Introduction
- What it is: This MCC represents businesses involved in virtual asset service provision, including cryptocurrencies.
- Risk level: High — Exposure to market volatility and regulatory scrutiny increases perceived risks.
- Acceptance difficulty: Very High — Many PSPs are cautious due to potential fraud and compliance issues.
- Typical business models: cryptocurrency exchanges; digital wallet providers; asset management for digital currencies.
- For merchants: Higher MDR rates; possible reserve requirements; thorough risk assessments during onboarding.
- What PSPs expect: Comprehensive business documentation; detailed anti-money laundering (AML) procedures; operational transparency on transactions.
Payment Insights & Benchmarks
Merchants operating within the VASP MCC (Virtual Asset Service Providers) in Brazil should prepare for a payment landscape characterized by high regulatory scrutiny and fluctuating acceptance rates. Navigating this environment requires understanding the dynamics of payment methods, chargeback risks, and financial benchmarks unique to the sector.
Payment methods
Cards: acceptance can be limited by issuer preferences and regional regulations, often resulting in lower approval rates.
- E-wallets: popular among consumers for quick transactions, though the fees can vary widely based on the provider.
- Bank transfers: frequently used for larger transactions; however, they can introduce higher settlement times.
- Crypto payments: gaining traction, but adoption varies greatly by PSP and customer willingness.
- Prepaid cards: a choice for privacy-conscious users, providing a buffer against chargebacks.
Authentication & security
3DS and strong customer authentication (SCA) are generally mandated to mitigate fraud risks.
- While these measures reduce unauthorized transactions, they may lead to increased cart abandonment due to friction.
- Continuous fraud monitoring, inclusive of transaction patterns and user behavior, is essential to adapt to evolving threats.
Benchmarks (indicative, not guaranteed)
MDR: typically higher than standard e-commerce due to fraud risk and regulatory costs.
- Rolling reserves: may be substantial, often in the range of double digits.
- Settlement times: usually extended, often exceeding 7 days.
- Chargeback ratios: frequently above industry averages, reflecting the challenges in this sector.
- Card approval rates: generally lower; alternative methods may see higher success rates.
Key metrics to monitor
Authorization success rates segmented by payment method and geography.
- Chargeback rates categorized by type (fraud vs. service-related).
- Decline reasons and their impact on customer experience.
- Average transaction sizes and their correlation with chargeback instances.
Risk & Compliance
Merchants operating under the MCC 3036 (Virtual Asset Service Providers in Brazil) face significant scrutiny due to the evolving landscape of regulations and compliance requirements in the cryptocurrency and digital asset sectors. PSPs and acquirers impose rigorous standards, expecting merchants to mitigate risks related to fraud, chargebacks, and anti-money laundering (AML) and know-your-customer (KYC) obligations.
Chargebacks & fraud
Common types of fraud include payment fraud with stolen cards and deceptive schemes to obtain cryptocurrency through false promises or investments.
- Customers may dispute transactions claiming unauthorized access or misrepresentation of asset values, leading to chargeback issues.
- Effective fraud mitigation tools include behavioral analytics, transaction velocity checks, and geo-blocking to limit access from high-risk regions.
AML/KYC expectations
Enhanced due diligence is required for customer identity verification, including thorough screening against sanctions lists and politically exposed persons (PEPs).
- Merchants should implement strong source-of-funds verification mechanisms, especially for large transactions or abnormal trading patterns.
- Manual review triggers may include unusual patterns such as high-frequency trading or transfers linked to anonymous wallets.
Operational red flags
Lack of transparency regarding beneficial ownership and operational control raises concerns for PSPs and acquirers.
- Insufficient verification of customer backgrounds or inadequate transaction monitoring systems can lead to compliance issues.
- Relationships with unverified affiliates or unclear partnerships involving traffic sources may signal increased risk.
- Absence of clear policies for withdrawals or conversions from fiat to cryptocurrency could lead to operational challenges and regulatory scrutiny.
Onboarding Checklist
Merchants under the VASP MCC (Virtual Asset Service Providers) in Brazil should prepare a complete onboarding package before approaching PSPs or acquirers. A well-structured submission improves approval chances and shortens review times.
Legal & corporate documents
company registration and incorporation documents
- disclosure of beneficial owners (UBO) and corporate structure
- valid licenses for operating as a virtual asset service provider
- policies: Terms of Service, Privacy, AML/KYC, Refund Policy
Financials & risk management
recent financial statements and cashflow forecasts
- liquidity or reserve model for managing virtual asset transactions
- description of antifraud setup and monitoring systems
Product & marketing
demo access or screenshots of the live platform
- marketing plan highlighting traffic sources and user acquisition strategies
- geographic targeting information for virtual assets
- KYC flow details, including identity verification providers and thresholds
Technical integration & security
overview of payment architecture with supported methods/providers
- description of SCA/3DS flows, retry logic, and tokenization practices
- PCI DSS compliance status and data storage policies
Operations
customer support setup (coverage, languages, and availability)
- SLA for dispute resolution and chargeback handling
- limits for deposits and withdrawals; mechanisms for customer protection
- internal procedures for investigating chargebacks and fraud incidents
Regulation & Licensing
Licensing and certification are critical for merchants in this MCC, as PSPs and acquirers will require proof of compliance before onboarding. Recognition of licenses depends heavily on the merchant’s jurisdiction and the markets they target.
Operator licenses
Comissão de Valores Mobiliários (CVM) — Brazil's primary securities regulator, overseeing licenses for VASPs operating within the country.
- Banco Central do Brasil (BCB) — regulates financial institutions, including cryptocurrency services, ensuring compliance with national regulations.
