Mastercard (MA) Risk Analysis

20,639 Followers

Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

Mastercard disclosed 32 risk factors in its most recent earnings report. Mastercard reported the most risks in the “Legal & Regulatory” category.

Risk Overview Q4, 2025

Risk Distribution

41% Legal & Regulatory

34% Ability to Sell

6% Finance & Corporate

6% Tech & Innovation

6% Production

6% Macro & Political

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2022

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

Mastercard Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q4, 2025

Main Risk Category

Legal & Regulatory

With 13 Risks

Legal & Regulatory

With 13 Risks

Number of Disclosed Risks

No changes from last report

S&P 500 Average: 31

No changes from last report

S&P 500 Average: 31

Recent Changes

0Risks added

0Risks removed

0Risks changed

Since Dec 2025

0Risks added

0Risks removed

0Risks changed

Since Dec 2025

Number of Risk Changed

No changes from last report

S&P 500 Average: 3

No changes from last report

S&P 500 Average: 3

See the risk highlights of Mastercard in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 32

Legal & Regulatory

Total Risks: 13/32 (41%)Above Sector Average

Regulation6 | 18.8%

Regulation - Risk 1

Regulations that directly or indirectly apply to Mastercard as a result of our participation in the global payments industry may materially and adversely affect our overall business and results of operations.

We are subject to regulations that affect the payments industry in the many jurisdictions in which our products and services are used. Many of our customers are also subject to regulations applicable to banks and other financial institutions that, at times, consequently affect us. Such regulation has increased significantly in the last several years (as described in "Business - Government Regulation" in Part I, Item 1). Examples include: - Anti-Money Laundering, Countering the Financing of Terrorism, Economic Sanctions and Anti-Corruption. We are subject to AML and CFT laws and regulations globally. Economic sanctions programs administered by OFAC restrict financial transactions and other dealings with certain countries and geographies, and persons and entities. We are also subject to anti-corruption laws and regulations globally, which, among other things, generally prohibit giving or offering payments or anything of value for the purpose of improperly influencing a business decision or to gain an unfair business advantage. - Account-based Payments Systems. In the U.K., aspects of our Vocalink business are subject to the U.K. payment system oversight regime and are directly overseen by the Bank of England. - Issuer and Acquirer Practices Legislation and Regulation. Certain regulations or legislation that do or could impact our issuers and acquirers (such as caps on issuer interest rates) may impact various aspects of our business. Additionally, strong authentication requirements within the EU's Payment Services Directive in the EEA could increase the number of transactions consumers abandon if we are unable to secure a frictionless authentication experience under these standards. Such an increase could adversely impact our volumes or other operational metrics. Increased regulatory focus on us has resulted and may continue to result in significant compliance and governance burdens or otherwise increase our costs. Similarly, increased regulatory focus on our customers and other stakeholders may cause them to reduce the volume of transactions processed through our systems, or may otherwise impact the competitiveness of our products. Actions by regulators could influence other organizations around the world to enact or consider adopting similar measures, amplifying any potential compliance burden. Additionally, our compliance with new economic sanctions and related laws with respect to particular jurisdictions or customers could result in a loss of business, which could be significant. Moreover, while our risk-based compliance program obligates issuers and acquirers to comply with U.S., EU and local sanctions programs (among other obligations), the failure of those issuers and acquirers to identify potential non-compliance issues either during or after their customer onboarding processes could ultimately impact our compliance with economic sanctions and related laws. Finally, failure to comply with the laws and regulations discussed above to which we are subject could result in fines, sanctions or other penalties. In particular, a violation and subsequent judgment or settlement against us, or those with whom we may be associated, under economic sanctions and AML, CFT, and anti-corruption laws could subject us to substantial monetary penalties, damages, and/or have a significant reputational impact. Each instance may individually or collectively materially and adversely affect our financial performance and/or our overall business and results of operations, as well as have an impact on our reputation.

Regulation - Risk 2

Global regulatory and legislative activity related to the payments industry may have a material adverse impact on our overall business and results of operations.

Central banks and similar regulatory bodies have increasingly established or further expanded their authority over certain aspects of payments systems such as ours, including obligations or restrictions with respect to the types of products and services that we may offer, the countries in which our products and services may be used, the way we structure and operate our business and the types of consumers and merchants who can obtain or accept our products or services. Similarly, jurisdictions that regulate a particular product may consider extending their jurisdiction to other products. For example, debit regulations could lead to regulation of credit products. Moreover, several jurisdictions are demonstrating increased interest about the network fees we charge to our customers (in some cases as part of broader market reviews of retail payments), which could in the future lead to regulation relating to our network fees. In several jurisdictions, we have been designated as a "systemically important payment system", with other regulators considering similar designations. This type of regulation and oversight is related to switching activities, and includes policies, procedures and requirements related to risk management, collateral, participant default, timely switching of financial transactions, and capital and financial resources. Parts of our business have also been deemed as a "specified service provider" or considered "critical infrastructure". The impact to our business created by any new law, regulation or designation is magnified by the potential it has to be replicated in, or conflict with, other jurisdictions, or involve other products within any particular jurisdiction. Our strategic expansion of our products and services has also created the need for us to obtain new types and increasing numbers of regulatory licenses, resulting in increased supervision and additional compliance burdens distinct from those imposed on our payment network activities. For example, certain of our subsidiaries maintain money transfer licenses that typically impose supervisory and examination requirements, as well as capital, safeguarding, risk management and other business obligations. Increased regulation and oversight of payments systems, as well as increased exposure to regulation resulting from changes to our products and services, have resulted and may continue to result in significant compliance and governance burdens or otherwise increase our costs. As a result, customers could be less willing to participate in our payments system and/or use our other products or services, reduce the benefits offered in connection with the use of our products (making our products less desirable to consumers), reduce the volume of domestic and cross-border transactions or other operational metrics, disintermediate us, impact our profitability and/or limit our ability to innovate or offer differentiated products and services, all of which could materially and adversely impact our financial performance. In addition, any regulation that is enacted related to the type and level of network fees we charge our customers could also materially and adversely impact our results of operations. Regulators could also require us to obtain prior approval for changes to our system rules, procedures or operations, or could require customization with regard to such changes, which could negatively impact us. Moreover, failure to comply with the laws and regulations to which we are subject could result in fines, sanctions, civil damages or other penalties, which could materially and adversely affect our overall business and results of operations, as well as have an impact on our brand and reputation.

Regulation - Risk 3

Limitations on our ability to restrict merchant surcharging could materially and adversely impact our results of operations.

We have historically implemented policies, referred to as no-surcharge rules, in certain jurisdictions, including the U.S. and Canada, that prohibit merchants from charging higher prices to consumers who pay using our products instead of other means. Authorities in several jurisdictions have acted to end or limit the application of these no-surcharge rules (or indicated interest in doing so). Additionally, our no-surcharge rules now permit U.S. and Canadian merchants to surcharge credit cards (subject to certain limitations). If, over time, an increased number of merchants choose to surcharge as permitted, this could result in consumers viewing our products less favorably and/or using alternative means of payment. These responses could result in a decrease in our overall transaction volumes, which in turn could materially and adversely impact our results of operations.

Regulation - Risk 4

Preferential or protective government actions related to domestic payment services could adversely affect our ability to maintain or increase our revenues.

