When a customer swipes a card or taps their phone to pay, something happens before the transaction is approved: the payment network reads a four-digit code attached to the merchant. That code (the Merchant Category Code or MCC) determines the interchange fee the merchant pays, whether the customer earns rewards, and whether the transaction triggers AML screening.
Most merchants never think about their MCC until it costs them money or blocks them from getting a payment account. This guide explains what MCC codes are, how they are assigned, how they affect your business, and what high-risk MCC holders need to do to stay compliant.
What is an MCC code?
An MCC code is a four-digit number that classifies the type of goods or services a business offers. Every merchant that accepts card payments is assigned one by their payment processor.
MCC code definition
Merchant Category Codes were originally developed for tax reporting purposes and have since become a foundational element of how payment networks manage risk, calculate fees, and enable reward programs.
The MCC system is broadly aligned with the International Organization for Standardization (ISO) standard 18245. In practice, however, there is no single universally accepted set of MCCs used across all card networks and payment processors. The same business can receive slightly different codes from Visa, Mastercard, and American Express, though the category range structure is consistent.
MCCs are assigned by the payment processor or acquiring bank, not by the merchant. Merchants cannot self-select their category.
What an MCC code looks like
MCCs are four digits, ranging from 0001 to 9999. While invisible to users, MCCs directly influence fraud monitoring, transaction limits, and rewards eligibility.
Here are some real-world examples from India:
| MCC Code | Category | Real-world Example | Why it matters (fraud, rewards, risk) |
|---|---|---|---|
| 5411 | Grocery Stores / Supermarkets | Reliance Retail | Low-risk, high-frequency spend; often eligible for accelerated rewards |
| 5812 | Restaurants / Dining | Zomato | Rewards-heavy category; prone to friendly fraud and chargebacks |
| 4121 | Ride-hailing / Taxis | Ola Cabs | Behavioral signal for fraud models due to frequent, low-ticket transactions |
| 4511 | Airlines | IndiGo | High-value transactions → stricter fraud checks, higher decline rates if anomalous |
| 5815 | Digital Goods (Apps, media) | Google Play | Common in card-not-present fraud; small repeat transactions |
| 6051 | Wallet loads / Crypto / quasi-cash | CoinDCX | High-risk MCC; often excluded from rewards, closely monitored |
| 6012 | Financial Institutions (loans, fees) | HDFC Bank | Typically treated as quasi-cash; may attract fees, no rewards |
As regulators like the Reserve Bank of India push for stronger fraud controls, MCCs are becoming more important:
- High-risk MCCs (e.g., 6051) → tighter limits, additional authentication
- Misclassified MCCs → reward leakage or fraud blind spots
- Cross-border or digital MCCs → higher scrutiny under card-not-present flows
How are MCC codes assigned?
Understanding how MCCs are assigned helps merchants identify errors and dispute incorrect classifications before they cost money.
The assignment process
The payment processor or acquirer bank assigns the MCC during merchant onboarding. The processor reviews the business type, primary products or services, website content, and registration documents. The MCC is assigned based on the merchant’s primary revenue category: the business activity that accounts for the majority of sales.
For businesses that sell across multiple categories, the MCC reflects the dominant revenue source. A supermarket that also has a pharmacy inside it carries MCC 5411 (grocery), not 5912 (pharmacy), if grocery is the primary revenue driver.
The card network holds final authority over MCC assignment. Processors submit an application; the network approves or overrides it.
Can you change your MCC?
Merchants can request a MCC review if they believe their assigned code is inaccurate.
To dispute a classification, gather supporting evidence: your website, product catalog, business registration documents, and a breakdown showing what percentage of your revenue comes from each category. Submit a formal MCC review request to your payment processor in writing. The processor escalates to the card network for review, a process that typically takes several weeks and is not guaranteed to succeed.
The stakes are real. A merchant misclassified into a higher-risk category pays elevated interchange fees on every transaction. For businesses with significant card volume, that difference compounds quickly.