- FinCEN (Financial Crimes Enforcement Network) — U.S. recognition may be sought for those offering services across borders to U.S. customers.
- Some international registrations may provide a pathway for operations but often require explicit local compliance.
Geo-restrictions
Brazil has specific regulations that restrict operations of unlicensed VASPs.
- Various jurisdictions have different rules on the treatment of cryptocurrency transactions, impacting acceptance by local PSPs.
- Cross-border transactions may face scrutiny and limitations if not compliant with local laws.
Certifications & audits
AML (Anti-Money Laundering) compliance audits are mandatory to ensure transaction transparency and prevent illicit activities.
- Security audits for protecting user data and funds, particularly in handling digital wallets and exchanges.
- Periodic compliance reports to regulatory bodies, demonstrating adherence to local regulations.
Official Definitions & Network Comparisons
This section shows how major card networks define this MCC and highlights practical differences that affect merchant onboarding.
| Network | Definition | Key notes |
|---|---|---|
| Visa | Virtual currencies and digital assets | Requires regulatory compliance in Brazil; geo restrictions apply |
| Mastercard | Financial services related to virtual assets | Must meet local regulations; may require specific licensing |
| American Exp. | Transactions involving cryptocurrencies | Enhanced due diligence; potential for high-risk categorization |
| Discover | Digital currencies and related activities | Only approved merchants; restrictions based on compliance |
Explanation:
While the terminology may differ slightly among networks, they generally align in their definitions regarding virtual assets and cryptocurrencies. The emphasis on regulatory compliance is critical for approval. Specific licensing and jurisdictional compliance are often needed, as well as a higher level of scrutiny for transactions in this sector. Common rejection reasons include non-compliance with local laws, inadequate licensing, and concerns about the stability of the business model.
Alternative MCC Codes
Merchants often confuse this MCC with other categories. The table below shows which codes are related, why they are confused, and what risks misclassification brings.
| MCC | How it is used | Why confused | When acceptable | What is risky |
|---|---|---|---|---|
| 6012 | Financial institutions | “We process financial transactions” | Banks and traditional financial services | Non-banking activities misclassified as banking |
| 6051 | Non-financial institutions | “We handle digital transactions” | Payment processing outside traditional banks | Misclassifying crypto transactions as traditional finance |
| 7299 | Other business services | “We offer various payment services” | General service providers not related to finance | Misuse of this code for financial activities |
| 8999 | Professional services | “We provide consulting on blockchain” | Consulting and advisory services | Hiding financial transactions under professional services |
Rule of thumb for merchants:
If your business is primarily involved in virtual asset services or cryptocurrency, it should fall under MCC 3036. Using an alternative code can lead to compliance issues, including audits or account closures. Always prioritize accurate classification to avoid risks.
Best Practices for Merchants
Merchants operating under the VASP MCC in Brazil must navigate a complex environment that emphasizes compliance and risk management. Adhering to best practices is essential to enhance acceptance rates, mitigate disputes, and foster strong partnerships with payment service providers (PSPs).
Classification & transparency
always use the correct VASP MCC to ensure proper classification and avoid account issues
- provide clear disclosures about your business model, including any geographic restrictions and required compliance policies
- maintain transparency in your transaction descriptors to minimize customer confusion
Fraud & chargeback reduction
implement 3DS or step-up authentication for transactions flagged as high-risk based on criteria such as location and transaction amount
- utilize clear billing descriptors and ensure timely communication with customers through instant confirmation messages
- keep detailed logs of transaction events to provide evidence for chargeback representments and reduce dispute losses
Payment acceptance optimization
enable multiple payment methods (credit/debit cards, wallets, local payment options) to better serve varied customer preferences
- optimize routing of transactions based on geography or payment method, leveraging A/B testing to evaluate PSP performance
- consider using separate Merchant Identification Numbers (MIDs) for different product lines or geographic regions to manage compliance effectively
Operational discipline
establish key performance indicators (KPIs) to monitor metrics such as authorization rates, chargeback ratios, and overall transaction performance
- conduct regular compliance audits to ensure adherence to internal policies and regulatory requirements
- designate a dedicated team or individual to manage disputes, ensuring prompt and efficient resolution processes
Payouts & liquidity
maintain sufficient liquidity buffers to accommodate rolling reserves and longer settlement periods common in crypto transactions
- implement automated anti-money laundering (AML) checks for withdrawals, particularly for larger transactions, to enhance compliance
- monitor the velocity of payouts and scrutinize withdrawal patterns for signs of suspicious activity
Business Scope & Examples
This MCC applies to businesses primarily involved in virtual asset services, particularly those facilitating the exchange, transfer, or management of cryptocurrencies and related digital assets. Merchants within this category typically operate platforms that enable customers to buy, sell, or trade virtual assets and may provide associated financial services.
Models
cryptocurrency exchanges (trading platforms for buying and selling digital currencies)
- digital wallets (services for storing and managing cryptocurrencies)
- blockchain-based financial services (loans, interest-earning accounts for virtual assets)
- cryptocurrency ATMs (machines allowing users to purchase cryptocurrencies using cash)
- token issuance platforms (platforms for launching new digital tokens or initial coin offerings)
Borderline cases
NFT marketplaces — platforms for buying and selling non-fungible tokens; these may not fit into this MCC unless they facilitate cryptocurrency transactions.
- Peer-to-peer (P2P) lending platforms — services that allow users to lend or borrow cryptocurrency directly; often require closer scrutiny to determine classification.
Signals for correct classification
platform enables users to convert fiat currency into cryptocurrencies directly
- business provides features for the custodial management of virtual assets
- services include trading fee structures based on transaction volumes or asset conversions
Comments