Governments in some countries have acted, or in the future may act, to provide resources, preferential treatment or other protection to selected national or domestic payment and switching providers, or have created, or may in the future create, their own national provider. These actions may displace us from, prevent us from entering into, or substantially restrict us from participating in, particular geographies, and may prevent us from competing effectively against those providers. For example: - Governments in some countries have implemented, or may implement, regulatory requirements that mandate switching of domestic payments either entirely in that country or by only domestic companies. - Some jurisdictions have implemented, or are considering implementing, requirements to collect, store and/or process data within their borders, as well as prohibitions on the transfer of data abroad, leading to technological and operational implications as well as increased compliance burdens and other costs. - Geopolitical events and any resulting OFAC sanctions, adverse trade policies, enforcement of U.S. laws related to countering the financing of terrorism, economic sanctions and anti-corruption, or other types of government actions could lead affected or other jurisdictions to take actions in response that could adversely affect our business. Moreover, because of various concerns jurisdictions may have with respect to our business, including any decisions we may make relating to entering or exiting a particular market, such jurisdictions may decide to begin to or increase their focus on growing local payment networks and other solutions. - Regional groups of countries are considering, or may consider, efforts to restrict our switching of regional transactions. - Governments have been increasingly creating and expanding local payments structures, which are increasingly being considered as alternatives to traditional domestic payment solutions and schemes such as ours. Such developments prevent us from utilizing our global switching capabilities for domestic or regional customers. In addition, to the extent a jurisdiction determines us not to be in compliance with regulatory requirements (including those related to data localization), we have been, and may again in the future be, subject to resource and time pressures in order to come back into compliance. Our inability to effect change in, or work with, these jurisdictions could adversely affect our ability to maintain or increase our revenues and extend our global brand. Additionally, some jurisdictions have implemented, or may implement, foreign ownership restrictions, which could potentially have the effect of forcing or inducing the transfer of our technology and proprietary information as a condition of access to their markets. Such restrictions could adversely impact our ability to compete in these markets.

Regulation - Risk 5

Our efforts to enter into acquisitions, strategic investments or new businesses could be impacted or prevented by regulatory scrutiny and could otherwise result in issues that could disrupt our business and harm our results of operations or reputation.

We continue to evaluate our strategic acquisitions of, and investments in, complementary businesses, products or technologies. As we do so, we face increasing regulatory scrutiny with respect to antitrust, national security and other considerations that could impact these efforts. We also face competition for acquisition targets due to the nature of the market for technology companies. As a result, we could be prevented from successfully completing such acquisitions in the future. If we are not successful in these efforts, we could lose strategic opportunities that are dependent, in part, on inorganic growth. To the extent we do make these acquisitions, we may not be able to successfully partner with or integrate them, despite original intentions and focused efforts. Such an integration also may divert management's time and resources from our core business and disrupt our operations. Moreover, we have spent, and may continue to spend, time and money on acquisitions or projects that do not sufficiently meet our expectations (either strategically or financially), which has resulted (and may in the future result) in divesting from or otherwise exiting these investments or businesses. Additionally, to the extent we pay the purchase price of any acquisition in cash, it would reduce our cash reserves available to us for other uses, and to the extent the purchase price is paid with our stock, it could be dilutive to our stockholders. Furthermore, we have inherited and may in the future inherit litigation risk which has or may increase our post-acquisition costs of operations. Any acquisition, investment or entry into a new business could subject us to new regulations or legal requirements, both directly as a result of the new business as well as in the other existing parts of our business, with which we would need to comply. This compliance could increase our costs, and we could be subject to liability or reputational harm to the extent we cannot meet any such compliance requirements. Additionally, targets that we acquire have had, and may in the future have, data practices that do not initially conform to our privacy, data protection and information security standards and data governance model, which could lead to regulatory scrutiny and reputational harm. These targets also have resulted in, and may in the future lead to, information security vulnerabilities for us.

Regulation - Risk 6

Our work with governments exposes us to risks that could have a material impact on our business and results of operations.

As we increase our work with national, state and local governments (both indirectly through financial institutions, system integrators and other third party partners and with them directly as our customers), we may face various risks inherent in associating or contracting directly with governments. These risks include, but are not limited to, the following: - Governmental entities typically fund projects through appropriated monies. Changes in governmental priorities or other political developments, including disruptions in governmental operations, could impact approved funding and result in scope changes or termination of the arrangements or contracts we or financial institutions enter into with respect to our products and services. - Our work with governments is heavily regulated, subjecting us to additional potential exposure under U.S. and international anti-corruption laws (including the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act), as well as compliance with various procurement and other laws, regulations, standards and contract terms. Any violation and subsequent judgment or settlement related to the above could subject us to substantial monetary penalties and damages and have a significant reputational impact. Moreover, as a government contractor, we are subject to a government's right to conduct audits and investigations into both our contract performance and our compliance with applicable laws, regulations and contract terms. Any adverse finding could subject us to civil or criminal penalties, sanctions, or suspension or disbarment. - Working or contracting with governments (either directly or via our financial institution customers, system integrators or other third party partners) can subject us to heightened reputational risks, including extensive scrutiny and publicity, as well as a potential association with the policies of those governments. Any negative publicity or negative association with a government entity, regardless of its accuracy, may adversely affect our reputation. In addition, threat intelligence gathering services provided to governments through our acquisition of Recorded Future could negatively impact how we are viewed by other jurisdictions. Any of the above issues could have a material or adverse impact to our overall business and/or results of operations.

Litigation & Legal Liabilities3 | 9.4%

Litigation & Legal Liabilities - Risk 1

Merchants' continued focus on acceptance costs may lead to additional litigation and regulatory proceedings and/or increase our incentive program costs, which could materially and adversely affect our profitability.

Merchants are important constituents in our payments system. We rely on both our relationships with them, as well as their relationships with our issuer and acquirer customers, to continue to expand the acceptance of our products and services. We also work with merchants to help them enable new sales channels, create better purchase experiences, improve efficiencies, increase revenues and fight fraud. In the retail industry, we believe a set of larger merchants with increasingly global scope and influence are having a significant impact on all participants in the global payments industry, including Mastercard. Some large merchants have supported the legal, regulatory and legislative challenges to interchange fees that Mastercard has been defending, including the U.S. merchant litigations. Some merchants are increasingly asking regulators to review and potentially regulate our own network fees, in addition to interchange. See "Risk Factors – Payments Industry Regulation" in this Part I, Item 1A. The continued focus of merchants on the costs of accepting various forms of payment (including digital) may lead to additional litigation and regulatory proceedings. Certain larger merchants are also able to negotiate incentives from us and pricing concessions from our issuer and acquirer customers as a condition of accepting our products. We also make payments to certain merchants to incentivize them to create co-branded payment programs with us. As merchants consolidate and become even larger, we may have to increase the amount of incentives that we provide to certain merchants, which could materially and adversely affect our results of operations. Competitive and regulatory pressures on pricing could make it difficult to offset the costs of these incentives. Additionally, if the rate of merchant acceptance growth slows, our business could suffer.

Litigation & Legal Liabilities - Risk 2

Our role as guarantor, as well as other contractual obligations and discretionary actions, expose us to risk of loss or illiquidity.

