Quick Reaction to Credit Card Companies’ decision to monitor gun store purchases
This is a rapid reaction piece and I ask some questions, some of which no doubt have clear answers I just don’t know because I’m writing this quickly. Any answers or suggestions would be most welcome.
A little while back I wrote against the idea that credit card networks should try to track firearm sales through the use of Merchant Category Codes (MCC). Well, I guess we know who doesn’t read Discourse Magazine because Visa, Mastercard, and American Express have all announced that they will begin using a new MCC for gun stores after the International Organization for Standardization (ISO) established one last week. The move comes after pressure from gun control advocates and (surprise) large public pensions in blue states who pressured the card companies to begin tracking sales. Details are still sketchy, but this move creates a lot of questions, some of which I will discuss below. Unsurprisingly I suspect this will end up being a mistake that leads to further polarization and politicization of financial services, but here we are.
1. What is this supposed to accomplish?
Why is this being done? Advocates of the move have argued that it might prevent straw purchases of firearms (where someone buys a gun for someone else who is prohibited from owning them) or mass shootings if credit card companies and banks can spot suspicious activities and alert law enforcement. As evidence advocates have cited a couple of instances where people who went on to commit a mass shooting ran up significant credit card debt buying firearms and ammo shortly before the shooting.
While preventing violence is clearly a worthy goal, it remains unclear how effective this will actually be in doing so. For reasons I explain in more detail here, there is real reason to doubt the effectiveness of this information in preventing violence given that the vast majority of credit card purchases from “gun stores” (however that is defined) are lawful. If the definition of “suspicious” is drawn broadly the noise will likely drown out the signal. If it is defined narrowly, it will likely miss things or be susceptible to evasion. And this is all assuming a degree of effectiveness to our SAR process that is not in evidence under the current burdensome system, let alone one with additional burdens placed on it.
Now, a cynic could argue that the real purpose of this is not to create an effective means to prevent violence but rather as a means to stigmatize legal but undesired behavior, chill people engaging in that behavior via paranoia, assert dominance over an important and generally seen as neutral institution (the payments system), and be seen as “doing something.” A cynic could say that, but we are not cynics here at FinRegRag, so we won’t.
2. Who does this apply to?
It is not at all clear what stores will get the new MCC. While news reports mention that the new code won’t apply to “big box” retailers it is unclear who would count. The paradigmatic example is probably someone like Wal-Mart where firearms are a small portion of overall activity, but what about a place like Cabela’s, where hunting and shooting are clearly large part of both their business and their aesthetic, but it is not at all clear that firearms sales represent a majority of their revenue? What is the standard that is going to be used to make the determination? Percentage of revenue? Percentage of card purchases? Marketing? How is this MCC going to be applied?
Further, who makes this determination? Will it be the merchant themselves taking an election? Will the card company assign it? Will it be a third-party payment processor? Assuming it isn’t the merchant themselves what information will the assigning party need to get access to make this determination? Clearly firms get assigned MCCs all the time, but chances are MCC assignments are generally noncontroversial, and this one is not.
3. How does this work?
Ok, so we have a new MCC for gun stores, now what are we going to do with it? Will the credit card companies monitor transactions for “suspicious” activity and alert law enforcement? If the credit card companies don’t proactively disclose information to law enforcement what is the point? After an act of violence occurs the MCC records for the suspect’s purchases from a retailer are at best redundant given the background check records that law enforcement can already get access to.
If the credit cards do proactively disclose “suspicious” customer activity, under what authority will they do that? Suspicious activity reporting is generally done pursuant to legal requirements and standards established by statute and regulation. What law applies to this? How is “suspicious” defined? Is it a dollar amount? A series of transactions? It does not appear that the credit card companies have item level data (e.g. what was actually purchased) but only merchant level. So if someone spends $15,000 at a “gun store” are they buying a bunch of guns and ammo to go on a shooting spree, or are they buying a high end precision rifle and optic to take up competition shooting? Heck, if stores like Cabela’s qualify for the new MCC the customer might be buying a bass boat.
If these disclosures are done pursuant to a legal requirement there may be constitutional implications, as government forcing disclosure of information related to constitutionally protected behavior may cause a “chilling effect” that could lead to the requirement being struck down, but if that is the case it is the regulator who is in trouble. But what if these disclosures aren’t mandatory but rather done voluntarily by the credit card companies? Could that open them up to legal trouble?
4. How might states react?
Another question is how state might react to this. Of course, California, New York, Massachusetts and similar states all support this move. But what about states like Florida, Texas, and Tennessee? How might they respond?
One possibility is that the states seek to protect their citizens privacy by trying to prohibit the use of this MCC. It is not clear whether they could do this or if the card companies enjoy some sort of federal preemption, but that need not stop a state from trying, especially since the trend (ironically driven largely by progressives) has been towards greater skepticism of federal preemption on financial matters. One could imagine a state passing a law prohibiting the use of the MCC and giving the card holder a private right of action (and perhaps high statutory damages) if the MCC was used. Such a move may not survive legal challenge, but it might, and either way it would be thorn in the side of the card companies.
The other possibility is that this opens the door for more conservative states, and their public pension funds, to pressure card companies to keep more precise records for vendors like abortion clinics. Abortion opponents could justify such a demand on the same grounds as proponents of the current move, to prevent violence. Further, unlike owning a firearm, there is no right to an abortion under the U.S. Constitution under current precedent, so states may feel they can be even more aggressive without running afoul of constitutional limitations.
Whether this would be good policy is highly, highly debatable, but it is hard to argue it wouldn’t be good politics. The credit card companies have announced they are willing be dragged into political fights, it will be hard for politicians who wish to accomplish some goal, or placate some constituency, to not use the tools at their disposal. The credit card companies should not get to complain about this either, since they willingly chose to make themselves available.
Optimistically, it is possible this will prove to be a tempest in a teapot, but it could also be another grim milestone on the road to the politicization of everything. The goal of those involved is laudable, but the means are dubious, and will likely have further undesirable consequences. Or in the immortal words of Admiral Painter: