Client Alert: Big Businesses Caught in the Crosshairs: Navigating the Rise in State AG Scrutiny

With the increased activity of state attorneys general, many companies today find themselves at the center of political battles over the role businesses play in driving social policy. We feature one recent example, as a case study and cautionary tale.

On September 2, 2022, American Express, Visa, and Mastercard received a letter from the attorneys general of California and New York calling for the companies to adopt merchant category codes for purchases at gun stores. A few weeks later, those same three companies received a letter from 24 other state attorneys general threatening the companies with criminal and civil legal action should the companies implement the codes. Satisfying one set of state AGs triggered another.

The issue arises from the practice of categorizing purchases on credit cards. Nearly every retail item has a four-digit merchant category code (MCC) which tracks where a consumer uses a credit card but does not flag the specific items purchased. MCCs exist for hundreds of businesses, including bookstores, newsstands, florists, bakeries, bowling alleys, and beauty salons. MCCs classify the type of business a retailer operates and reveal where a purchase was made; the codes do not disclose what products were purchased.

Until recently, the code credit card processors assigned to firearm retailers was a generalized merchandise or sporting goods category. The International Organization for Standardization (ISO)—a non-governmental international body that sets standards for the payment industry—recently approved a code to separately categorize sales at retailers whose primary business is firearm sales. Advocates say the new code can help track suspicious transactions of firearms and allow entities to report suspicious activity associated with gun trafficking and mass shootings. New York Mayor Eric Adams led a press conference demanding the companies take action. In a letter to the chief executives of American Express, Visa, and Mastercard, the California and New York’s attorneys general asserted that, “identifying unusual patterns of firearm and ammunition purchases could help to prevent a future mass shooting or reduce the risk of gun trafficking.” In separate letters to American Express, Visa, and Mastercard, 28 members of Congress urged the companies to adopt the new MCCs and described multiple instances of shooters using credit cards to finance firearms and ammunition used in mass shootings. The letters asked the companies to submit responses to various questions about the companies’ positions and histories with these issues.

By September 7, sources reported plans by all three companies to move forward with financial institutions to enable them to implement the new MCC categorization. Visa stated it would “proceed with next steps, while ensuring we protect all legal commerce on the Visa network in accordance with our long-standing rules.” Mastercard announced, “[w]e continue to support lawful purchases on our network while protecting the privacy and decisions of individual cardholders.” American Express said it will follow its usual business practices and work with third-party processors and partners to implement the code. The company stated, “[w]e are focused on ensuring that we have the right controls in place to meet our regulatory and fiduciary responsibilities, as well as prevent illegal activity on our network.” New York’s attorney general and gun violence prevention groups applauded the move. The following week, each company received a letter from more than 100 members of the House of Representatives. The letters called implementation of the codes “a transparent attempt to chill the exercise of constitutionally protected rights and to circumvent legal restrictions on the creation of firearm registries by the government.” The letters demanded that each company answer eight questions about their decision to comply with the ISO standard. Two days later, American Express, Visa, and Mastercard received a letter from 12 senators calling on the company to reverse the decision
to implement the new MCCs. The letter claimed that the changes were being pushed for “nefarious reasons, and is likely only step one with calls for declining to process gun sales altogether coming in the near future.” The letter accused the companies of being “more than unbiased network operators seeking to maximize value for your customers and shareholders” and claimed the companies “have become antigun activists [them]selves, wittingly or not.” The senators stated they may “intercede on behalf of [their] constituents” and requested that the companies answer nine questions.

Less than a week later, the companies received a letter from 24 state attorneys general challenging the legality of the new MCC codes. The letter argued that the codes would unfairly single out law-abiding merchants and consumers. The letter also argued that the information obtained from the codes “can only result in its misuse, either unintentional or deliberate,” creating a risk that information will be “leaked, discovered, hacked, or otherwise obtained and misused by those who oppose Americans exercising their Second Amendment rights.” The letter warned the companies that the state AGs “will marshal the full scope of [their] lawful authority to protect our citizens and consumers from unlawful attempts to undermine their constitutional rights” and that the companies should “keep that in mind as [they] consider whether to proceed with adopting and implementing this Merchant Category Code.” American Express, Visa, and Mastercard also faced pushback from other government officials and from the National Rifle Association (NRA). Florida’s Chief Financial Officer, for example, announced that, if the codes were implemented, he would seek to “pass a law penalizing businesses who are targeting the right to bear arms.” A representative of the NRA claimed, “[t]his is not about tracking or prevention or any virtuous motivation—it’s about creating a national registry of gun owners.”

