MATCH code 1: Account Data Compromise

Definition

An occurrence that results, directly or indirectly, in the unauthorized access to or disclosure of Account data.

What this means in plain language

This code means card or account data was exposed or accessed without authorization—often after a breach, leak, or security gap. In practice, Mastercard is recording that customer payment data tied to your business was compromised in some way, not that you intended harm, but that the incident met their reporting bar.

What you can do

If you were listed under MATCH code 1, you can submit a formal removal request to the PSP or acquirer that added you. They will review your case (cause, remediation, corrective actions) and, if satisfied, can request removal from the MATCH list. We help you draft and submit that request. See MATCH list removal and all MATCH and VMSS reason codes.

Removal guides by PSP

The approach to removal depends on which PSP or acquirer listed you. See our PSP-specific guides:

• Stripe
• Adyen
• PayPal
• Checkout.com
• Worldpay
• Shopify Payments
• Square
• Mollie
• Elavon
• Fiserv
• FIS
• SumUp
• Trust Payments

Other MATCH reason codes

• MATCH 2: Common Point of Purchase
• MATCH 3: Laundering
• MATCH 4: Excessive Chargebacks
• MATCH 5: Excessive Fraud
• MATCH 7: Fraud Conviction
• MATCH 8: Mastercard Questionable Merchant Audit Program

View all reason codes →