We are a guarantor of certain third-party obligations, including those of certain of our customers and service providers. In this capacity, we are exposed to credit and liquidity risks. We may incur significant losses in connection with transaction settlements if a customer fails to fund its daily settlement obligations due to technical problems, liquidity shortfalls, insolvency or other reasons. The occurrence of bank failures, such as those seen in recent years, could increase the potential for such losses. Concurrent settlement failures of more than one of our larger customers or of several smaller customers either on a given day or over a condensed period of time may exceed our available resources. In addition, Brazil recently enacted regulation requiring PSOs in Brazil (including Mastercard and Visa) to extend their responsibility for the financial and settlement integrity of payments to merchants. As we continue to be subject to increased regulation across the globe, more jurisdictions may enact similar approaches from time to time. Any such changes could increase complexity and may impact our cost of operations and financial condition. Certain non-guaranteed transactions, as well as chargebacks to acquirers in the event of acquirer default, could result in elevated brand risk and the potential for financial loss. We have significant contractual indemnification obligations with certain customers, which could be triggered depending on the circumstances. Any of the above issues or events could have a material or adverse impact to our overall business and/or results of operations. Class A Common Stock and Governance Structure

Litigation & Legal Liabilities - Risk 3

Liabilities or business limitations resulting from litigation could materially and adversely affect our results of operations.

We are a defendant in a number of civil litigations and regulatory proceedings and investigations, including among others, those alleging violations of competition and antitrust law and those involving intellectual property claims (as described in Note 19 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8). In the event we are found liable in any material litigations or proceedings (particularly in a large class-action lawsuit or on the basis of an antitrust claim entitling the plaintiff to treble damages or under which we were jointly and severally liable), we could be subject to significant damages, which could have a material adverse impact on our overall business and results of operations. Certain limitations have been placed on our business because of litigation and litigation settlements, such as changes to our no-surcharge rule in the U.S. and Canada. Any future limitations resulting from the outcomes of any litigation and litigation settlements (such as the Rules Relief Class settlement as described in Note 19 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8) or regulatory proceeding, including any changes to our rules or business practices, could impact our relationships with our customers, including reducing the volume of business that we do with them, which may materially and adversely affect our overall business and results of operations. Business and Operations

Taxation & Government Incentives1 | 3.1%

Taxation & Government Incentives - Risk 1

We could be subject to adverse changes in tax laws, regulations and interpretations or challenges to our tax positions.

We are subject to tax laws and regulations of the U.S. federal, state and local governments as well as various non-U.S. jurisdictions. Current and potential future changes in existing tax laws, including regulatory guidance, are continuously being considered and have been or may be enacted (such as guidelines issued by the Organization for Economic Co-operation and Development (OECD) which impact how multinational enterprises are taxed on their global profits). These changes have and in the future may continue to have an impact on our effective income tax rate and tax payments. Similarly, changes in tax laws and regulations that impact our customers and counterparties, or the economy generally, have impacted and may continue to impact us. In addition, tax laws and regulations are complex and subject to varying interpretations, and any significant failure to comply with applicable tax laws and regulations in all relevant jurisdictions could give rise to substantial penalties and liabilities. Jurisdictions around the globe have also increased tax-related audits, which require time and resources to resolve. Any changes in enacted tax laws, rules, regulatory or judicial interpretations or guidance; any adverse outcome in connection with tax audits in any jurisdiction; or any changes in the pronouncements relating to accounting for income taxes could materially and adversely impact our effective income tax rate, tax payments, financial condition and results of operations.

Environmental / Social3 | 9.4%

Environmental / Social - Risk 1

Information security incidents or account data compromise events could disrupt our business, damage our reputation, increase our costs and cause losses.

Information security risks for payments and technology companies such as ours have significantly increased in recent years in part because of the proliferation of new technologies (including AI), the use of the Internet and telecommunications technologies to conduct financial transactions, and the increased sophistication and activities of organized crime, hackers, "hacktivists", terrorists, nation-states, state-sponsored actors and other external parties. These threats may derive from fraud or malice on the part of our employees or third parties, or may result from human error, software bugs, server malfunctions, software or hardware failure or other technological failure. These threats include cyber-attacks such as computer viruses, denial-of-service attacks, malicious code (including ransomware), social-engineering attacks (including phishing attacks) or information security breaches and could lead to the misappropriation or loss of consumer account and other information and identity theft. These types of threats have risen significantly due to a significant portion of our workforce working in a hybrid environment. The widespread use of AI, and its increasing capabilities, is enhancing the frequency and effectiveness of threat actors. Our operations rely on the secure transmission, storage and other processing of confidential, proprietary, sensitive and personal information and technology in our computer systems and networks, as well as the systems of our third-party providers. Our customers and other parties in the payments value chain, as well as account holders, rely on our digital technologies, computer systems, software and networks to conduct their operations. In addition, to access our products and services, our customers and account holders increasingly use personal smartphones, tablet PCs and other mobile devices that may be beyond our control. We, like other financial technology organizations, routinely are subject to cyber-threats and our technologies, systems and networks, as well as the systems of our third-party providers, have been subject to attempted cyber-attacks. Because of our position in the payments value chain, we believe that we are likely to continue to be a target of such threats and attacks. Geopolitical events and resulting government activity could also lead to information security threats and attacks by affected or sympathizing jurisdictions or other actors, which could put our information and assets at risk, as well as result in network disruption. In addition, the current or future listing of Recorded Future as an "undesirable" or "unreliable" entity by certain jurisdictions could further increase our risks in this area. To date, we have not experienced any material impact relating to cyber-attacks or other information security breaches. However, future attacks or breaches could lead to security breaches of the networks, systems (including third-party provider systems) or devices that our customers use to access our products and services, which in turn could result in the unauthorized disclosure, release, gathering, monitoring, misuse, loss or destruction of confidential, proprietary, sensitive and personal information (including account data information) or data security compromises. Such attacks or breaches could also cause service interruptions, malfunctions or other failures in the physical infrastructure, networks or operations systems that support our business and customers (such as the lack of availability of our services), as well as the operations of our customers or other third parties. In addition, they could lead to damage to our reputation with our customers, other stakeholders and the broader payments ecosystem, additional costs to us (such as repairing systems, adding new personnel or protection technologies or compliance costs), regulatory penalties, financial losses to both us and our customers and partners and the loss of customers and business opportunities. These consequences could be further pronounced in jurisdictions in which we are deemed critical national infrastructure. If such attacks are not detected immediately, or disclosed as required by law, their effect could be compounded. In addition to information security risks for our systems and networks, we also routinely encounter account data compromise events involving merchants and third-party payment processors that process, store or transmit payment transaction data, which affect millions of Mastercard, Visa, Discover, American Express and other types of account holders. Further events of this type may subject us to reputational damage and/or lawsuits involving payment products carrying our brands. Damage to our reputation or brands resulting from an account data breach of our systems and networks or those of our customers, merchants and other third parties could decrease the use and acceptance of our products and services. Such events could also slow or reverse the trend toward electronic payments. In addition to reputational concerns, the cumulative impact of multiple account data compromise events could increase the impact of the fraud resulting from such events by, among other things, making it more difficult to identify consumers. Moreover, while most of the lawsuits resulting from account data breaches do not involve direct claims against us and while we have releases from many issuers and acquirers, we could still face damage claims, which, if upheld, could materially and adversely affect our results of operations. While we offer security solutions that are designed to prevent, detect and respond to fraud and cyber-attacks, there can be no assurance that such security solutions will perform as expected or address all possible security threats. Real or perceived defects, failures, errors or vulnerabilities in our security solutions could adversely impact our reputation, customer confidence in our solutions and our business and may subject us to litigation, governmental audits and investigation or other liabilities. Such events could have a material adverse impact on our transaction volumes, results of operations and prospects for future growth, or increase our costs by leading to additional regulatory burdens being imposed on us. In addition, companies have generally experienced in recent years an increase in fraudulent activity and cyber-attacks, which has been further exacerbated by the increased use of AI. Criminals are using increasingly sophisticated methods to capture consumer personal information to engage in illegal activities such as counterfeiting or other fraud and may see their effectiveness enhanced by the use of AI. As outsourcing and specialization become common in the payments industry, there are more third parties involved in processing transactions using our payment products. We continue to take measures to make card and digital payments more secure. However, increased fraud levels and cyber-attacks involving our products, services and/or network, or misconduct or negligence by third parties switching or otherwise servicing our products and services could damage our reputation and reduce the use and acceptance of our products and services and/or increase our compliance costs. Further, such occurrences have resulted in and could further result in legislative or regulatory intervention, which could lead to enhanced security requirements and liabilities. See "Risk Factors - Privacy, Data, AI and Information Security" in this Part I, Item 1A for more detail concerning related legal risks and obligations. Despite various mitigation efforts that we undertake, there can be no assurance that we, or third parties with which we work, will not suffer material breaches and resulting losses in the future. While we maintain insurance coverage, such coverage may not be adequate to protect us from such losses as well as any liabilities or damages with respect to claims alleging compromises of our confidential, proprietary, sensitive or personal information or our technologies, systems or networks. In addition, we cannot be sure that our existing insurance coverage will continue to be available on acceptable terms or at all, or that our insurers will not deny coverage as to any future claim. Our risk and exposure to these matters remain heightened due to, among other things, the evolving nature of these threats, our prominent role in the global payments ecosystem, our continued implementation of our strategic priorities, our extensive use of third-party vendors and potential vulnerabilities from previous and future acquisitions, strategic investments or related opportunities. As a result, we remain focused on the continued development and enhancement of our controls, processes and practices designed to protect our computer systems, software, data and networks from attack, damage or unauthorized access. As cyber-threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities. Any of the risks described above could materially adversely affect our overall business and results of operations.

