Enroll your merchant or platform in Mastercard ABU through your acquiring bank, which acts as the ABU participant on your behalf.
Build a batch inquiry process: compile a list of stored PANs with their expiry dates, format them per the ABU file specification, and submit the inquiry file to ABU (typically via SFTP or the ABU API).
Parse the response file to extract update records: 'account closed', 'new account number', 'new expiry date', or 'contact cardholder'.
Apply updates to your card vault: replace the PAN or expiry date as instructed; mark closed accounts to suppress future charges.
For real-time lookups (if your acquirer supports the ABU API), perform a synchronous inquiry before each recurring charge cycle.
Log all ABU update events with timestamps for audit purposes and to satisfy network compliance requirements.
Known gotchas
ABU only covers Mastercard-branded cards; Visa cards require a separate Visa Account Updater enrollment — do not assume a single integration covers both networks.
Issuers are not required to participate in ABU, so not all cards return update information; treat a 'no data' response as a soft signal rather than confirmation the card is still valid.
PCI DSS scoping still applies to any system that receives raw PANs from ABU response files — ensure your card vault and processing environment remain in scope.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp