval rate and your combined refund-and-chargeback rate against Mastercard’s thresholds, not your acquirer’s after the fact. Treat descriptor clarity as a fraud control, because unrecognized charges become reason-code-56 language. Keep fulfillment, refund, and customer-communication records organized well enough that a 72-hour investigation finds a complete story instead of a scramble. Under SMMP, readiness is not a compliance task you do once. It is the price of staying on the network.




















