Speaker 1: Thank you for joining us today. This education module will provide you with an overview of the Mastercard Business Risk Assessment and Mitigation Programme, otherwise known as BRAM, which is one of Mastercard's compliance programmes. In addition to the Mastercard BRAM programme, we will also discuss the compliance standards that are at times associated with a BRAM investigation. At the end of this module, we will provide a case study. The BRAM programme was developed to preserve the strength and value of the Mastercard brand and strives to ensure that Mastercard cards are not in any way associated with illegal or brand damaging activities. More specifically, the BRAM programme restricts access to the Mastercard system, merchants whose products and services may poise significant fraud, regulatory or legal risks. Mastercard is diligent in ensuring that its network is not leveraged for illegal or brand damaging activities. Mastercard identifies industry trends relating to illegal activity by working closely with global law enforcement agencies, regulators, cardholders, financial institutions and industry working groups. While the BRAM programme is intended to address all illegal and brand damaging activity, there are certain core categories of illegal activity that have historically fallen within the BRAM programme. Although this list is not exhaustive, some of the categories that Mastercard currently includes in its BRAM programme are Sale of certain drugs or chemicals such as synthetic drugs, K2, spice, etc. Illegal pharmaceuticals. Mastercard will periodically add to these categories as it becomes aware of additional types of merchants or transactions that are the focus of law enforcement or regulators. Mastercard receives referrals that its network might be used to facilitate the purchase of an illegal or brand damaging product or service from various different stakeholders, including law enforcement, cardholders, customers and rights holders. Mastercard also conducts its own investigations with the assistance of an external web crawler. Upon receiving a referral or becoming aware of a potential violation, Mastercard conducts an investigation of the merchant in question, including a trace message, which is an authorisation attempt on the merchant to confirm if a Mastercard product can be accepted. After positive confirmation of acceptance, Mastercard notifies the merchant's acquirer of the potential BRAM violation and other potential Mastercard rules violations. Mastercard also asks the acquirer to conduct its own investigation and respond to our inquiry. If the acquirer has any questions following their own investigation by analysing volumes, chargebacks, trends, review websites and conduct test purchases, for example, they can use this opportunity to contact Mastercard staff and discuss the matter further. If it is confirmed that the merchant has violated Mastercard rules, the acquirer should take prompt action to ensure the merchant ceases the activity. They can use Mastercard Alert to control high-risk merchants or match listing, if applicable. Based on the customer's response, Mastercard decides how to conclude the investigation. Mastercard considers a number of mitigating factors, including, but not limited to, whether the acquirer consistently violates our rules, how quickly the acquirer responds to the notification, and if the acquirer utilises a Merchant Monitoring Service Provider, MMSP. If they do use an MMSP, are they registered and participate in the Mastercard BRAM Merchant Monitoring Program, MMP? There are a number of Mastercard rules that may be associated with a BRAM non-compliance occurrence. We would like to review a few of them with you now. Merchant Category Code Mastercard requires acquirers to accurately code each of their merchants, so that issuers, acquirers and Mastercard can monitor the merchant's activity. These are known as Merchant Category Codes, or MCCs. Issuers rely on the accuracy of MCCs to inform their risk mitigation programs, as well as reduce cardholder confusion. For example, all merchants who conduct gambling transactions must be coded with the Merchant Category Code 7995, Gambling Transactions. MATCH is the Mastercard alert to control high-risk merchants. Acquirers are required to perform a MATCH enquiry prior to onboarding a merchant, and also to add a merchant that is terminated for cause as applicable. Prior to signing a merchant agreement, a merchant enquiry must be submitted to MATCH. MATCH is an informational exchange between acquirers. It enables acquirers to assess reasons for merchant termination that could affect their decision to acquire for that merchant. It provides acquirers the ability to review enhanced or incremental merchant risk information prior to entering into a merchant agreement. Acquirers are not prevented from signing a merchant agreement for a merchant that is listed on MATCH. Acquirers may not use or threaten to use MATCH as a collection tool for minor discretionary activity. Merchants that meet the specified criteria must be added to MATCH within five days of the decision to terminate. Mastercard rules require acquirers to ensure that their e-commerce merchants accurately inform cardholders of their merchants' names and addresses at all points of cardholder interaction on the merchant's website or point of interface. The merchant names must be consistent with those that appear on the cardholder's billing statement so that the cardholder can readily distinguish the transactions. The requirement for the merchant name to match the name presented on the cardholder's billing statement also applies to card-present merchants. This requirement provides transparency into the transaction for all parties involved and also allows the cardholder to more easily dispute the transaction should the need arise. Every Mastercard-licensed acquirer must enter into a written merchant agreement with every merchant that is using the Mastercard network. The agreement must reflect the acquirer's primary responsibility for the merchant relationship, along with all appropriate URLs. This ensures that acquirers are fully aware of the business being conducted and accountable for their merchants' transactions that are being processed via the Mastercard network. Requiring a merchant agreement helps to ensure transparency and prevents inappropriate aggregation. Thank you for your attention. Following is a case study to better illustrate the impact and value of BRAM and related programmes. Paula is constantly tossing and turning all night long. She has become sleep-deprived and desperate for anything that will assist in falling asleep. She searches online for sleeping medication without a prescription and selects one of the links for prescription sleep aids. The website she selects is called www.cheapsleepmedsonline.com and the website states that the consumer does not require a prescription to purchase the medication from their website. Paula enters her Mastercard payment information and submits her order for the prescription sleep aid on the URL www.cheapsleepmedsonline.com. The merchant locates the generic sleep aid pills on his shelf. He puts the product in a box to mail to Paula. Paula receives the generic sleep aid in the mail. When Paula opens the package, she notices that the pills are lighter than the colour shown in the picture on the website. She questions the colour difference. She decides to discard the pills as she realises they are counterfeit pills. Paula calls her issuing bank to dispute the charge for the counterfeit prescription sleep aid. The customer service rep advises her of a charge for the same amount transacted on the same day under the merchant name awake and that the merchant is a candy store. Paula is confused as the website was a pharmaceutical site from which she purchased the prescription sleep aid. The bank advises Paula to call the merchant's 1800 number. Paula calls the 1800 number and the merchant advises that awake is a third party processor handling transactions on behalf of www.cheapsleepmedsonline.com. This case study illustrates the possible risks associated with the card not present sale of prescription medication, as well as certain actions a cardholder may take if he suspects he received counterfeit medication. In conclusion, the acquirer of the merchant portrayed in this case would have received communication from Mastercard advising that its merchant may be in violation of Mastercard-Bram standards regarding the sale of potentially counterfeit prescription medication, as well as a number of other compliance issues associated with Bram. www.cheapsleepmedsonline.com