# Support
source: https://developer.mastercard.com/onboard-risk-check/documentation/support/index.md

## FAQ {#faq}

### General {#general}

Onboard Risk Check provides customers with comprehensive insights into the risks associated with a potential merchant during the onboarding process, including cyber vulnerabilities and sanctions screening. ORC can help reduce the overall onboarding time by consolidating these checks and allow customers to make better decisions. The cyber risk score is determined by passively evaluating the security and infrastructure safeguards, and gaps in an organization's online cyber environment without interfering in their day-to-day business. The cyber risk score evaluates over 40 criteria across 11 security domains and helps assess the business impact and criticality of each vulnerability uncovered to help determine an organization's final cyber risk score. Yes, ORC supports the inquiry created via [MATCH](https://developer.mastercard.com/onboard-risk-check/documentation/glossary/index.md) as long as all the necessary data about the merchant entity is already available as part of the original inquiry request. Please see [Use Cases - Using MATCH](https://developer.mastercard.com/onboard-risk-check/documentation/use-cases/orc/retrieve-inquiry/index.md#using-match). By cross-referencing provided identity details against certain Sanctions Lists, the Sanctions Screening functionality identifies any matches, indicating whether the entity or individuals are listed on one of the Sanctions Lists. This helps customers make informed decisions and avoid engaging with sanctioned entities, thus more effectively safeguarding their business interests and reputation. Hundreds of Global Watch Lists and Sanctions Lists including: OFAC, OSFI, FBI, EU, HM Treasury, PEP, etc.


Using electronic identity and address verification of the merchant, this feature will confirm whether the information provided matches what is publicly recognized, allowing the customer to infer the likelihood that the merchant/entity is who they say they are.   

<br />

### Onboarding {#onboarding}

Please note that initiating an inquiry through the Onboard Risk Check API will incur fees. For detailed information on pricing, we kindly recommend visiting the Technical Resource Center on Mastercard Connect and referring to announcement AN6187.


Non-Traditional Customers engage with Mastercard products outside of the direct Issuing/Acquiring space. A customer can be both a Traditional and Non-Traditional customer. Non-Traditional customers can be actively engaged with a specific product or service.   

<br />

### Integration {#integration}

* Onboard Risk Check offers two APIs:
  * Onboard Risk Check API: provides users insights to a breath of information including but not limited to cyber vulnerabilities and sanctions screening.
  * Onboard Risk Check API -- Cyber Only: provides only cyber vulnerabilities associated with the merchant.
Currently, Onboard Risk Check does not support bulk records. This function is being considered and may be added in future releases. Acquirers can seek help with the onboarding process by visiting [Mastercard Developer Support](https://developer.mastercard.com/support/). Once connectivity has been established, acquirers can start using the API. It represents a unique identifier to track the results of each inquiry request. When an acquirer initiates an inquiry through any channel, then the inquiry reference number (IRN) returned can be used later to retrieve the results of the inquiry. ORC supports the IRN created by [MATCH](https://developer.mastercard.com/onboard-risk-check/documentation/glossary/index.md) channels too. To see the parameters necessary for initiating an inquiry, please check [Parameters](https://developer.mastercard.com/onboard-risk-check/documentation/parameters/acquirers-parameters/index.md). Once you are familiar with the Sandbox environment, you can request a new consumer key for the Production environment. In this request, you will be asked to provide your CID. After submission, Mastercard will validate your request and map your production consumer key to your CID upon approval. This will allow you to get authorization when you consume the API in the Production environment. If you are receiving authorization errors for an IRN that you previously initiated using the same CID, please contact us to verify your onboarding data.


As part of our commitment to evolving market dynamics, we may update our APIs accordingly. We will strive to introduce any changes that are backward compatible. Any updates will be documented on this site.   

<br />

### Policy {#policy}

Certain inquiry types are prohibited in the country associated with the [ICA](https://developer.mastercard.com/onboard-risk-check/documentation/glossary/index.md) specified. If your business/entity is located in a restricted country for an inquiry type, you will receive a GEO_LOCATION_RESTRICTION message in the response payload. The restriction applies while creating an inquiry as well as fetching the results of an inquiry. For example, if Cyber Risk is NOT restricted but Sanctions Screening is restricted, you will receive null results for Sanctions Screening and Cyber Risk results will return as expected.

## Get Help {#get-help}

### Contact us for technical support. {#contact-us-for-technical-support}