// GLOSSARY -- PAYMENTS & FINTECH

What is a Merchant Category Code?

1 min read Updated

A Merchant Category Code (MCC) is a four-digit code assigned to businesses by card networks (Visa, Mastercard) that classifies the type of goods or services they provide — used for transaction categorization, spending controls, and compliance reporting.

WHY IT MATTERS

Corporate cards use MCCs to restrict employee spending by category — allow restaurants and travel, block gambling and cash advances. This category-based control model is powerful for managing spending without micromanaging every transaction.

The crypto and agent world doesn't have a native MCC system, but the concept translates directly. Instead of merchant categories, you have protocol categories (DEX, lending, bridge), token types (stablecoins, governance tokens, memecoins), and contract types (verified, unverified, proxy).

For agent spending controls, category-based restrictions are often more practical than per-recipient allowlists. Rather than approving every DeFi protocol individually, you allow the agent to interact with 'verified lending protocols' or 'audited DEXes' as categories.

HOW POLICYLAYER USES THIS

PolicyLayer implements MCC-like category restrictions for agent spending. Define allowed protocol categories (DeFi lending, DEXes, bridges), token types, and interaction patterns — giving agents flexibility within category-level boundaries.

FREQUENTLY ASKED QUESTIONS

How would MCCs work for crypto agents?
Instead of traditional merchant categories, agents get protocol categories: DEX interactions, lending protocol deposits, bridge transfers, NFT purchases, etc. Each category can have its own spending limits and restrictions.
What are the standard MCC code ranges?
MCCs are 4-digit codes: 3000-3999 (airlines/car rental), 4000-4999 (transportation), 5000-5999 (retail), 7000-7999 (services), etc. In crypto, equivalent categories would be protocol-specific.
Can you combine MCCs with spending limits?
Yes, and this is the most effective approach. Allow DEX interactions up to $1,000/day, lending deposits up to $5,000/day, and block bridge transfers entirely — category-level policies with amount limits.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.