How MCC codes work in payment processing
MCCs are not just a classification label. They actively shape the economics and controls of every card transaction.
MCCs and interchange fees
Every card transaction includes an interchange fee: a percentage the merchant’s acquiring bank pays to the cardholder’s issuing bank. Interchange rates vary by MCC: lower-risk categories like grocery and utilities carry lower rates; higher-risk categories like gambling and digital goods carry higher ones.
The practical implication: two businesses processing the same volume at the same ticket size pay materially different costs depending on their MCC. Knowing your MCC and verifying it is accurate is a basic cost management step most merchants overlook.
MCCs and cardholder rewards
Credit card reward programs use MCCs to identify qualifying transactions for bonus categories. A card that offers enhanced cashback on “travel” uses airline MCCs (3000–3299) and hotel MCCs (3500–3999) to recognize those transactions automatically.
This is why a hotel restaurant may not qualify for restaurant rewards: it carries the hotel’s MCC, not a food service code. Cardholders who notice their rewards not posting as expected are often experiencing an MCC mismatch between their expectation and the merchant’s actual code.
MCCs and spending controls for corporate cards
Corporate and government card programs use MCCs to enforce spending policies at the transaction level. A travel-only corporate card can be configured to block all MCCs except airlines, hotels, car rentals, and approved meal categories. Per-transaction and daily limits are also configurable by MCC at the issuer level.
For finance teams building expense controls, MCC-based rules are more reliable than merchant name filters: names change, but MCCs generally do not.
High-risk MCC codes: What they are and why they matter
High-risk MCCs are among the most important concepts for merchants, payment processors, and compliance teams. Getting this wrong creates real business consequences.
What makes an MCC “high-risk”?
High-risk MCCs are categories with elevated chargeback rates, fraud rates, or regulatory complexity. Contributing factors include high dispute rates, subscription billing models that are difficult to cancel, significant AML and KYC exposure, and legal complexity that varies by jurisdiction.
Merchants in high-risk categories face a different operating environment: higher interchange fees, stricter fraud monitoring, rolling reserve requirements from acquirers, and more rigorous due diligence at onboarding.
Common high-risk MCC categories
In India, there is no formal, RBI-defined list of “high-risk MCCs.” Instead, how a transaction is treated from a risk perspective is determined by a combination of factors:
- What the Reserve Bank of India permits or restricts at a regulatory level
- How individual issuers choose to apply controls such as reward exclusions, transaction blocks, or limits
- The underlying fraud patterns associated with that category, such as chargebacks, scam prevalence, or money laundering exposure.
In practice, MCC acts as a signal, but the final risk treatment is shaped by this broader ecosystem of regulation and issuer policy.
Common high-risk / restricted MCC categories (India context)
| MCC | Category | Why It’s High-Risk (India context) |
|---|---|---|
| 7995 | Betting, gambling, casinos, lotteries | Largely prohibited or restricted under Reserve Bank of India guidelines; high fraud and chargeback rates |
| 6051 | Crypto, wallet loads, quasi-cash | AML risk + regulatory scrutiny; often excluded from rewards, tightly monitored by issuers |
| 6012 | Financial institutions (loan payments, funding, fees) | Treated as quasi-cash; misuse risk (credit cycling), often no rewards + additional fees |
| 5968 | Subscription / negative-option billing | RBI e-mandate rules → high failure rates, auto-renewal disputes, friction in recurring payments |
| 5816 | Digital goods, gaming (incl. real-money gaming overlays) | Risk depends on use-case; real-money gaming → high disputes + regulatory ambiguity |
| 4814 | Telecom services | Linked to OTP fraud, SIM swap vectors, and account takeover risk |
| 4829 / 6540 | Wallet loads / prepaid funding (varies by network) | Potential money laundering vector; closely monitored, sometimes restricted by issuers |
| 7273 | Dating services | Elevated chargebacks + scam exposure; issuer-level risk controls (not RBI-mandated) |
| 5967 | Adult content and services | Legal ambiguity + cross-border processing risk; often blocked by issuers |
High-risk MCCs and enhanced due diligence
This is where the compliance angle becomes directly relevant to payment aggregators and fintech teams.