Environmental / Social - Risk 2

Regulation and enforcement of privacy, data, AI, information security and the digital economy could increase our costs and lead to legal claims and fines, as well as negatively impact our growth and reputation.

We are subject to increasingly complex, fragmented, overlapping and/or divergent laws and regulations related to privacy and data protection, data use and governance, AI and information security (including with respect to cybersecurity and cyber-risk) in the jurisdictions in which we do business. New or updated laws and regulations have led, and may continue to lead, to similar, stricter or at times conflicting requirements, creating an uncertain regulatory environment. For example, some jurisdictions have implemented or are otherwise considering requirements to collect, store and/or process data within their borders, as well as prohibitions on the transfer of and access to data abroad, leading to technological and operational implications. Other jurisdictions have adopted or are otherwise considering adopting sector-specific regulations for the payments industry and other industries in which we participate, including forced data sharing requirements or additional verification requirements. With respect to information security, any single breach could require parallel notifications to data protection authorities, cyber authorities and/or law-enforcement, often requiring different thresholds, reporting deadlines and formats. In addition, laws and regulations on AI, data governance and credit decisioning may overlap or conflict with, or diverge from, general privacy rules. Overall, these myriad laws and regulations may require us to modify or limit our data processing practices and policies, incur substantial compliance-related costs and expenses, and otherwise suffer adverse impacts on our business. Failure to comply with any of these laws, regulations and requirements (including as a result of conflicting regulations) could result in fines, sanctions or other enforcement actions or penalties (both civil and criminal), which could materially and adversely affect our results of operations and overall business, as well as have an impact on our reputation. As a user and deployer of AI technology, we are also subject to increasing and evolving laws and regulations related to AI governance, including the EU AI Act, and new applications of existing laws and regulations to AI. How our use and deployment of AI will be regulated is still developing as policymakers around the world consider how to regulate AI, and uncertainty remains as to how AI technology or its application (such as in agentic commerce) will continue to advance. In addition, the use of AI creates or amplifies risks that are challenging to fully prevent or mitigate. In particular, AI algorithms may generate inaccurate, unintended, unfair, biased or discriminatory outcomes (which may not be easily detectable or explainable) and may inadvertently disclose confidential information and/or breach intellectual property, privacy or other rights. Our implementation of robust AI governance and risk management frameworks, designed to ensure our responsible use of AI and help us to comply with emerging laws and regulations, may not be sufficient protection against these emerging risks. Further, as we acquire new companies and develop integrated and personalized products and services to meet the needs of a changing marketplace, we have expanded and may further expand our data profile through additional data types and sources, across multiple channels, and involving new partners. This expansion has amplified and may continue to amplify the impact of these various laws and regulations on our business or subject us to new laws and regulations. For example, as a provider of global threat intelligence services through Recorded Future, we are subject to increased exposure to certain laws and regulations, including global cybercrime and other laws and regulations in various jurisdictions. As a result, we are required to constantly monitor our data practices and potentially change them when necessary or appropriate. We also need to provide increased care in our data management, governance, quality and accuracy practices, particularly as it relates to the use of data in products leveraging AI. New requirements and rules, or changing interpretations of existing requirements in these areas, or the development of new regulatory schemes related to the digital economy in general, may also increase our costs and/or restrict our ability to leverage data or use AI for innovation. This could impact the products and services we offer and other aspects of our business, such as fraud monitoring, the need for improved data management, governance, quality and accuracy practices, the development of information-based products and solutions, and technology operations. In addition, these requirements may increase the costs to our customers of issuing payment products or using information products, which may, in turn, decrease the number of our products that they offer. While we intend to comply with all regulatory requirements, innovate responsibly and deploy Privacy by Design, Data by Design and AI Governance approaches to all of our product development, the speed and pace of changes in laws (as well as stakeholder interests) may not allow us to meet rapidly evolving regulatory and stakeholder expectations. Any of these developments could materially and adversely affect our overall business and results of operations.

Environmental / Social - Risk 3

Environmental, social and governance matters and related stakeholder reaction may impact our reputation, increase legal exposure and/or have other business impacts, which could adversely affect our overall business and/or results of operations.

