How we support merchants and consumers through clear, consistent principles

We have previously published posts and perspectives on this site that explore the use of our network or correct misperceptions about some of our rules and standards.

In light of recent interest and conversation around the International Standards Organization’s (ISO) creation of a new merchant code (MCC) for standalone firearms retailers, we thought it was important to share the principles on how we manage such standards and the operation of our business.

• Lawful activity only – The standards and principles that govern our network are grounded in the rule of law. Quite simply, we allow all lawful purchases on the network. This includes firearms and related equipment, but also so many other things. Our principles ensure the application of a clear, consistent and reliable standard upon which consumers, businesses and governments across the world can understand and rely.
• Your privacy is our priority – We pride ourselves on being leaders in technology and security, and we have incorporated the highest privacy and data protection standards into our product design. When it comes to your data, our commitment is clear – You own it, you control it, you benefit from it, we protect it. This reinforces our respect for individuals’ right to transact privately with others.
• What you buy is your business – We do not track individual or personal data. When people use their cards, we don’t know who they are nor what they purchased. We only see the card number, the merchant’s name and location, the MCC, and the date and amount of transaction. The MCC only identifies the primary business of the merchant. There is no other data available through the MCC.
• Our standards are enforced – Our rules do not permit selective authorization of transactions, such as blocking based solely on an MCC. If we identify unauthorized blocking or intentional restrictions of legal commerce by any of our network participants, we will take action to address such activity.

These principles have been central to how we have operated our network for nearly 60 years. It’s consistent in how we work with other groups around security and technology standards. We take our role and responsibility seriously, ensuring we deliver on the expectations and promises that we have set.

Nothing in ISO’s creation of a MCC will cause us to deviate from these principles.