Merchant Categories and MCC Codes
Control which types of merchants your AI agent can transact with using industry-standard MCC codes.
What Are MCC Codes?
Merchant Category Codes (MCCs) are four-digit numbers assigned by card networks (Visa, Mastercard) to classify businesses by the type of goods or services they provide. Every card transaction includes the merchant's MCC, which Sardis uses to enforce category-based spending policies.
How It Works: When a virtual card transaction occurs, the card network reports the merchant's MCC. Sardis maps MCCs to human-readable categories and checks them against your policy's
allowed_categoriesandblocked_categorieslists.
Category Reference
| Category | MCC Codes | Examples | Default |
|---|---|---|---|
saas | 5734, 5817 | Software subscriptions | Allowed |
cloud_infrastructure | 7372 | AWS, GCP, Azure, Vercel | Allowed |
developer_tools | 5734, 7372 | GitHub, JetBrains, Datadog | Allowed |
ai_services | 7372, 5818 | OpenAI, Anthropic, Replicate | Allowed |
advertising | 7311 | Google Ads, Meta Ads | Allowed |
office_supplies | 5111, 5943 | Staples, Office Depot | Allowed |
telecommunications | 4812, 4814 | Twilio, Phone services | Allowed |
shipping | 4215 | FedEx, UPS, USPS | Allowed |
travel | 3000-3299, 4511, 7011 | Airlines, hotels | Neutral |
food_delivery | 5811, 5812, 5814 | DoorDash, Uber Eats | Neutral |
retail | 5311, 5411, 5691 | Amazon, Walmart | Neutral |
gambling | 7800, 7801, 7802, 7995 | Casinos, lotteries | Blocked |
adult_content | 5967 | Adult entertainment | Blocked |
cash_advance | 6010, 6011 | ATMs, cash disbursements | Blocked |
quasi_cash | 6051, 6540 | Money orders, prepaid cards | Blocked |
securities | 6211 | Stock brokers, trading | Blocked |
wire_transfer | 4829 | Wire transfers | Blocked |
pawn_shops | 5933 | Pawn shops | Blocked |
Allowlist Mode (Recommended)
Only specified categories are permitted. Everything else is blocked.
policy = await client.policies.create(
wallet_id="wallet_abc",
rules={
"allowed_categories": ["saas", "cloud_infrastructure", "ai_services"],
# All other categories are implicitly blocked
},
)Blocklist Mode
All categories allowed except those explicitly blocked.
policy = await client.policies.create(
wallet_id="wallet_abc",
rules={
"blocked_categories": ["gambling", "adult_content", "securities"],
# All other categories are allowed
},
)Natural Language Examples
# All these create equivalent category policies:
policy = await client.policies.create_from_natural_language(
wallet_id="wallet_abc",
description="Only allow SaaS and developer tools",
)
# -> allowed_categories: ["saas", "developer_tools"]
policy = await client.policies.create_from_natural_language(
wallet_id="wallet_def",
description="Block gambling, adult content, and cash advances",
)
# -> blocked_categories: ["gambling", "adult_content", "cash_advance"]MCC Lookup Tool
# Python SDK
result = await client.mcc_lookup(code="5734")
# -> {"code": "5734", "category": "saas", "description": "Computer Software Stores"}
# Via MCP tool
sardis_mcc_lookup(code="7995")
# -> {"code": "7995", "category": "gambling", "description": "Betting/Casino/Lottery"}Best Practices
- Use allowlists over blocklists -- Safer default: only known-good categories are permitted
- Always block high-risk MCCs -- Gambling, cash advances, and quasi-cash are blocked by default
- Combine with merchant rules -- Use per-merchant overrides for fine-grained control
- Review unknown MCCs -- Some merchants use unexpected MCCs; monitor and adjust
- Use the MCC lookup tool -- Verify merchant categories before adding to policies