Our brand and reputation are associated with the ways in which we impact environmental, social and governance matters. These matters include initiatives to reduce greenhouse gas emissions, help everyone participate in the digital economy and create a workplace where everyone has the opportunity to succeed. Consumers, investors, employees and other stakeholders are increasingly focused on these impacts. To the extent any of our disclosures, public statements and metrics about these matters are subsequently viewed as inaccurate or unlawful, or we are unable to execute on these initiatives, we may be viewed negatively by stakeholders concerned about these matters. Moreover, in recent years, we have received negative feedback from stakeholders on the adequacy of our environmental, social and governance initiatives. We have also increasingly been receiving negative feedback from anti-environmental, social and governance stakeholders in opposition to such initiatives. Stakeholders from both sides of this issue may continue to view us negatively and take public action against us to the extent that we do not satisfy their conflicting views or expectations. In addition, various jurisdictions are increasingly adopting or considering laws, regulations and oversight expectations that have or would impact us pertaining to environmental, social and governance matters, including required corporate reporting and disclosures. These requirements have resulted in, and are likely to continue to result in, increased compliance costs for our business and supply chain, which may increase our operating costs. Moreover, as governments, investors and other stakeholders face pressure to address climate change and other environmental, social and governance matters, these stakeholders may express new expectations and focus investments in ways that could cause significant shifts in commerce and consumption behaviors. The impact of and uncertainty that could result from such shifts could ultimately impact our business. Any of the above issues could have a material or adverse impact to our overall business and/or results of operations.

Ability to Sell

Total Risks: 11/32 (34%)Above Sector Average

Competition2 | 6.3%

Competition - Risk 1

Substantial and intense competition worldwide in the global payments industry may materially and adversely affect our overall business and results of operations.

The global payments industry is highly competitive. Our payment programs compete against competitors both within and outside of the global payments industry and compete in all payment categories, including paper-based payments and all forms of electronic payments. We compete against general purpose payments networks, debit and local networks, ACH and real-time account-based payments systems, digital wallets and other fintechs (focused on online activity across various channels and processing payments using in-house capabilities), digital public infrastructure and other government-backed solutions and digital currencies. We also face competition from companies that provide alternatives to our services and other solutions. Our traditional competitors may have substantially greater financial and other resources than we have, may offer a wider range of programs, services, and payment capabilities than we offer or may use more effective advertising and marketing strategies to achieve broader brand recognition and merchant acceptance than we have. They may also introduce their own innovative programs, services and capabilities that adversely impact our growth. Certain of our competitors to our payment network operate three-party payments systems with direct connections to both merchants and consumers, potentially providing competitive advantages. If we continue to attract more regulatory scrutiny than these competitors because we operate a four-party system, or we are regulated because of the system we operate in a way in which our competitors are not, we could lose business to these competitors. See "Business - Competition" in Part I, Item 1. Certain of our competitors have developed alternative, e-commerce and/or mobile device payments systems, as well as physical store locations. A number of these competitors rely principally on technology to support their services that provides cost advantages, and as a result may benefit from lower costs than we do. Many of these competitors are also able to use existing payment networks without being subject to many of the associated costs. Moreover, these competitors also occupy various roles in the payments ecosystem that enable them to influence payment choice of other participants. With respect to government-backed solutions, including those involving DPI, government participation in structures could prevent us from entering into, or substantially restrict us from participating in, particular geographies. Any of these factors could put us at a competitive disadvantage. Our ability to compete may also be affected by regulatory and legislative initiatives, as well as the outcomes of litigation, competition-related regulatory proceedings and both central bank and legislative activity. If we are not able to differentiate ourselves from our competitors, drive value for our customers and/or effectively align our resources with our goals and objectives, we may not be able to compete effectively against these threats. Our failure to compete effectively against any of the foregoing threats could materially and adversely affect our overall business and results of operations.

Competition - Risk 2

Exclusive/near exclusive relationships certain customers have with our competitors may have a material adverse impact on our business.

While we have exclusive, or nearly-exclusive, relationships with certain of our customers to issue payment products, other customers have similar exclusive, or nearly-exclusive, relationships with our competitors. These relationships may make it difficult or cost-prohibitive for us to do significant amounts of business with these customers to increase our revenues. In addition, these customers may be more successful and may grow faster than the customers that primarily issue our payment products, which could put us at a competitive disadvantage. Furthermore, we earn substantial revenue from customers with nearly-exclusive relationships with our competitors. Such relationships could provide advantages to the customers to shift business from us to the competitors with which they are principally aligned. A significant loss of our existing revenue or transaction volumes from these customers could have a material adverse impact on our business.

Demand3 | 9.4%

Demand - Risk 1

Losing a significant portion of business from one or more of our largest customers could lead to significant revenue decreases in the longer term, which could have a material adverse impact on our business and our results of operations.

Many of our customer relationships are not exclusive. Our customers can reassess their future commitments to us subject to the terms of our contracts, and they separately may develop their own services that compete with ours. Our business agreements with these customers may not ultimately reduce the risk (inherent in our business) that customers may terminate their relationships with us in favor of relationships with our competitors, or for other reasons, or might not meet their contractual obligations to us. In addition, a significant portion of our revenue is concentrated among our five largest customers. Loss of business from any of our large customers could have a material adverse impact on our overall business and results of operations.

Demand - Risk 2

Disintermediation from stakeholders both within and outside of the payments value chain could harm our business.

As the payments industry continues to develop and change, we face disintermediation and related risks, including the following: - Parties that process our transactions in certain countries (such as merchants and third-party payment processors) may try to eliminate our position as an intermediary in the payment process by switching transactions directly with issuers or processing transactions directly between issuers and acquirers. - Payments industry participants may develop their own products and services to support our switched transaction and payments offerings, forcing us to change our pricing or practices for our own offerings in order to compete. Participants may also withhold rights to data we use to power our solutions in order to support their own potential future solutions, potentially impacting the effectiveness of our solutions. In addition, governments may promote their own national or international payments platforms, potentially putting us at a competitive disadvantage in those markets, or requiring us to compete differently. Moreover, as central banks experiment with CBDCs, policies and design considerations that governments adopt could impact the extent of our role in facilitating CBDC-based payment transactions, potentially impacting the transactions that we may process over our network. - Payments industry participants continue to invest in and develop alternative capabilities, such as account-based payments, which could facilitate P2M transactions that compete with both our payment network and our additional payments capabilities. - Fintechs and technology companies could develop platforms or networks that disintermediate us from digital payments as well as develop products or services that compete with our customers and could diminish demand for our products and services. In addition, we face a heightened risk that data we share with these companies as part of our products and services could be used in a way that could put us at a competitive disadvantage. - Payments industry participants may merge, create joint ventures or form other business combinations that may strengthen their existing business services, leverage other business models to create a competitive edge over us or create new payment products and services that compete with our products and services. - Regulation may disintermediate issuers by enabling third-party providers opportunities to route payment transactions toward their own forms of payment by offering account information or payment initiation services directly to our product users. Such regulation may also provide these processors with the opportunity to commoditize the data that are included in the transactions they are servicing. Disintermediation of our customers' business could diminish demand for our products and services. Our failure to compete effectively against any of the foregoing competitive threats could materially and adversely affect our overall business and results of operations.

Demand - Risk 3

Consolidation amongst our customers could materially and adversely affect our overall business and results of operations.

The industries in which our customers participate have undergone substantial, accelerated consolidation in the past. These consolidations have included customers with a substantial Mastercard portfolio being acquired by institutions with a strong relationship with a competitor. Potential future consolidation could occur as a result of bank failures, similar to those that occurred in recent years. If significant consolidation among customers were to continue, it could result in the substantial loss of business for us, which could have a material adverse impact on our business and prospects. In addition, one or more of our customers could seek to merge with, or acquire, one of our competitors, and any such transaction could also have a material adverse impact on our overall business. Consolidation could also produce a smaller number of large customers, which could increase their bargaining power and lead to lower prices and/or more favorable terms for our customers. These developments could materially and adversely affect our results of operations.

