What MCCs Are and Where They Come From
A Merchant Category Code is a four-digit number assigned to a business when they start accepting card payments. It classifies what the merchant sells — not who they are. A coffee shop gets 5814 (Fast Food Restaurants), a SaaS company gets 5734 (Computer Software Stores), and a hotel gets 7011 (Lodging).
The code is assigned by the acquiring bank during merchant onboarding, based on the merchant's primary business activity. Visa and Mastercard maintain their own MCC registries, but they overlap almost entirely. ISO 18245 standardizes the list globally.
Once assigned, the MCC travels with every transaction the merchant processes. It's embedded in the ISO 8583 authorization message (field 18) and the settlement file. Your system receives it whether you use it or not.
How MCCs Flow Through a Transaction
MCC 5814
Sets MCC
Routes + fees
Applies rules
The MCC influences decisions at every hop: the network uses it to calculate interchange, the issuer uses it for card controls (block gambling MCCs on corporate cards), and your platform uses it for categorization and compliance.
Why Engineers Should Care
MCCs aren't just metadata. They drive critical business logic:
- Interchange fees: MCC determines the rate. A supermarket (5411) pays ~0.6% interchange, while a money transfer service (4829) pays ~2.1%. Wrong MCC = wrong economics.
- Fraud rules: High-risk MCCs (gambling 7995, crypto 6051, dating 5968) trigger enhanced monitoring. Your fraud engine needs MCC-aware rules.
- Expense categorization: Corporate card programs auto-categorize spending by MCC. Your analytics pipeline depends on accurate classification.
- Regulatory compliance: Some MCCs require additional licensing (gambling, cannabis, adult content). Your merchant onboarding flow must validate MCC against regulatory requirements.
- Card controls: Issuers let cardholders block specific MCC ranges. Your authorization system must respect these restrictions.
Common MCC Ranges
| Range | Category | Examples | Risk Level |
|---|---|---|---|
| 0001-1499 | Agricultural | Farms, nurseries | Low |
| 1500-2999 | Contracted Services | Construction, HVAC | Low |
| 4000-4799 | Transportation | Airlines, taxis, ferries | Medium |
| 4800-4999 | Utilities | Telecom, cable, electric | Low |
| 5200-5699 | Retail Stores | Hardware, clothing, grocery | Low |
| 5700-5999 | Miscellaneous Retail | Jewelry, pet stores, drugs | Medium |
| 6010-6099 | Financial Services | Banks, crypto, wire transfer | High |
| 7800-7999 | Gambling & Entertainment | Casinos, lotteries, betting | High |
Building an MCC Classification System
If you're building a payment platform, you'll need an MCC lookup service. Here's a practical Go implementation:
type MCCEntry struct {
Code string
Description string
Category string
RiskLevel RiskLevel
Regulated bool
}
type RiskLevel int
const (
RiskLow RiskLevel = iota
RiskMedium
RiskHigh
RiskProhibited
)
type MCCRegistry struct {
entries map[string]MCCEntry
}
func (r *MCCRegistry) Lookup(code string) (MCCEntry, bool) {
e, ok := r.entries[code]
return e, ok
}
func (r *MCCRegistry) IsHighRisk(code string) bool {
e, ok := r.entries[code]
return ok && e.RiskLevel >= RiskHigh
}
func (r *MCCRegistry) RequiresLicense(code string) bool {
e, ok := r.entries[code]
return ok && e.Regulated
}Load MCC data from a versioned config file, not hardcoded constants. Networks update their MCC lists quarterly, and you need the ability to roll out changes without redeploying.
Tip: Visa publishes MCC updates in their quarterly Business News bulletins. Subscribe to these — a new MCC for crypto (6051) was added in 2022 and many platforms missed it, incorrectly classifying crypto exchanges as generic financial services.
MCC Misclassification Problems
Incorrect MCC assignment is more common than you'd think, and the consequences are real:
- Revenue loss: A merchant classified as 5411 (Grocery) instead of 5812 (Restaurants) pays different interchange. At scale, this costs thousands monthly.
- Compliance violations: A gambling merchant classified as 7993 (Video Amusement) instead of 7995 (Gambling) avoids regulatory scrutiny — until an audit catches it.
- Fraud blind spots: If your fraud engine doesn't see the true MCC, velocity rules for high-risk categories won't trigger.
- Chargeback liability: Visa's dispute rules differ by MCC. Wrong code can mean you lose a dispute you should have won.
Practical Implementation Patterns
- Store the raw MCC on every transaction. Don't just store a derived category — you'll need the original code for compliance audits and dispute evidence.
- Build a mapping layer. Map MCCs to your internal category taxonomy. This decouples your analytics from network-specific codes and handles the cases where Visa and Mastercard assign different MCCs to similar businesses.
- Validate MCC at merchant onboarding. Cross-reference the requested MCC against the merchant's business description and website. Flag mismatches for manual review.
- Monitor MCC changes. Acquirers can change a merchant's MCC. Your system should detect when a merchant's MCC shifts (especially to a higher-risk category) and trigger a re-review.
- Use MCC groups for rules, not individual codes. Don't write a fraud rule for MCC 7995. Write it for the "gambling" group that includes 7995, 7800, 7801, and 7802. This is more maintainable and catches edge cases.
// MCC group-based rule configuration
var highRiskGroups = map[string][]string{
"gambling": {"7800", "7801", "7802", "7995"},
"crypto": {"6051"},
"adult": {"5967", "7841"},
"money_xfer": {"4829", "6010", "6012"},
}
func IsInGroup(mcc string, group string) bool {
codes, ok := highRiskGroups[group]
if !ok {
return false
}
for _, c := range codes {
if c == mcc {
return true
}
}
return false
}Getting It Right
MCCs are one of those payment primitives that seem simple until they're not. The four-digit code carries regulatory weight, financial impact, and fraud signal all at once. Build your systems to treat MCCs as first-class data — store them, index them, monitor them, and keep your registry current.
The merchants and issuers downstream from your platform are making decisions based on these codes. Getting classification right isn't just good engineering — it's the difference between smooth operations and a compliance incident.
References
- Visa Supplier Locator — Merchant Category Codes
- Mastercard Quick Reference Booklet — MCC Listing
- ISO 18245 — Retail Financial Services MCC
- PCI Security Standards Council — Document Library
Disclaimer: This article reflects the author's personal experience and opinions. Product names, logos, and brands are property of their respective owners. Pricing and features mentioned are subject to change — always verify with official documentation.