Suspect you are on the MATCH list: UK action runbook

You cannot search the MATCH list directly. The UK confirmation route is to apply to a mainstream acquirer; if declined, ask in writing whether MATCH was the reason. Once confirmed, the removal route depends on the reason code. Code 14 (identity theft) and code 09 (resolved insolvency) are the cleanest; codes 04 and 05 (chargebacks, fraud) usually wait the full 5 years. Specialist high-risk acquirers underwrite listed merchants by code.

First action: confirm the listing

You cannot query the MATCH database. The practical UK confirmation route:

  1. Apply to a mainstream UK acquirer you have not used before (SumUp, Square or Stripe).
  2. If declined, ask in writing: "Please confirm whether the decline was based on a MATCH listing, and if so, the reason code used."
  3. Most UK acquirers will confirm if pressed. Stripe and SumUp are reliably forthcoming; Square sometimes refuses.
  4. Multiple mainstream declines (3+) without other obvious reasons is a strong indicator.
  5. Definitive: ask the acquirer that terminated you for written confirmation of whether they listed you and under which code.

What MATCH is, in one paragraph

MATCH (Member Alert to Control High-Risk Merchants) is Mastercard's global database of merchants whose accounts have been terminated under one of 13 reason codes. UK acquirers must check MATCH on every new merchant application. Listings stay for 5 years and cover the merchant entity plus principal owners (directors, beneficial owners 25%+). The Visa equivalent (VMSS) operates similarly but is less widely populated. For more detail, see our MATCH list and TMF UK guide.

If you are listed: read the reason code

The reason code dictates the removal route. The 13 codes:

Code Name Realistic UK removal route
01Account Data CompromisePost-incident PCI remediation plus audited compliance certificate
02Common Point of PurchaseSame as 01; plus evidence merchant was not the breach source
03LaunderingDifficult; usually no early removal
04Excessive ChargebacksWait the 5 years; rarely removed early
05Excessive FraudWait the 5 years; rarely removed early
07Fraud ConvictionNo early removal
08Mastercard Audit ProgrammeMastercard-led; programme exit unlocks acquirer-side removal
09Bankruptcy / InsolvencyClosed-insolvency proof from UK Insolvency Service plus debt resolution
10Violation of StandardsDocumented remediation plus written policy update
11Merchant CollusionNo early removal
12PCI DSS Non-CompliancePCI re-certification (audit-led) sometimes unlocks removal
13Illegal TransactionsNo early removal
14Identity TheftAction Fraud report plus ID evidence; cleanest removal route

Code 06 reserved by Mastercard, not currently used. Active codes 01-05, 07-14 (13 total).

The dispute and removal evidence pack

Build code-specific. Send to the listing acquirer with your written dispute.

Code 14 (identity theft)

  • Action Fraud (NFIB) report and reference number
  • Photo ID and address proof for the rightful owner
  • Evidence the listed identity was unlawfully assumed (correspondence, business filings)
  • Police report if filed
  • Witness statements

Code 09 (insolvency)

  • Closure documentation from UK Insolvency Service
  • Statement of all debts resolved
  • HMRC clearance letter where applicable
  • Liquidator's final report
  • Companies House confirmation of dissolution or restoration

Codes 01, 02 (data compromise)

  • Post-incident audit report
  • Current PCI DSS compliance certificate
  • Remediation log
  • Evidence of breach closure
  • Updated security policy

Code 12 (PCI non-compliance)

  • Current PCI DSS compliance certificate, audited (Self-Assessment Questionnaire SAQ-D for non-trivial cases)
  • Written remediation log addressing the original non-compliance findings
  • Evidence of ongoing compliance monitoring

Submit the dispute to the listing acquirer

Written complaint format:

Subject: Formal Complaint, MATCH list dispute, account [previous-account-id]

To the [acquirer] complaints team,

I am writing to formally dispute the MATCH listing made against my business [name and registration]
on or around [date] under reason code [code]. The grounds for dispute are:

[State grounds: factual error, identity theft, resolved insolvency, PCI re-certified, etc.]

I attach the supporting evidence:
[List documents]

Please confirm receipt of this complaint within 5 business days, as required by PSR 2017.
I expect a final response within 8 weeks, after which I reserve the right to escalate to the
Financial Ombudsman Service.

Yours,
[Name]

FOS escalation

If the acquirer rejects the dispute or fails to resolve within 8 weeks, the Financial Ombudsman Service is the next route. Process:

  1. Submit complaint at financial-ombudsman.org.uk with the full timeline and evidence pack.
  2. FOS acknowledges within 5 business days.
  3. Investigator initial assessment in 8-16 weeks.
  4. If accepted, the acquirer must comply (binding on the acquirer if you accept the assessment).
  5. If rejected by either party, full Ombudsman decision in another 4-12 weeks.

FOS can order: removal of the wrongful listing, fund release if held, plus compensation. FOS handles roughly 90,000 financial disputes a year; merchant-acquirer cases are a small but accepted fraction.

Trading while listed: high-risk acquirer route

If the dispute fails or the listing is justified, specialist UK high-risk acquirers will sometimes underwrite by reason code:

  • Code 14 (identity theft, resolved): mainstream-tier underwriting available
  • Code 09 (insolvency, resolved): high-risk pricing typical (3-5%)
  • Codes 01, 02 (data compromise): case-by-case
  • Code 12 (PCI): high-risk pricing post-remediation
  • Code 04 (chargebacks): requires rolling reserve, 4-6% pricing
  • Code 05 (fraud): hard; specialist underwriting only
  • Codes 03, 07, 11, 13: rarely underwritten

High-risk pricing typically 3% to 6%+ blended, plus rolling reserve (5-15%), plus higher chargeback fees. See our high-risk verticals guide for the UK acquirer panel.

A note on identity-theft cases (code 14)

UK code-14 cases are the cleanest removal route in our experience because of the documentary trail Action Fraud creates. Steps:

  1. File an Action Fraud report at actionfraud.police.uk. You get an NFIB reference number within 24-48 hours.
  2. Attach the NFIB reference to the dispute letter to the listing acquirer.
  3. Provide rightful-owner ID, address proof and any business filings showing the original ownership.
  4. If the acquirer rejects, escalate to FOS with the same evidence.
  5. FOS frequently orders removal in documented identity-theft cases.

Cross-link: related crisis runbooks

Frequently asked questions

How do I know if I am actually on the MATCH list?

You cannot search MATCH directly. The two practical UK routes: (1) apply to a different mainstream UK acquirer, get declined, and ask in writing whether MATCH was the reason; (2) ask the previous acquirer (the one that terminated you) to confirm in writing whether they listed you. Multiple mainstream declines is a strong indicator; written confirmation is definitive.

How long am I on it?

Five years from the date of listing. Mastercard scheme rules require automatic removal at the 5-year point; the listing acquirer can remove earlier (and rarely does). You cannot get yourself off; only the listing acquirer or a successful FOS / scheme dispute can.

Will every acquirer check MATCH?

Every Mastercard member acquirer must check MATCH on every new merchant application. That covers all mainstream UK acquirers (SumUp, Square, Stripe, Dojo, PayPal Zettle, Adyen, Worldpay). High-risk specialists also check, but their underwriting is reason-code-aware: they will sometimes underwrite a listed merchant on certain codes.

What does the listing record show?

The merchant name, registered address, the principal owners (directors, shareholders 25%+), the listing acquirer, the date of listing and the reason code (one of 13). The principal-owners element matters: setting up a new Ltd does not avoid the listing because principals are checked against new applications.

Can I trade through a relative or partner whose name is not on MATCH?

Technically possible if the partner has no listed history and is not connected to the MATCH-listed business. Practically risky: acquirers do enhanced due diligence on new merchants whose history they cannot verify. Misrepresenting business ownership is a scheme-rule breach in itself, can trigger a fresh MATCH listing under code 11 (collusion).

What is the most realistic UK route to getting off MATCH early?

Identity-theft cases (code 14) with Action Fraud reports are the cleanest. Insolvency cases (code 09) with closed-insolvency proof from the Insolvency Service often unlock removal. Code 04 (excessive chargebacks) and code 05 (excessive fraud) usually wait the full 5 years. Code 12 (PCI non-compliance) sometimes opens with an audited PCI re-certification.

Does the FOS handle MATCH disputes?

The FOS handles disputes between the merchant and the acquirer about the listing decision, not the MATCH database itself. If the acquirer added you wrongfully, FOS can order the acquirer to remove the listing. FOS does not arbitrate the underlying scheme rule. The 8-week acquirer complaint window applies first, then FOS escalation.

Will my visa application or credit history be affected?

No. MATCH is a private Mastercard scheme database. It is not visible to UK credit-reference agencies (Experian, Equifax, TransUnion), the FCA, or visa-issuing authorities. The only practical impact is on merchant-account applications.

Need a UK acquirer that takes MATCH-listed merchants?

Specialist high-risk acquirers underwrite by reason code. We match listed merchants to underwriters who handle their specific code. No obligation, no upfront fees.

Open quote form →
OM

Oliver Mackman

Director, AcceptCard

Oliver leads AcceptCard's editorial and comparison research. With a background in UK commercial finance, he oversees provider analysis, rate verification, and industry reporting across all verticals.

Last reviewed: 10 May 2026