Sales & Marketing4 | 12.5%

Sales & Marketing - Risk 1

Our business significantly depends on the continued success and competitiveness of our issuing and acquiring customers and, in many jurisdictions, their ability to effectively manage or help manage our brands.

While we work directly with many stakeholders in the payments system (including merchants, governments, fintechs and large digital companies and other technology companies), we are, and will continue to be, significantly dependent on our relationships with our issuers and acquirers and their respective relationships with account holders and merchants to support our programs and services. Furthermore, we depend on our issuing partners and acquirers to continue to innovate to maintain competitiveness in the market. We do not issue cards or other payment devices, extend credit to account holders or determine the interest rates or other fees charged to account holders. Each issuer determines these and most other competitive payment program features. In addition, we do not establish the discount rate that merchants are charged for acceptance, which is the responsibility of our acquiring customers. As a result, our business significantly depends on the continued success and competitiveness of our issuing and acquiring customers and the strength of our relationships with them. In turn, our customers' success depends on a variety of factors over which we have little or no influence, including economic conditions in global financial markets or their disintermediation by competitors or emerging technologies, as well as regulation. If our customers become financially unstable, we may lose revenue or we may be exposed to settlement risk. See "Risk Factors - Settlement and Third-Party Obligations" in this Part I, Item 1A with respect to how we guarantee certain third-party obligations. We switch a high percentage of domestic (or in-country) transactions conducted using cards with our brands. However, there are several jurisdictions in which domestic transactions are switched by our customers or other processors. Because we do not provide domestic switching services in these countries or have direct relationships with account holders, we depend on our close working relationships with our customers to effectively manage our brands, and the perception of our payments system, among consumers in these countries. We also rely on these customers to help manage our brands and perception among regulators and merchants in these countries, alongside our own relationships with them. From time to time, our customers may take actions that we do not believe to be in the best interests of our payments system overall, which may materially and adversely impact our business.

Sales & Marketing - Risk 2

Continued intense pricing pressure may materially and adversely affect our overall business and results of operations.

In order to increase transaction volumes, enter new markets and expand our products and services, we seek to enter into business agreements with customers through which we offer incentives, pricing discounts and other support that promote our products. In order to stay competitive, we may have to increase the amount of these incentives and pricing discounts so as to meet customer demand for better pricing arrangements and greater rebates and incentives. As a result, we may not be able to grow our volume and/or services to the extent necessary to compensate for the additional costs related to these increased incentives and pricing discounts. In addition, increased pressure on prices increases the importance of cost containment and productivity initiatives in areas other than those relating to customer incentives. In the future, we may not be able to enter into agreements with our customers if they require terms that we are unable or unwilling to offer, and we may be required to modify existing agreements in order to maintain relationships and compete with others in the industry. Some of our competitors are larger with greater financial resources and accordingly may be able to charge lower prices. In addition, to the extent that we offer discounts or incentives under such agreements, we will need to further increase transaction volumes or the amount of services provided in order to benefit from such agreements and to increase revenue and profit, and we may not be successful in doing so, particularly in the current regulatory environment. Our customers also may implement cost reduction initiatives that reduce or eliminate payment product marketing or increase requests for greater incentives or greater cost stability. In addition to decisions made by competitors and customers, we also face pressure from pricing regulation and litigation. Additionally, we face pricing pressure related to real-time account-based payment schemes. These pressures impact both domestic pricing (such as the increased use of schemes that offer increasingly lower or subsidized P2M pricing) and cross-border pricing (including from both competing schemes and global initiatives to lower the cost of cross-border payments to end users). Any of these factors could have a material adverse impact on our overall business and results of operations.

Sales & Marketing - Risk 3

Service disruptions that cause us to be unable to process transactions or service our customers could reduce our operational resilience and materially affect our overall business and results of operations.

Our transaction switching systems and other offerings may experience interruptions as a result of technology malfunctions, network degradation, updates and migrations to new technology and platforms, supply-chain attacks, fire, floods, earthquakes, weather events, power outages, telecommunications disruptions, terrorism, workplace violence, accidents or other catastrophic events (including those related to climate change). We have experienced in limited instances, and may continue to experience, some types of these interruptions. Our visibility in the global payments industry may also put us at greater risk of attack by terrorists, activists, or hackers who intend to disrupt our facilities, networks and/or systems. Inadequate infrastructure in lesser-developed markets could also result in service disruptions, which could impact our ability to do business in those markets. Additionally, we rely on third-party service providers for the timely transmission of information across our global data network. If one of our service providers fails to provide the communications capacity or services we require, as a result of natural disasters, operational disruptions, cybersecurity-related disruptions or failures, terrorism, hacking or any other reason, the failure could interrupt our services. Although we maintain an enterprise resiliency program to analyze risk, assess potential impacts, and develop effective response strategies, we cannot ensure that our business would be immune to these risks. Due to the intrinsic importance of our switching systems to our business, any interruption or degradation could adversely affect the perception of the reliability of products carrying our brands and materially adversely affect our overall business and our results of operations.

Sales & Marketing - Risk 4

Operating a real-time account-based payments network presents risks that could materially affect our business.

U.K. regulators have designated Vocalink, our real-time account-based payments network platform, to be a "specified service provider" and regulators in other countries may in the future expand their regulatory oversight of real-time account-based payments systems in similar ways. Any prolonged service outage on this network could result in quickly escalating impacts, including potential intervention by the Bank of England and significant reputational risk to Vocalink and us. For a discussion of related regulatory risks, see our risk factor in "Risk Factors - Payments Industry Regulation" in this Part I, Item 1A. Furthermore, the complexity of this payment technology requires careful management to address information security vulnerabilities that are different from those faced on our payment network. Operational difficulties, such as the temporary unavailability of our services or products, or information security breaches on our real-time account-based payments network could cause a loss of business for these products and services, result in potential liability for us and adversely affect our reputation.

Brand / Reputation2 | 6.3%

Brand / Reputation - Risk 1

Lack of visibility of our brand in our products and services, or in the products and services of our partners who use our technology, may materially and adversely affect our business.

As more players enter the global payments ecosystem, the layers between our brand and consumers and merchants increase. We often partner with other consumer brands on payment solutions, including large digital companies and other technology companies who are our customers and use our networks to build their own acceptance brands. In some cases, our brand may not be featured in the payment solution or may be secondary to other brands. Additionally, as part of our relationships with some issuers, our payment brand is only included on the back of the card. As a result, our brand may either be invisible to consumers or may not be the primary brand with which consumers associate the payment experience. This brand invisibility, or any consumer confusion as to our role in the consumer payment experience, could decrease the value of our brand, which could adversely affect our business.

Brand / Reputation - Risk 2

Negative brand perception may materially and adversely affect our overall business.

