Skip to main content
Image coming soon

The Payments Acquirer Risk Operating Playbook

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The Payments Acquirer Risk Operating Playbook

Build the merchant onboarding, chargeback, PCI and card-scheme exception practice an acquirer risk team is judged on every quarter.

The model says decline, the relationship manager says approve, the override file says both. The card-scheme programme letter says only one of those positions is defensible.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Acquirer risk teams sit on top of a stack the rest of the bank does not see in detail. Merchant underwriting decisions, override memos, MCC-banded chargeback ratios, Visa VAMP and VDMP exposure, Mastercard ECP and MATCH listings, PCI scope across every integrated payments partner, and the high-risk MCC concentration the regulator asks about in the next exam. The model output is a single column on a single screen. The work is the documented reason every override survives the next quarterly review, the documented disposition for every merchant approaching a programme threshold, and the documented PCI boundary for every partner the acquiring leg touches. When that documentation is thin the QBR conversation becomes about the team, not the portfolio.

What you walk away with

  • Run merchant underwriting overrides through a documented memo template that survives the next quarterly committee review.
  • Operate an MCC-banded chargeback ratio sheet that names the Visa VAMP and Mastercard ECP thresholds every merchant is measured against.
  • Maintain a BIN-level disposition log that ties model output, override reason, programme exposure and PCI scope into a single line per merchant.
  • Produce the quarterly acquirer risk committee report straight from the operating artefacts rather than a fresh deck every cycle.
  • Reduce the high-risk MCC concentration question to a one-page exhibit the regulator and the board can both read.

The 12 modules

Module 1. Merchant underwriting overrides as a documented practice
Replace the override-by-email habit with a memo template that captures the model score, the relationship reason, the residual risk, the mitigants and the named approver. Walk through three worked examples from real acquirer portfolios: an MCC 5912 chain with high-ticket variance, an MCC 7995 high-risk override and an integrated payments partner with thin file. Result is a single memo per override that holds up in the next committee review.
Module 2. MCC-banded chargeback ratio thresholds and the programme that lives behind each one
Build the working sheet that names every MCC band the acquirer carries, the chargeback-to-sales and fraud-to-sales ratio thresholds Visa VAMP and Mastercard ECP apply, and the early-warning bands the team uses internally. Includes the seasonality adjustment for travel and ticketing MCCs, the dispute reason-code split, and the merchant outreach trigger points that sit one band below the scheme threshold.
Module 3. Visa VAMP, VDMP and the acquirer side of dispute monitoring
Document the Visa Acquirer Monitoring Program and Dispute Monitoring Program rules in operational language: ratio definitions, monthly windows, early-warning and standard-and-excessive tiers, fines schedule and remediation expectations. Build the per-merchant VAMP exposure tracker that names which merchants are inside a warning, which are inside a notification, and what evidence pack the issuer will ask for at the next data request.
Module 4. Mastercard ECP, ECM and MATCH listing exposure
Operationalise the Mastercard Excessive Chargeback Programme, Excessive Fraud Merchant programme and MATCH listing rules. Build the disposition log for merchants approaching ECP or ECM thresholds, the remediation evidence the scheme expects, and the documented process for handling a merchant whose principal would land on MATCH. Includes a worked example of a high-risk MCC merchant boarded out of the programme and re-boarded under tightened terms.
Module 5. PCI DSS scope across integrated payments partners
Draw the PCI boundary line correctly for the acquirer side of integrated payments. Name where the cardholder data environment lives for each partner type: gateway-only, semi-integrated terminal, full integrated POS, cloud-hosted virtual terminal. Build the partner PCI evidence pack that the QSA expects: AOC, ROC summary, network diagram, scope reduction control, segmentation testing evidence and quarterly ASV scan status per partner.
Module 6. High-risk MCC concentration and the regulator question
Build the one-page exhibit the regulator asks about when high-risk MCC concentration rises: nutraceutical, gambling, adult, debt repayment, travel and high-ticket digital goods. The exhibit names the share of portfolio sales, the chargeback ratio band, the VAMP and ECP exposure, the underwriting standard each MCC carries and the trigger points that would force a boarding freeze. Walk through how the same exhibit serves the board credit committee, the audit committee and the regulator exam.
Module 7. BIN-level disposition log
Turn the spreadsheet sprawl into a single line per merchant that ties the model output, the underwriting standard applied, the override reason if any, the current chargeback ratio band, the VAMP and ECP exposure tier, the PCI scope category, the last evidence-pack date and the named risk owner. The log becomes the source the quarterly committee report draws from, rather than a fresh extract every cycle.
Module 8. Settlement holds, reserves and rolling rolling reserves as risk levers
Document the rolling reserve, fixed reserve and delayed funding standards the portfolio runs, the triggers that move a merchant from one to another, and the evidence required at each step. Includes the modelled cash-flow impact for the merchant, the documented memo justifying the move and the customer-facing communication standard that sits behind it. The goal is reserves applied through process rather than reserves applied through last-minute escalation.
Module 9. Chargeback representment, compelling evidence and dispute response operations
Build the chargeback representment workbench an acquirer needs to actually win disputes: reason-code matrix, compelling evidence categories under Visa CE 3.0, Mastercard documentation standards, the merchant-portal evidence package and the SLA the team commits to per dispute window. Includes the win-rate dashboard by reason code and by merchant, and the feedback loop into underwriting when a merchant pattern becomes a dispute pattern.
Module 10. AML and sanctions exposure on the acquiring side
Name the acquirer-side AML obligations that often get treated as issuing-side problems: merchant beneficial ownership, transaction laundering, OFAC and sanctions screening at boarding and re-screening, suspicious activity referral workflow and the documented disposition log the BSA officer expects. Build the working artefact that ties merchant boarding KYC, ongoing transaction monitoring alerts and disposition decisions into a single auditable trail.
Module 11. The quarterly acquirer risk committee report drawn from operating artefacts
Stop building the committee deck from scratch each cycle. The report draws from the BIN-level disposition log, the VAMP and ECP exposure tracker, the MCC concentration exhibit and the dispute representment dashboard. Walk through the canonical eight-page committee report, the speaker notes that go with each page and the appendix that closes out the action items from the prior quarter. Includes the version maintained for the audit committee.
Module 12. Independent audit and regulator exam evidence pack
Pre-assemble the evidence pack the internal auditor and the regulator exam request. PCI AOC and scope diagram per partner, override memo register, programme exposure tracker, MCC concentration exhibit, chargeback win-rate dashboard, settlement reserve standards, AML disposition log and the committee report series. The pack is maintained between exams so a request is a delivery, not a fire drill. Includes the documented retention and access-control standard for the pack itself.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

