Meet your Mastercard MMP obligations
without assembling the stack yourself
Mastercard MMP requires continuous website monitoring, 5-business-day detection-to-escalation SLAs, 15-calendar-day remediation SLAs, evidence retention, and periodic reporting in a prescribed format. Kenal AURA gives acquirers the tooling to run all five end-to-end, whether they operate the program in-house or alongside a contracted monitoring provider.
Summary
Kenal AURA gives acquirers the tooling they need to meet their Mastercard MMP obligations. It handles continuous merchant website crawling and classification against the 17 BRAM content families, tracks the dual SLA clocks on every case, retains evidence with chain of custody and integrity hashes, and produces reports aligned to the MMP reporting format on demand.
The two clocks, tracked automatically
MMP requires escalation within 5 business days of detection and remediation within 15 calendar days of notification. Every investigation in Kenal AURA runs both clocks simultaneously with automated reminders before each breach. Missing a clock is itself a compliance finding. This surface tracks it so teams can fix it before it happens.
Classification against BRAM families
Content is classified against the 17 BRAM prohibited content families on every scan. Alerts are severity-scored by family (prohibited families raise high-severity alerts; adjacent low-risk drift is dampened). The taxonomy is consistent with what Mastercard schemes audit against.
Evidence retention with integrity guarantees
Every scan produces timestamped full-page screenshots, extracted content, classification rationale, and content hashes. Evidence is retained for the full 7-year compliance window in immutable storage with SHA-256 hashes and object locking. Retrieving the evidence for any historical case is a single query, not a reconstruction.
Reports aligned to the MMP reporting format
Periodic MMP reports are generated directly from case data in a format aligned to the MMP reporting requirements: scan coverage, detected violations, investigation outcomes, remediation evidence. No manual assembly, no untraceable spreadsheet edits, and no last-week scramble before the reporting cadence.
Modules that power this
Web Change Detection
Continuous multilingual crawling and classification across the portfolio.
Learn moreMCC Drift Detection
Dedicated alert class for merchants moving outside their approved MCC.
Learn moreInvestigation Workflows
Dual SLA clocks (5-day detection-to-escalation, 15-day acquirer remediation) and structured resolutions.
Learn moreCompliance Reporting & Evidence
Evidence chain of custody and reports aligned to the MMP reporting format.
Learn moreEntity Discovery
Find undeclared merchant URLs that belong in MMP scope.
Learn morePinned-Page Drift
Watch Terms & Conditions and refund policies on every scan.
Learn moreFrequently asked questions
- How does Kenal AURA fit into MMP compliance?
- Kenal AURA is the tooling acquirers use to run the operational side of their Mastercard MMP obligations: continuous crawling, classification against BRAM, dual SLA tracking, evidence retention, and reports aligned to the MMP reporting format. The acquirer keeps the decisions (warn, suspend, terminate, MATCH-list) and the audit response. Whether the program runs in-house or alongside a contracted monitoring provider, Kenal AURA powers the detection and evidence layer.
- What about the non-monitoring parts of MMP compliance?
- MMP compliance also requires an accountable acquirer to make the decisions (terminate, warn, suspend, MATCH-list) and respond to audits. Kenal AURA delivers the detection, evidence, and reporting. The decisions and the audit response stay with the acquirer, which is how Mastercard requires it.
- How quickly can we produce a compliant MMP report?
- The first report can be generated at the end of the first reporting cycle after baseline scans are complete. For most portfolios, that means within two to four weeks of rollout. Subsequent reports are produced on cadence from live case data.
- Does it cover Mastercard MATCH workflow?
- Yes. Terminated cases can be resolved with a MATCH-listing reason code, with the supporting evidence bundled for scheme submission. The evidence bundle is already in the format schemes expect: screenshots, classification rationale, timestamps, and case history.