Our brands and their attributes are key assets of our business. The ability to attract consumers to our branded products and retain them depends upon the external perception of us and our industry: - Our business may be affected by actions taken by our customers, merchants or other organizations that impact the perception of our brands or the payments industry in general. From time to time, our customers may take actions that we do not believe to be in the best interests of our brands, such as creditor practices that may be viewed as "predatory". Moreover, adverse developments with respect to our industry or the industries of our customers or other companies and organizations that use our products and services (including certain legally permissible but high-risk merchant categories, such as adult content, firearms, alcohol and tobacco) may also, by association, impair our reputation, or result in greater public, regulatory or legislative scrutiny, as well as potential litigation. Additionally, we or our customers could take (or be perceived to take) actions related to these industries, which could be viewed negatively and result in threats or other retaliatory actions. We may also face similar scrutiny to the extent that we are unable to detect and/or prevent illegal activities using our payment products or otherwise occurring over our network. - Under some circumstances, our use of social media, or the use of social media by others as a channel for criticism or other purposes, could also cause rapid, widespread reputational harm to our brands by disseminating rapidly and globally actual or perceived damaging information about us, our products or merchants or other end users who utilize our products. - We are headquartered in the U.S. As such, a negative perception of the U.S. could impact the perception of our company, which could adversely affect our business. Any of the above issues could have a material and adverse effect on our overall business.

Finance & Corporate

Total Risks: 2/32 (6%)Below Sector Average

Share Price & Shareholder Rights2 | 6.3%

Share Price & Shareholder Rights - Risk 1

Mastercard Foundation's substantial stock ownership, and restrictions on its sales, may impact corporate actions or acquisition proposals favorable to, or favored by, the other public stockholders.

Mastercard Foundation owns shares of our Class A common stock representing greater than 5% of our general voting power. Historically, Mastercard Foundation had been restricted from selling or otherwise transferring its shares of Class A common stock prior to May 1, 2027, except to the extent necessary to satisfy its charitable disbursement requirements, for which purpose earlier sales were permitted and had occurred. In July 2023, pursuant to an application in consultation with Mastercard, Mastercard Foundation received court approval to advance that date to January 1, 2024. As a result, Mastercard Foundation is now permitted to sell all or part of its remaining shares, subject to certain conditions. In March 2024, Mastercard Foundation began selling shares pursuant to an orderly and structured plan to diversify its Mastercard shares over a seven-year period, while committing to remain a long-term Mastercard stockholder and retaining a significant holding of Mastercard shares in its portfolio. The directors of Mastercard Foundation are required to be independent of us and our customers. The ownership of Class A common stock by Mastercard Foundation, together with the seven-year diversification plan, could discourage or make more difficult acquisition proposals favored by other holders of the Class A common stock. In addition, because Mastercard Foundation intends to sell its shares over an extended period of time, it may not have the same interest in short or medium-term movements in our stock price as, or incentive to approve a corporate action that may be favorable to, our other stockholders.

Share Price & Shareholder Rights - Risk 2

Provisions in our organizational documents and Delaware law could be considered anti-takeover provisions and have an impact on change-in-control.

Provisions contained in our amended and restated certificate of incorporation and bylaws and Delaware law could be considered anti-takeover provisions, including provisions that could delay or prevent entirely a merger or acquisition that our stockholders consider favorable. These provisions may also discourage acquisition proposals or have the effect of delaying or preventing entirely a change in control, which could harm our stock price. For example, subject to limited exceptions, our amended and restated certificate of incorporation prohibits any person from beneficially owning more than 15% of any of the Class A common stock or any other class or series of our stock with general voting power, or more than 15% of our total voting power. In addition: - our stockholders are not entitled to the right to cumulate votes in the election of directors - our stockholders are not entitled to act by written consent - any representative of a Mastercard or Mastercard Foundation competitor is disqualified from service on our board of directors

Tech & Innovation

Total Risks: 2/32 (6%)Below Sector Average

Innovation / R&D1 | 3.1%

Innovation / R&D - Risk 1

Working with new customers and end users as we continue to expand our products and services can present operational and onboarding challenges, be costly and result in reputational damage if the new products or services do not perform as intended.

The payments markets in which we compete are characterized by rapid technological change, new product introductions, evolving industry standards and changing customer and consumer needs. In order to remain competitive and meet the needs of the payments markets, we are continually involved in developing and implementing complex multi-rail solutions and diversifying our products and services. These efforts carry the risks associated with any diversification initiative, including cost overruns, delays in delivery and performance problems. These projects also carry risks associated with working with different types of customers (such as corporations that are not financial institutions, non-governmental organizations (NGOs) and new end users). These differences may present new operational challenges, such as enhanced infrastructure and monitoring for less regulated customers. Our failure to effectively design and deliver these products and services could make our other offerings less desirable to these customers, or put us at a competitive disadvantage. In addition, if there is a delay in the implementation of our products or services (which could include compliance obligations, such as AML and CFT, and licensing requirements for applicable products and services), if our products or services do not perform as anticipated, or we are unable to otherwise adequately anticipate risks related to new types of customers, we could face additional regulatory scrutiny, fines, sanctions or other penalties, which could materially and adversely affect our overall business and results of operations, as well as negatively impact our brand and reputation.

Technology1 | 3.1%

Technology - Risk 1

Rapid and significant technological developments and changes could negatively impact our overall business and results of operations or limit our future growth.

The payments industry is subject to rapid and significant technological changes, including new technologies and changes to existing technologies (such as digital assets and blockchain, AI, machine learning, privacy enhancement and cybersecurity). These changes could result in new technologies that may be superior to, or render obsolete, the technologies we currently use in our programs and services. They may also result in new and innovative payment methods, products and services. Additionally, there are a number of factors relating to technology change that could impact us. These include: the inability of third parties on which we rely for the development of and access to new technologies to keep pace with technological changes (including with regard to AI); potential action from third-party patent holders, including notices or inquiries threatening litigation against us or our customers for alleged patent infringement or demanding significant license fees; the scope of, as well as customer and merchant resistance to, industry-wide solutions and standards (such as those related to tokenization or other security technologies); any difficulty we may experience in attracting and retaining employees with technology expertise; and the need to invest resources for new technologies, which could lead to further additional expenses. Any of these developments could impact our ability to develop and adopt new technologies, as well as improve and keep pace with current technologies and reflect such technology in our payments offerings. Moreover, regulatory or government requirements could continue to require us to host and deliver certain products and services on-soil in certain markets. As a result, we may need to alter our technology and delivery model, potentially resulting in additional expenses and/or other operational impacts. Our future success will depend, in part, on our ability to anticipate, develop or adapt to technological changes and evolving industry standards. If we fail to sufficiently develop and adopt new technologies, or improve and keep pace with current technologies and reflect such technology in our payments offerings, our payments offerings could be negatively impacted and/or we could be put at a competitive disadvantage. This could impact our ability to compete with new technologies and products, as well as encourage customers that use our technology to enhance and deliver their payment-related products and services (including fintechs and technology companies) to use their own technology to compete against us. These developments could lead to a decline in the use of our technology, products and services, which could have a material adverse impact on our overall business and results of operations.

Production

Total Risks: 2/32 (6%)Below Sector Average

Employment / Personnel1 | 3.1%

Employment / Personnel - Risk 1

We may not be able to attract and retain a highly qualified workforce, or maintain our corporate culture, which could harm our overall business and results of operations.

