With the increased activity of state attorneys general, many companies today find themselves at the center of political battles over the role businesses play in driving social policy. We feature one recent example, as a case study and cautionary tale.
On September 2, 2022, American Express, Visa, and Mastercard received a letter from the attorneys general of California and New York calling for the companies to adopt merchant category codes for purchases at gun stores. A few weeks later, those same three companies received a letter from 24 other state attorneys general threatening the companies with criminal and civil legal action should the companies implement the codes. Satisfying one set of state AGs triggered another.
The issue arises from the practice of categorizing purchases on credit cards. Nearly every retail item has a four-digit merchant category code (MCC) which tracks where a consumer uses a credit card but does not flag the specific items purchased. MCCs exist for hundreds of businesses, including bookstores, newsstands, florists, bakeries, bowling alleys, and beauty salons. MCCs classify the type of business a retailer operates and reveal where a purchase was made; the codes do not disclose what products were purchased.
Until recently, the code credit card processors assigned to firearm retailers was a generalized merchandise or sporting goods category. The International Organization for Standardization (ISO)—a non-governmental international body that sets standards for the payment industry—recently approved a code to separately categorize sales at retailers whose primary business is firearm sales. Advocates say the new code can help track suspicious transactions of firearms and allow entities to report suspicious activity associated with gun trafficking and mass shootings. New York Mayor Eric Adams led a press conference demanding the companies take action. In a letter to the chief executives of American Express, Visa, and Mastercard, the California and New York's attorneys general asserted that, “identifying unusual patterns of firearm and ammunition purchases could help to prevent a future mass shooting or reduce the risk of gun trafficking.” In separate letters to American Express, Visa, and Mastercard, 28 members of Congress urged the companies to adopt the new MCCs and described multiple instances of shooters using credit cards to finance firearms and ammunition used in mass shootings. The letters asked the companies to submit responses to various questions about the companies' positions and histories with these issues.
By September 7, sources reported plans by all three companies to move forward with financial institutions to enable them to implement the new MCC categorization. Visa stated it would “proceed with next steps, while ensuring we protect all legal commerce on the Visa network in accordance with our long-standing rules.” Mastercard announced, “[w]e continue to support lawful purchases on our network while protecting the privacy and decisions of individual cardholders.” American Express said it will follow its usual business practices and work with third-party processors and partners to implement the code. The company stated, “[w]e are focused on ensuring that we have the right controls in place to meet our regulatory and fiduciary responsibilities, as well as prevent illegal activity on our network.” New York's attorney general and gun violence prevention groups applauded the move.
The following week, each company received a letter from more than 100 members of the House of Representatives. The letters called implementation of the codes “a transparent attempt to chill the exercise of constitutionally protected rights and to circumvent legal restrictions on the creation of firearm registries by the government.” The letters demanded that each company answer eight questions about their decision to comply with the ISO standard. Two days later, American Express, Visa, and Mastercard received a letter from 12 senators calling on the company to reverse the decision to implement the new MCCs. The letter claimed that the changes were being pushed for “nefarious reasons, and is likely only step one with calls for declining to process gun sales altogether coming in the near future.” The letter accused the companies of being “more than unbiased network operators seeking to maximize value for your customers and shareholders” and claimed the companies “have become antigun activists [them]selves, wittingly or not.” The senators stated they may “intercede on behalf of [their] constituents” and requested that the companies answer nine questions.
Less than a week later, the companies received a letter from 24 state attorneys general challenging the legality of the new MCC codes. The letter argued that the codes would unfairly single out law-abiding merchants and consumers. The letter also argued that the information obtained from the codes “can only result in its misuse, either unintentional or deliberate,” creating a risk that information will be “leaked, discovered, hacked, or otherwise obtained and misused by those who oppose Americans exercising their Second Amendment rights.” The letter warned the companies that the state AGs “will marshal the full scope of [their] lawful authority to protect our citizens and consumers from unlawful attempts to undermine their constitutional rights” and that the companies should “keep that in mind as [they] consider whether to proceed with adopting and implementing this Merchant Category Code.”
American Express, Visa, and Mastercard also faced pushback from other government officials and from the National Rifle Association (NRA). Florida's Chief Financial Officer, for example, announced that, if the codes were implemented, he would seek to “pass a law penalizing businesses who are targeting the right to bear arms.” A representative of the NRA claimed, “[t]his is not about tracking or prevention or any virtuous motivation—it's about creating a national registry of gun owners.”
For their part, the companies have emphasized that the ISO's creation of an MCC for firearms retailers will not change the information the companies collect. Visa explained that “MCCs do not give Visa or any other payment network visibility into product-level data.” That is, regardless of the MCC applied to a purchase at a firearms retailer or anywhere, payment networks have no visibility into whether a customer bought ammunition, safety equipment, or any other specific product. The companies do not (and have no plans to) use the codes to collect data. Despite the companies' commitment to continue to permit all lawful purchases on their networks, they remain at the center of the unwelcome controversy.
This instance is just the tip of the iceberg for companies in spaces regulated by state and federal actors. A move that appeases one actor will upset another, and these conflicting political currents are only getting stronger. Successful businesses today must navigate government scrutiny from numerous directions, including from state, federal, and local entities. Although the politicization of business is not new, the state AG dynamic has changed significantly in recent years, with state AGs shifting their focus from local issues to national issues. Counsel with recent experience from inside state AG offices is particularly valuable in advising companies facing fraught political pulls. Jenner & Block's Government Controversies and State Enforcement & Regulation Practices brings together experienced lawyers from varied backgrounds who understand these complex issues and who can guide clients as they navigate state AG investigations and litigation, Congressional oversight, global legislative and regulatory battles, and more.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
