A new law targeting firearm-related transactions has recently taken effect, and it’s already reshaping how merchants and payment gateways handle gun sales. The introduction of a dedicated Merchant Category Code (MCC) for firearms marks a major regulatory shift that could redefine transparency, compliance, and risk management in the payments industry.
For merchants, this change means more scrutiny and tighter reporting requirements. For payment processors and gateways, it introduces operational and ethical considerations that could affect who they work with and how they process transactions.
In this article, we’ll break down what the new gun MCC law entails, why it was introduced, and what it means for high-risk merchants navigating an already complex financial landscape.
Introduction to the Gun Merchant Category Code
The newly established gun Merchant Category Code (MCC) represents a significant development in how firearm-related transactions are tracked and managed within the payment ecosystem. It classifies businesses that sell firearms and ammunition under a specific transaction code. This change directly impacts firearm merchants applying for and maintaining merchant accounts, as their transactions will now be more closely monitored and categorized by financial institutions.
For merchants, the introduction of this MCC could influence everything from risk assessments and underwriting decisions to processing fees and ongoing account reviews. As with other high-risk industries, increased visibility means greater compliance expectations and a renewed need for payment partners that understand the nuances of evolving regulations.
Background and Purpose of the Gun MCC
The creation of the gun MCC was driven by growing public and legislative pressure to improve the tracking of firearm-related transactions. California played a pivotal role in this movement, with the passage of Assembly Bill 1587 (AB 1587), which mandated the adoption of a unique MCC for firearm and ammunition retailers. The goal of this legislation was to enable financial institutions to better identify potentially suspicious purchasing patterns while maintaining lawful commerce for responsible gun retailers.
MCC coding plays a critical role in how payment processors categorize and manage risk. Assigning specific codes to different industries allows financial institutions to determine the relative risk of each merchant type. For firearm sellers, this classification may lead to stricter underwriting standards and ongoing transaction monitoring.
Approval and Implementation Timeline
The International Organization for Standardization (ISO) first approved the dedicated MCC for gun retailers in September 2022, following years of debate among lawmakers, advocacy groups, and financial institutions. Initially, major card networks such as Visa, Mastercard, and American Express planned to adopt the new code shortly after approval. However, in March 2023, these networks announced temporary pauses in implementation due to industry backlash and legal challenges surrounding privacy and discrimination concerns. Despite these pauses, the movement toward formal implementation gained renewed momentum in 2024 when California’s AB 1587 passed.
State Reactions and Legislative Patchwork
The gun MCC has triggered a true patchwork across the U.S. As of 2025, several states have moved to require the code to improve transaction transparency at firearms retailers, while many have passed laws to block or limit its use on privacy and Second Amendment grounds. For merchants and gateways, this split creates multi-state compliance complexity; onboarding, MCC assignment, monitoring, and even data handling rules can change the moment a transaction crosses a state line.
States Supporting the Gun MCC
Very few states have implemented the firearm MCC so far. These include:
- California (AB 1587): Requires networks to make the firearms MCC available and acquirers to assign it to licensed firearms and ammunition merchants operating in the state. For merchants, that means MCC 5723 is no longer optional when applying for and maintaining accounts in California.
- Colorado (SB24-066): Followed California by mandating networks to provide—and processors to assign—the firearms MCC to in-state firearms merchants. Enforcement authority resides with the Colorado Attorney General.
- New York (AB 9862/SB 8479): Requires payment networks to make the MCC available, as of May 2025. Firearms merchants in NY should expect MCC 5723 treatment during underwriting and ongoing monitoring.
These pro-MCC laws explicitly tie merchant onboarding and maintenance to accurate MCC classification. Firearms sellers in these states should anticipate added scrutiny and documentation during underwriting.
Opposition and Bans in Other States
A growing list of states, including Texas, Florida, Georgia, Tennessee, Iowa, and Wyoming, have enacted statutes that prohibit assigning or using a firearms-specific MCC for retailers, often requiring that such merchants be coded under general merchandise or sporting goods instead. For example:
- Texas (HB 2837): Bars assigning or requiring a “firearms code” (explicitly referencing MCC 5723) and authorizes robust enforcement. The Texas Attorney General has explicit investigative powers, including issuing civil investigative demands, and can bring actions seeking injunctions and civil penalties of $10,000 per violation. The statute also provides notice-and-cure procedures and a limited private right of action for cardholders. For gateways and acquirers operating in Texas, this means strong AG oversight and significant penalties for misclassification.