Our performance largely depends on the skills, capabilities and motivation of our employees (including our people leaders), as well as the environment we create for them to enable them to perform their jobs effectively. The market for specialized skill-sets remains highly competitive, particularly in emerging technologies. To the extent we are unable to differentiate our value proposition in the market, effectively develop leaders and build robust succession pipelines, it could impact our ability to deliver for our customers. Failure to attract, hire, develop, motivate and retain highly qualified talent could leave us vulnerable to not identifying and/or acting on emerging customer or market opportunities. In addition, broader trends such as escalations in global conflict and a rise in mental health needs are impacting the well-being of our people. To the extent we are unable to communicate effectively on these issues and provide support to our employees, we could experience a significant impact on our business, reputation and culture. Further, changes in and enforcement of immigration and work permit laws and visa regulations have made it difficult for employees to work in, or transfer among, jurisdictions where we operate, potentially impairing our ability to attract and retain talent. We also face increasing regulation with respect to new pay and benefits transparency requirements, which could subject us to liability or reputational harm if we do not adhere to these requirements in a timely manner. As our workforce composition continues to change, our employees may have different expectations with respect to flexibility and well-being support. Additionally, employees may require different levels of support as to re-skilling and upskilling in order to adapt to advancements in our industry and changes in technology. Further, certain current and prospective employees may have expectations as to positions we take on environmental, social and governance matters. To the extent we are unable to effectively meet and/or balance these different expectations and needs, we could experience a negative impact to the quality of our corporate culture, the productivity of our workforce and our ability to attract and retain talent. We rely on our people leaders to display integrity and decency, as role models for the Mastercard Way. To the extent our leaders behave in a manner that is not consistent with these values, we could experience significant impact to our brand and reputation, as well as to our corporate culture. Any one or more of the above could harm our overall business and results of operations.

Costs1 | 3.1%

Costs - Risk 1

Increased activity with respect to interchange rates could have an adverse impact on our business.

Interchange rates are a significant component of the costs that merchants pay in connection with the acceptance of products associated with our payment network. Although we do not earn revenues from interchange, interchange rates can impact the volume of transactions we see on our payment products. If interchange rates are too high, merchants may stop accepting our products or route transactions away from our network. If interchange rates are too low, issuers may stop promoting our products and services, eliminate or reduce loyalty rewards programs or other account holder benefits (e.g., free checking or low interest rates on balances), or charge fees to account holders (e.g., annual fees or late payment fees). Governments and merchant groups in a number of countries have implemented or are seeking interchange rate reductions through legislation, regulation and litigation. See "Business - Government Regulation" in Part I, Item 1 and Note 19 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8 for more details. If issuers cannot collect or we are required to reduce interchange rates, issuers may be less willing to participate in our four-party payments system. Alternatively, they may reduce the benefits associated with our products, choose to charge higher fees to consumers to attempt to recoup a portion of the costs incurred for their services, or seek a fee reduction from us to decrease the expense of their payment programs (particularly if regulation has a disproportionate impact on us as compared to our competitors in terms of the fees we can charge). These and other impacts could make our products less desirable to consumers, limit our ability to innovate or offer differentiated products, and/or make proprietary three-party networks or other forms of payment more attractive, ultimately reducing the volume of transactions over our network and our profitability. We are devoting substantial resources to defending our right to establish interchange rates in regulatory proceedings, litigation and legislative activity. The potential outcome of any of these activities could have a more positive or negative impact on us relative to our competitors. If we are ultimately unsuccessful in defending our ability to establish interchange rates, any resulting legislation, regulation and/or litigation may have a material adverse impact on our overall business and results of operations. In addition, regulatory proceedings and litigation could result (and in some cases has resulted) in us being fined and/or having to pay civil damages, the amount of which could be material.

Macro & Political

Total Risks: 2/32 (6%)Below Sector Average

Economy & Political Environment1 | 3.1%

Economy & Political Environment - Risk 1

Global economic, political, financial and societal events or conditions could result in a material and adverse impact on our overall business and results of operations.

Adverse economic trends. Adverse economic trends in key countries in which we operate may adversely affect our financial performance. Such impact may include, but is not limited to, the following: - Customers mitigating their economic exposure by limiting the issuance of new Mastercard products and requesting greater incentive or greater cost stability from us - Consumers and businesses reducing spending, which could impact domestic and cross-border spend - Debt limit and budgetary discussions in the U.S. have affected, and could further affect, the U.S. credit rating, impacting consumer confidence and spending - Uncertain global trade policies and related government actions (including those related to tariffs), which could have an adverse impact on our business (including with respect to consumer and business spending) and relationships with stakeholders - Government intervention (including the effect of laws, regulations and/or government investments on or in our financial institution customers), as well as uncertainty due to changing political regimes in executive, legislative and/or judicial branches of government, that may have potential negative effects on our business and our relationships with customers or otherwise alter their strategic direction away from our products - Tightening of credit availability that could impact the ability of participating financial institutions to lend to us under the terms of our credit facility Cross-border transactions. We switch substantially all cross-border transactions using Mastercard, Maestro and Cirrus-branded cards and generate a significant amount of revenue from cross-border volume fees and fees related to switched transactions. Revenue from switching cross-border and currency conversion transactions for our customers fluctuates with the levels and destinations of cross-border travel and our customers' need for transactions to be converted into their base currency. Cross-border activity has been, and may continue to be, adversely affected by world geopolitical, economic, health, weather and other conditions. These include or have included: - Global pandemics (and related post-pandemic global economic impacts) and potential separate outbreaks of flu, viruses and other diseases (any of which could result in future epidemics or pandemics)- Current and potential future geopolitical conflicts, as well as expansion into regional or global conflicts, and the resulting impacts to our business - The threat of terrorism and major environmental and extreme weather events (including those related to climate change) The impact of and uncertainty that could result from any of these events or factors could ultimately decrease cross-border activity. Additionally, any regulation of interregional interchange fees could also negatively impact our cross-border activity (for example, the targets announced by the G20 Financial Stability Board related to cross-border payments). In each case, decreased cross-border activity could decrease the revenue we receive. Russia's invasion of Ukraine. In addition to the cross-border impacts described above, our compliance with sanctions and our decision to suspend our business operations in Russia has led, and could further lead, to other legal ramifications and operational challenges, including fines, the nationalization of our subsidiary and any resulting impacts, and/or lawsuits. Standards. Our operations as a global payments network rely in part on global interoperable standards to help facilitate payments. To the extent geopolitical events or government intervention result in jurisdictions no longer participating in the creation or adoption of these standards, or the creation of competing standards, our products and services could be negatively impacted. Any of these developments potentially could have a material adverse impact on our overall business and results of operations.

Capital Markets1 | 3.1%

Capital Markets - Risk 1

Adverse currency fluctuations and foreign exchange controls could negatively impact our results of operations.

During 2025, approximately 71% of our revenue was generated from activities outside the U.S., which could be transacted in a non-functional currency. Impacts from currency fluctuations are included in our net income. Our risk management activities provide protection with respect to adverse changes in the value of only a limited number of currencies and are based on estimates of exposures to these currencies. In addition, the revenue we generate in entities with non-U.S. dollar functional currencies is subject to unpredictable currency fluctuations, including where the values of other currencies change relative to the U.S. dollar. If the U.S. dollar strengthens compared to currencies in which we generate revenue, this revenue may be translated at a materially lower amount than expected. Furthermore, we may become subject to exchange control regulations that might restrict or prohibit the conversion into U.S. dollars of our other revenue currencies and financial assets. The occurrence of currency fluctuations or exchange controls could have a material adverse impact on our results of operations.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.