The override file from last week is reviewed in the next QBR.
A merchant crosses into a Visa VAMP warning tier and the issuer asks for evidence.
Internal audit raises a finding on high-risk MCC concentration documentation.
An integrated payments partner moves a chunk of cardholder data into a new environment and PCI scope shifts.

What you get with this course

  • Twelve written modules, organised as the operating practice an acquirer risk team is judged on.
  • Downloadable templates for every module: override memo, MCC chargeback ratio sheet, VAMP and ECP exposure tracker, BIN-level disposition log, PCI partner evidence pack, MCC concentration exhibit, committee report shell, regulator exam pack index.
  • Worked examples drawn from acquirer-side patterns, not generic compliance examples.
  • The hand-built implementation playbook tailored to your portfolio mix, delivered alongside course access.

What you will have in hand by Day 1, Week 1, Month 1

Course access is provisioned in the Art of Service learning environment within 24 hours of purchase.

The hand-built implementation playbook is delivered alongside course access, sized to your portfolio mix.

Twelve modules are read in any order; the recommended path follows the operating cycle from underwriting through committee report.

Before and after

Before

Override decisions live in an email thread, chargeback ratio tracking lives in a spreadsheet that is rebuilt each month, programme exposure is whatever the last scheme letter said, and the quarterly committee report is built from scratch every cycle.

After

Override decisions live in memos, chargeback ratio tracking lives in a sheet that ties to the BIN-level disposition log, programme exposure is tracked between scheme letters and the committee report drops out of the operating artefacts at quarter-end.

What happens if you do not address this

When the model is the only documented reason, the QBR question lands on the team rather than the portfolio. When the chargeback ratio tracking is rebuilt each month, the VAMP warning lands as a surprise. When the PCI boundary for an integrated payments partner is implicit, a scope change becomes an audit finding. When the committee report is built from scratch, the cycle eats the time the team needs to actually run the portfolio.

Who it is for

Built for a risk practitioner inside a global acquirer or payments processor whose desk holds merchant onboarding overrides, chargeback ratio monitoring, card-scheme programme exposure, PCI scope across integrated payments, and the quarterly committee report that summarises all four. The course assumes the reader already knows the BIN, the MCC, the programme acronyms and the settlement cycle. It does not teach payments fundamentals. It teaches the documented practice an acquirer risk team is judged on.

Who this is NOT for. Not for issuing-side fraud analysts whose work is authorisation-stream rules and cardholder dispute lifecycle. Not for general bank credit risk whose work is loan loss provisioning. Not for compliance generalists who do not own merchant-side card-scheme exposure. Not for someone looking for an academic survey of payments regulation.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. About eight to ten hours to read every module once. The templates are designed to be put into use in parallel, so the first override memo and the first chargeback ratio sheet are in service inside the first week.

Why $199 is the right number

The card-scheme operating bulletins are the authoritative source on programme rules but do not give you the operating artefacts to manage exposure between bulletins. PCI SSC guidance defines scope but does not draw the line per integrated partner. A QSA writes the AOC but does not run the underwriting practice. This course is the connective tissue between those sources and the desk an acquirer risk practitioner actually runs.

FAQ

Is this issuing-side or acquiring-side?
Acquiring side. The work is merchant underwriting, chargeback ratio monitoring, card-scheme programme exposure on the acquirer leg and PCI scope across integrated payments partners. Issuer fraud and cardholder dispute lifecycle work is a different practice and is not the subject of this course.
Does it cover Visa and Mastercard or all schemes?
Primarily Visa and Mastercard programmes because that is where most acquirer exposure lives. The MCC-banded ratio framework and disposition log apply equally to the firm, Discover and JCB; programme-specific names differ but the operating practice is the same.
Is this a regulatory survey?
No. The course is the operating practice an acquirer risk team is judged on. Regulation is referenced where it changes the artefact, not surveyed for its own sake.
What does the implementation playbook contain?
A hand-built version of the operating artefacts sized to your portfolio mix: the override memo template pre-filled with your MCC mix, the chargeback ratio sheet seeded with your scheme exposure tiers, the BIN-level disposition log shell, the PCI partner evidence pack index and the quarterly committee report shell. It is built per buyer, not generic.
How long until I can use it?
Course access is provisioned in the Art of Service learning environment within 24 hours, with the hand-built implementation playbook delivered alongside. The first override memo and the first chargeback ratio sheet are in service inside the first week.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.