- Florida (CS/SB 214): Prohibits classifying or assigning a firearms-specific MCC and authorizes state enforcement; merchants may be assigned general merchandise or sporting goods codes instead.
Because major card networks paused national rollout in March 2023 amid this state-level friction, merchants today face conflicting obligations depending on where they operate. Networks must still comply with mandates in states like CA, CO, and NY, while avoiding firearms-specific coding in prohibition states.
Payment Network Response and Compliance Initiatives
As the gun MCC becomes law in certain jurisdictions, card networks, banks, and payment operators are scrambling to define their roles, manage liability, and protect themselves from downstream risk. At High Risk Pay, we’re already seeing major networks adopt new oversight frameworks, and we’re working proactively to give merchants in high-risk verticals viable alternatives where large networks hesitate or outright refuse to engage.
Role of Major Card Networks
Visa, Mastercard, American Express, and Discover are at the fulcrum of MCC adoption. Their monitoring programs and enforcement levers will largely determine how aggressively firearm merchants are regulated in payments.
- Visa rolled out a revamped Visa Acquirer Monitoring Program (VAMP), which consolidates prior fraud and dispute oversight systems into a unified framework. Under VAMP, acquirers will be scored based on a ratio combining fraud, disputes, and enumeration attacks, and those exceeding thresholds may face fines, increased scrutiny, or termination. Enforcement began on October 1, 2025, and stricter thresholds are coming in 2026. For merchants, a VAMP violation could mean suspension or termination of Visa acceptance.
- Mastercard enforces its risk programs through its Merchant Monitoring Program (MMP) and related compliance rules. In June 2025, Mastercard updated MMP standards, strengthening expectations for proactive monitoring and requiring acquirers to use approved Merchant Monitoring Service Providers (MMSPs) to detect violations like merchant transaction laundering. Mastercard’s rules explicitly consider MCC miscoding violations (i.e. misclassifying a merchant’s business code) as a compliance risk that can trigger penalties.
- American Express, Discover, and others also reserve the right to review merchant classification, refuse or terminate merchant accounts, or assign heightened risk tiers based on MCC assignment, though public disclosures on their firearm-specific MCC policies are more opaque.
Because the gun MCC flags a merchant as operating in a contentious, high-risk vertical, falling out of compliance under these network programs could trigger account holds, termination, or inclusion in terminated merchant files, making re-application elsewhere extremely difficult.
At High Risk Pay, we anticipate these challenges and have structured underwriting and account controls tailored for firearm sellers, giving merchants options when traditional networks tighten enforcement or reject new applications.
Ecosystem Responsibilities
In addition to card networks, every participant in the payments chain now carries compliance duties and risk exposure.
- Acquirers and sponsor banks must enforce correct MCC assignments, monitor merchant behavior, and remediate or terminate accounts that violate network or state rules. If an acquirer repeatedly fails to enforce MCC rules or ignores flagged merchants, it could be penalized under programs like VAMP.
- Payment facilitators (PayFacs / ISOs / merchant aggregators) are on the front lines of underwriting. Under new rules, PayFacs must vet sub-merchants for compliance, ensure they are correctly classified, and monitor sub-merchant transactions for anomalies. Failure to do so may lead to cascading liability for the facilitator and upstream acquirer.
- Issuers (card-issuing banks) rely on MCC data to inform fraud, compliance, and sanctioning logic. Issuers may flag gun-related MCC usage for closer review or reject transactions in states that prohibit MCC assignment.
- Sponsor banks serve as the underwriting anchor for payment facilitators and must ensure their portfolios do not expose them to regulatory, reputational, or network risk. In some cases, sponsor banks may refuse to support accounts in jurisdictions where MCC usage is banned or contentious.
Technological and Compliance Innovations
As the gun MCC becomes a fixture in payments policy, the pressure is on to deploy smarter, more scalable tools that can keep pace with novel risks in firearm commerce. High Risk Pay is investing heavily in risk modeling, compliance automation, and real-time monitoring systems to give merchants and payment service providers a technical edge in a high-stakes space.