Payment processors and acquirer banks apply enhanced due diligence for merchants in high-risk MCC categories at onboarding. Standard KYC (a business registration and bank account) is not sufficient. High-risk MCC merchants are typically required to provide beneficial ownership documentation, a review-ready website, an Anti-Money Laundering (AML) policy document, proof of applicable licenses, and often an interview with a compliance officer.
In India, the RBI’s Payment Aggregator guidelines require payment aggregators to conduct risk-based KYC and ongoing due diligence on all merchants they onboard. MCC is a primary risk signal driving which tier of due diligence applies.
AI-powered document verification platforms automate the document collection and verification layer for merchant onboarding, reducing the time to complete enhanced due diligence from days to hours while maintaining audit trails for regulatory review.
Chargeback monitoring by MCC
Card networks monitor chargeback rates per merchant and apply thresholds that trigger intervention programs. Merchants who exceed these thresholds face fines, higher reserves, or forced account termination.
High-risk MCCs (gambling, digital goods, subscriptions) are disproportionately represented in elevated chargeback data. Merchants in these categories need proactive chargeback management, not reactive remediation.
MCC codes and AML/KYC compliance
This is the angle most MCC guides miss entirely. MCC data is not just a fee and rewards mechanism. It is an active input into financial fraud prevention and AML transaction monitoring.
MCC as a risk signal in AML programs
AML transaction monitoring systems use MCC data to assess risk in real time. Transactions originating from high-risk MCCs (gambling, crypto exchanges) are automatically routed to enhanced screening layers. Transactions from low-risk MCCs like grocery or utilities receive lighter scrutiny.
The MCC is included in payment authorization data, which AML systems read at the moment of transaction. For financial institutions running real-time monitoring, MCC is one of the fastest and most reliable categorical risk signals available.
MCC-based merchant onboarding due diligence
Payment aggregators and acquiring banks must perform MCC-appropriate due diligence before onboarding any merchant. This is a regulatory requirement, not a best practice.
Under RBI guidelines for payment aggregators, KYC and AML due diligence must be proportional to merchant risk. For high-risk MCCs, this means beneficial ownership disclosure, a business model review, AML program documentation, and verification of applicable licenses. An AI-powered KYC platform automates document collection, OCR extraction, and AML screening, compressing merchant onboarding from days to hours without reducing compliance quality.
Prohibited MCC categories in India
RBI-regulated payment aggregators cannot onboard merchants in certain categories: lotteries, gambling, multi-level marketing schemes, and adult content. These categories are either illegal in India or require special licensing that most payment aggregators do not hold.
Crypto exchanges carrying MCC 6051 operate in a conditional category: operators must obtain Virtual Asset Service Provider (VASP) registration with FIU-IND before a regulated payment aggregator can onboard them.
Payment processors must configure their systems to block unauthorized MCC categories from completing merchant registration. Failure to do so creates direct regulatory liability.
MCC codes in India: RuPay and UPI context
India’s payment ecosystem has its own layer to MCC classification that global guides overlook.
RuPay network and MCC classification
RuPay, India’s domestic card network managed by NPCI, follows MCC standards broadly aligned with Visa and Mastercard. Merchants registered on RuPay receive a merchant category classification as part of their acquiring bank setup. This classification flows through to reward programs and compliance monitoring within the RuPay ecosystem.
UPI merchant categories and the link to MCCs
UPI transactions carry a merchant category identifier in their transaction metadata. Payment gateways assign UPI merchant categories during registration, and these categories are used by banks for reward program qualification, compliance monitoring, and fraud analytics.
