Merchant monitoring that your
scheme audit can stand behind
Acquirers live under two clocks and one audit. Kenal AURA runs the monitoring operation, tracks the SLAs, retains the evidence, and produces the reports, so the compliance team spends its time on decisions instead of assembly.
Summary
Kenal AURA is the merchant lifecycle risk operations platform for Mastercard acquirers. It runs continuous website monitoring across every merchant in the portfolio, tracks the dual MMP SLA clocks on every investigation, retains evidence with chain of custody, and generates reports aligned to the Mastercard MMP reporting format.
Dual SLA clocks on every case
Mastercard MMP runs on two clocks: 5 business days from detection to escalation, and 15 calendar days from acquirer notification to remediation. Every investigation in Kenal AURA tracks both, with automated reminders before each clock breaches. Cases aging into the danger zone surface to the queue lead automatically.
Evidence chain of custody
Every scan produces timestamped screenshots, extracted content, classification rationale, and SHA-256 content hashes. Evidence is retained for the full 7-year card-scheme retention period with integrity hashes and version IDs. When the scheme auditor asks for the backing evidence on a case, it is already bundled.
MMP reports aligned to the reporting format
Monthly MMP reports are generated in a format aligned to Mastercard's MMP reporting requirements, from the same case data analysts have been working in. No last-week scramble to rebuild numbers from spreadsheets, no manual evidence assembly, no untraceable edits.
Analyst-led workflow
Every alert enters a case queue with an owner, a severity, and an SLA clock. Analysts resolve with structured reason codes (false positive, merchant warned, content removed, suspended, terminated, MATCH listed). Every decision is attributed and audit-logged.
Modules that power this
Web Change Detection
Continuous multilingual crawling and classification of every merchant site in the portfolio.
Learn moreMCC Drift Detection
Alert when a merchant's content moves outside the category they were underwritten under.
Learn morePinned-Page Drift
Lock policy pages and catch silent Terms & Conditions rewrites before they become findings.
Learn moreInvestigation Workflows
Dual SLA clocks, structured resolutions, and full audit trail on every case.
Learn moreCompliance Reporting & Evidence
Monthly MMP reports and 7-year evidence retention out of the box.
Learn moreEntity Discovery
Find secondary stores, laundering fronts, and undeclared URLs in your portfolio.
Learn moreFrequently asked questions
- We already have an MMSP. Why would we look at Kenal AURA?
- Most existing MMSP solutions were built outside Southeast Asia and treat the region as an afterthought. Kenal AURA is built in Malaysia for acquirers operating across Malaysia and ASEAN: multilingual classification in English, Bahasa Malaysia, and Chinese; multi-locale scanning across the region; SSM Live integration for Malaysian merchant identity; and a multi-cloud regional footprint (AWS Malaysia and GCP Singapore) that meets each country's data residency requirement.
- Does the platform replace our analyst team?
- No. It runs the detection, classification, evidence capture, and SLA tracking: the repetitive operational work. Analysts make the decisions: confirming violations, warning merchants, suspending processing, terminating, and MATCH-listing. The platform is the operating layer; the analysts are the judgment layer.
- How long does onboarding take?
- A bulk CSV of the existing merchant portfolio can be ingested in one upload and scheduled for baseline scans. A typical acquirer is up and running with active monitoring in a week, with full MMP report generation ready by the end of the first cycle.
- Where is our data stored?
- Production runs on a multi-cloud regional footprint: AWS Malaysia (ap-southeast-5) and GCP Singapore (asia-southeast1). Each acquirer is placed on the regional cloud that meets its country's data residency requirement. Malaysian acquirers land on the Malaysia region. Tenant isolation is enforced at the platform layer. Evidence retention is set to the card-scheme requirement of 7 years with integrity hashes and object locking.