AI and Risk Management Technologies
Artificial intelligence (AI) is becoming an indispensable weapon in the fight against fraud, misclassification, and illicit activity in firearm retail. Here’s how AI is being applied in this space:
- Behavioral and pattern analysis: Machine learning models can ingest streams of transaction data (volume, frequency, geographic patterns, SKU links) to spot anomalous activity, such as sudden spikes in order volume, multiple transactions just under thresholds, or clustering of purchasers from high-conflict zones. These models are especially well-suited to detect schemes like false declines, order splitting, or layering tactics.
- Dynamic risk scoring: Instead of static risk tiers, AI enables continuous re-scoring of each merchant based on real-time activity. If a firearms merchant begins showing risk indicators (e.g., elevated chargeback ratio, suspicious interstate shipping), the system can flag it for review or automatically adjust hold rates or thresholds.
- Text and metadata analysis: Natural language processing (NLP) can parse merchant metadata (descriptions, product names, SKU texts) for firearm and ammunition keywords, even when disguised or obfuscated. Combined with pattern matching, this helps guard against misclassified or hidden firearm-related sales.
- Predictive compliance trigger generation: AI systems can forecast likely compliance violations before they happen, based on leading indicators (e.g., account drift, unexplained volume surges). Early alerts allow payment facilitators or acquirers to proactively engage with merchants for remediation rather than reactive enforcement.
These AI tools give stakeholders better visibility and proactive control in a vertical where risk can escalate rapidly.
Merchant Monitoring Tools
Aside from AI, several technical solutions are emerging to help processors, acquirers, and compliance teams enforce the gun MCC and manage high-risk merchants more effectively:
- MCC detection and validation engines: Software modules that cross-reference merchant-submitted MCCs against backend transaction data, merchant descriptions, and payment history. If a merchant claims a non-firearms MCC but shows pattern alignment with firearm sales, the engine can flag inconsistencies.
- Transaction laundering detection: Advanced tools that identify when high-risk merchants funnel transactions through low-risk merchants (e.g., coded under sporting goods or general merchandise) via merchant IDs, BIN mixing, or split routing. Metrics like cross-merchant flows, BIN overlap, and processing patterns are analyzed to uncover laundering.
- Anomaly monitoring dashboards: Real-time dashboards that show KPIs like chargeback velocity, dispute ratios, average ticket size, geographic dispersion, high-ticket outliers, and SKU clustering. These dashboards trigger alerts when metrics cross thresholds tailored for firearm verticals.
- Rule engines and policy automation: Compliance systems allowing administrators to codify state-by-state rules and enforce logic checks. Transactions or merchant profiles that break rules are automatically quarantined or escalated.
- API-based merchant verification: Onboarding and ongoing identity checks, license validations, and FFL (Federal Firearms License) verifications via third-party APIs. Integration with government or regulatory databases helps ensure merchants remain qualified for the firearm trade.
- Segmentation and portfolio isolation: Platforms that isolate firearm merchant sub-portfolios from other merchant classes, so compliance, risk models, reserve rules, and hold percentages can be compartmentalized and tailored without undue impact on lower-risk verticals.
By combining AI risk engines, real-time monitoring suites, and rules-based compliance systems, High Risk Pay and other sophisticated PSPs are enabling payment partners and merchants to stay ahead of evolving legislation and enforcement.
Conclusion
The introduction of the gun Merchant Category Code has reshaped how payment networks, banks, and merchants approach firearm-related transactions. This isn’t a simple compliance update; it’s a complex, multi-layered shift driven by a mix of federal standards, state-level legislation, and card network oversight. The result is a fragmented regulatory environment that demands vigilance from every participant in the payment ecosystem.
For firearm merchants, navigating this landscape means balancing operational efficiency with strict compliance. The consequences of misclassification, noncompliance, or failed monitoring can include account freezes, excessive reserves, or termination by major card networks.
High Risk Pay has deep experience supporting merchants in regulated industries, including the firearms sector. Our tailored risk management systems, transparent underwriting, and compliance-driven approach help ensure merchants stay operational even when the rules change. However, the information in this article should not be taken as legal advice. Because each state’s regulations and enforcement timelines differ, merchants should consult their state regulatory agency or a qualified attorney for specific legal guidance related to MCC compliance and firearm sales.If you’re ready to take the next step, apply for a firearms merchant account from High Risk Pay today.