For their part, the companies have emphasized that the ISO’s creation of an MCC for firearms retailers will not change the information the companies collect. Visa explained that “MCCs do not give Visa or any other payment network visibility into product-level data.” That is, regardless of the MCC applied to a purchase at a firearms retailer or anywhere, payment networks have no visibility into whether a customer bought ammunition, safety equipment, or any other specific product. The companies do not (and have no plans to) use the codes to collect data. Despite the companies’ commitment to continue to permit all lawful purchases on their networks, they remain at the center of the unwelcome controversy.

This instance is just the tip of the iceberg for companies in spaces regulated by state and federal actors. A move that appeases one actor will upset another, and these conflicting political currents are only getting stronger. Successful businesses today must navigate government scrutiny from numerous directions, including from state, federal, and local entities. Although the politicization of business is not new, the state AG dynamic has changed significantly in recent years, with state AGs shifting their focus from local issues to national issues. Counsel with recent experience from inside state AG offices is particularly valuable in advising companies facing fraught political pulls. Jenner & Block’s Government Controversies and State Enforcement & Regulation Practices brings together experienced lawyers from varied backgrounds who understand these complex issues and who can guide clients as they navigate state AG investigations and litigation, Congressional oversight, global legislative and regulatory battles, and more.

Related Locations

© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.

Client Alert: Big Businesses Caught in the Crosshairs: Navigating the Rise in State AG Scrutiny

With the increased activity of state attorneys general, many companies today find themselves at the center of political battles over the role businesses play in driving social policy. We feature one recent example, as a case study and cautionary tale.

On September 2, 2022, American Express, Visa, and Mastercard received a letter from the attorneys general of California and New York calling for the companies to adopt merchant category codes for purchases at gun stores. A few weeks later, those same three companies received a letter from 24 other state attorneys general threatening the companies with criminal and civil legal action should the companies implement the codes. Satisfying one set of state AGs triggered another.

The issue arises from the practice of categorizing purchases on credit cards. Nearly every retail item has a four-digit merchant category code (MCC) which tracks where a consumer uses a credit card but does not flag the specific items purchased. MCCs exist for hundreds of businesses, including bookstores, newsstands, florists, bakeries, bowling alleys, and beauty salons. MCCs classify the type of business a retailer operates and reveal where a purchase was made; the codes do not disclose what products were purchased.

Until recently, the code credit card processors assigned to firearm retailers was a generalized merchandise or sporting goods category. The International Organization for Standardization (ISO)—a non-governmental international body that sets standards for the payment industry—recently approved a code to separately categorize sales at retailers whose primary business is firearm sales. Advocates say the new code can help track suspicious transactions of firearms and allow entities to report suspicious activity associated with gun trafficking and mass shootings. New York Mayor Eric Adams led a press conference demanding the companies take action. In a letter to the chief executives of American Express, Visa, and Mastercard, the California and New York’s attorneys general asserted that, “identifying unusual patterns of firearm and ammunition purchases could help to prevent a future mass shooting or reduce the risk of gun trafficking.” In separate letters to American Express, Visa, and Mastercard, 28 members of Congress urged the companies to adopt the new MCCs and described multiple instances of shooters using credit cards to finance firearms and ammunition used in mass shootings. The letters asked the companies to submit responses to various questions about the companies’ positions and histories with these issues.

By September 7, sources reported plans by all three companies to move forward with financial institutions to enable them to implement the new MCC categorization. Visa stated it would “proceed with next steps, while ensuring we protect all legal commerce on the Visa network in accordance with our long-standing rules.” Mastercard announced, “[w]e continue to support lawful purchases on our network while protecting the privacy and decisions of individual cardholders.” American Express said it will follow its usual business practices and work with third-party processors and partners to implement the code. The company stated, “[w]e are focused on ensuring that we have the right controls in place to meet our regulatory and fiduciary responsibilities, as well as prevent illegal activity on our network.” New York’s attorney general and gun violence prevention groups applauded the move. The following week, each company received a letter from more than 100 members of the House of Representatives. The letters called implementation of the codes “a transparent attempt to chill the exercise of constitutionally protected rights and to circumvent legal restrictions on the creation of firearm registries by the government.” The letters demanded that each company answer eight questions about their decision to comply with the ISO standard. Two days later, American Express, Visa, and Mastercard received a letter from 12 senators calling on the company to reverse the decision
to implement the new MCCs. The letter claimed that the changes were being pushed for “nefarious reasons, and is likely only step one with calls for declining to process gun sales altogether coming in the near future.” The letter accused the companies of being “more than unbiased network operators seeking to maximize value for your customers and shareholders” and claimed the companies “have become antigun activists [them]selves, wittingly or not.” The senators stated they may “intercede on behalf of [their] constituents” and requested that the companies answer nine questions.