Critically, merchants registering with UPI-enabled payment gateways undergo merchant KYC under RBI PA guidelines, and the merchant category drives which tier of due diligence is required at registration and on an ongoing basis.
For merchants operating across both card and UPI rails, ensuring consistent category classification across both channels prevents compliance gaps and reporting inconsistencies.
How to look up, manage, and dispute your MCC code
Knowing your MCC and verifying it is accurate are the first steps in managing its impact on your business.
How to find your MCC code
The most direct route: ask your payment processor or merchant acquirer. Your MCC will be documented in your merchant agreement or merchant account dashboard.
For developers using Stripe, the MCC for each transaction is available as merchant_data.category on Authorization objects in the Stripe Issuing API. Other payment gateways expose similar fields in their transaction data.
For merchants registered on UPI-enabled gateways, your acquiring bank can confirm your merchant category code on request.
How to dispute a wrong MCC
If your MCC does not accurately reflect your primary business, a correction is worth pursuing.
Gather evidence: screenshots of your website and product catalog, business registration documents, and a revenue breakdown showing your primary category. Submit a formal MCC review request to your payment processor in writing. The processor escalates to the card network; expect a review period of several weeks with no guaranteed outcome.
A successful reclassification to a lower-risk, lower-rate MCC can produce meaningful savings on interchange over time.
How to manage your MCC strategically
Before negotiating your processing rate with a payment processor, understand what your MCC implies for interchange. If your business spans materially different categories, consider whether separate merchant accounts for each revenue stream would produce better overall economics and lower compliance friction.
For businesses in high-risk categories, the path to reducing friction is proactive: strong compliance documentation, low chargeback rates, and clean AML records make you a lower-risk merchant regardless of your MCC. If your business category is inherently high-risk, investment in automated KYC and fraud controls is not an overhead cost. It is what keeps your payment account open.
FAQs:
What is an MCC code?
An MCC code (Merchant Category Code) is a four-digit number assigned by a payment processor that classifies the type of goods or services a merchant sells. It determines interchange fees, cardholder reward eligibility, and the level of AML and KYC scrutiny applied to transactions and onboarding.
How is an MCC code assigned?
Your payment processor or acquiring bank assigns the MCC during merchant onboarding, based on a review of your business type, website, products, and registration documents. The card network holds final authority. Merchants cannot self-assign their MCC.
Can I change my MCC code?
Yes, you can request a review if your MCC is inaccurate. Submit evidence of your primary business category to your payment processor, who escalates to the card network. The process takes several weeks and is not guaranteed to succeed.
What is a high-risk MCC?
High-risk MCCs are categories with elevated chargeback rates, fraud rates, or regulatory complexity, such as gambling (7995), cryptocurrency exchanges (6051), and subscription merchants (5968). Merchants in these categories face higher fees, stricter fraud monitoring, and more rigorous KYC requirements.
How do MCC codes affect interchange fees?
Interchange fees (paid by the merchant’s acquiring bank to the cardholder’s issuing bank on every transaction) vary by MCC. Lower-risk categories like grocery and utilities carry lower rates. Higher-risk categories like gambling and digital goods carry higher rates.
What is the MCC code for crypto exchanges?
Cryptocurrency and non-fiat currency exchanges are typically classified under MCC 6051. In India, crypto exchanges must also obtain VASP registration with FIU-IND before RBI-regulated payment aggregators can onboard them.
How do card issuers use MCC codes to prevent fraud?
Card issuers and AML transaction monitoring systems use MCC data to classify transaction risk in real time. High-risk MCCs trigger enhanced screening automatically. Corporate card programs use MCCs to enforce spending restrictions, blocking specific categories outright or applying transaction limits.
What MCC codes are prohibited in India?
RBI-regulated payment aggregators cannot onboard merchants in lottery, gambling, multi-level marketing, and adult content categories. Crypto merchants (MCC 6051) require VASP registration before a regulated aggregator can onboard them. Processors must configure systems to block these categories from completing registration.