Less than a week later, the companies received a letter from 24 state attorneys general challenging the legality of the new MCC codes. The letter argued that the codes would unfairly single out law-abiding merchants and consumers. The letter also argued that the information obtained from the codes “can only result in its misuse, either unintentional or deliberate,” creating a risk that information will be “leaked, discovered, hacked, or otherwise obtained and misused by those who oppose Americans exercising their Second Amendment rights.” The letter warned the companies that the state AGs “will marshal the full scope of [their] lawful authority to protect our citizens and consumers from unlawful attempts to undermine their constitutional rights” and that the companies should “keep that in mind as [they] consider whether to proceed with adopting and implementing this Merchant Category Code.” American Express, Visa, and Mastercard also faced pushback from other government officials and from the National Rifle Association (NRA). Florida’s Chief Financial Officer, for example, announced that, if the codes were implemented, he would seek to “pass a law penalizing businesses who are targeting the right to bear arms.” A representative of the NRA claimed, “[t]his is not about tracking or prevention or any virtuous motivation—it’s about creating a national registry of gun owners.”

For their part, the companies have emphasized that the ISO’s creation of an MCC for firearms retailers will not change the information the companies collect. Visa explained that “MCCs do not give Visa or any other payment network visibility into product-level data.” That is, regardless of the MCC applied to a purchase at a firearms retailer or anywhere, payment networks have no visibility into whether a customer bought ammunition, safety equipment, or any other specific product. The companies do not (and have no plans to) use the codes to collect data. Despite the companies’ commitment to continue to permit all lawful purchases on their networks, they remain at the center of the unwelcome controversy.

This instance is just the tip of the iceberg for companies in spaces regulated by state and federal actors. A move that appeases one actor will upset another, and these conflicting political currents are only getting stronger. Successful businesses today must navigate government scrutiny from numerous directions, including from state, federal, and local entities. Although the politicization of business is not new, the state AG dynamic has changed significantly in recent years, with state AGs shifting their focus from local issues to national issues. Counsel with recent experience from inside state AG offices is particularly valuable in advising companies facing fraught political pulls. Jenner & Block’s Government Controversies and State Enforcement & Regulation Practices brings together experienced lawyers from varied backgrounds who understand these complex issues and who can guide clients as they navigate state AG investigations and litigation, Congressional oversight, global legislative and regulatory battles, and more.

Related Locations

© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.

News and Insights

Podcasts

Partner Laurel Loomis Rimon Discusses Fintech Enforcement, Debanking, and Regulatory Risk on Fintech Layer Cake Podcast

Partner Laurel Loomis Rimon was featured on the Fintech Layer Cake podcast, where she discussed how fintech enforcement and prosecution actually work in practice, and what exposes fintechs and banks to regulatory risk.

July 15, 2026

Publications

Supreme Court Clarifies Scope of Private Rights of Action Under the Investment Company Act, Private Equity Law Report

Partners Charles Riely, Todd C. Toral, and Martin Glass authored a guest article for Private Equity Law Report examining the US Supreme Court's June 11, 2026, ruling on the scope of private rights of action under the Investment Company Act of 1940.

July 14, 2026

Publications

Emily Loeb Discusses Congressional Oversight Preparedness in Bloomberg Law

Partner Emily Loeb, co-chair of Jenner & Block's Congressional Investigations Practice, spoke with Bloomberg Law article about how companies can prepare for potential oversight exposure ahead of this fall's midterm elections.

July 7, 2026

Publications

In New York Law Journal, The True Lender Doctrine and the OppFi Decision

Partners Jeremy Creelan, Michael Ross, Megan Poetzel, and Laurel Loomis Rimon, and Associate Molly Oberstein-Allen authored an article for the New York Law Journal examining the "True Lender" doctrine in light of a May 2026 California decision that provides the most detailed judicial framework to date for evaluating bank-nonbank lending partnerships.

July 1, 2026

Event

Partner Michael Vernick to Speak at NACUA's 2026 Annual Conference

On July 1, Partner Michael Vernick will speak on a panel at the National Association of College and University Attorneys (NACUA) 2026 Annual Conference in Nashville.

July 1, 2026