MCC 3501–3999

Hotels and Lodging

Applications

Decisions

Identities

Transactions

Underwriting Cheat Sheet

In the ever-evolving landscape of payment processing, a thorough understanding of Merchant Category Codes (MCC) is vital for merchants and financial institutions alike. MCC codes 3501–3999 are specifically designated for hotels and lodging, covering a broad spectrum of accommodation services. This guide from Gratify offers an in-depth exploration of these MCC codes, providing valuable insights into their characteristics, associated risks, and best practices for managing merchant relationships within the hospitality industry.

Typical Business Types

MCC 3501-3999 is assigned exclusively to hotels, motels, resorts, and other lodging establishments.

Hotels and Motels

Standard lodging options for travelers.

Resorts and Spas

Luxury accommodations offering additional amenities.

Vacation Rentals

Short-term rentals of homes, apartments, or condos.

1. High Level Information for Payment Processors
2. Key Risks and Concerns
3. Common Fraud Signals
4. Underwriting Tips
5. Example Scenarios and Red Flags
6. Common Underwriting Questions
7. Ongoing Monitoring

High Level Information for Payment Processors

Transaction Types:

Advance Deposits: Partial payments to secure future reservations.
Full Prepayments: Payments made in full at the time of booking.
On-site Payments: Settling bills upon check-out, including incidental charges.
Cancellation Fees: Charges applied for late cancellations or no-shows.

Common Payment Methods:

Credit and Debit Cards: Primary methods for reservations and payments.
Digital Wallets: Growing acceptance of Apple Pay, Google Pay, and PayPal.
Mobile Payments: Use of apps and QR codes for seamless transactions.
Corporate Accounts: Direct billing arrangements with companies for employee travel.

Unique Business Characteristics:

Seasonal Demand: Fluctuations based on holidays, events, and tourist seasons.
High Average Ticket Size: Larger transaction amounts due to extended stays or luxury services.
Future Delivery of Services: Advance bookings with services rendered at a later date.
Dynamic Pricing Models: Rates varying based on demand, occupancy, and booking channels.

‍

Overwhelmed with Applications?

Gratify offers instant merchant application enrichment to get the full picture of your customers in real-time

Learn about the fast way to onboard merchants

Key Risks and Concerns

Fraud Risks:

Card-Not-Present (CNP) Transactions: Increased risk with online and phone bookings.
Stolen Credit Card Use: Fraudulent bookings using compromised card information.
Chargeback Fraud: Customers disputing legitimate charges after receiving services.
Identity Theft: Use of fake IDs or stolen personal information during check-in.

Regulatory Challenges:

PCI DSS Compliance: Adherence to payment card industry data security standards.
Data Protection Laws: Compliance with GDPR, CCPA, and other privacy regulations.
Local Licensing and Taxation: Meeting municipal regulations and lodging tax requirements.

Chargeback Triggers:

Disputed Charges: Unexpected fees or unauthorized transactions.
Service Complaints: Dissatisfaction with accommodations or services rendered.
Cancellation Policy Disputes: Misunderstandings regarding refund eligibility.
No-Show Charges: Customers disputing fees for missed reservations.

‍

Common Fraud Signals

Mismatch of Booking and Cardholder Information: Different names, addresses, or contact details.

Last-Minute Reservations: Bookings made shortly before arrival, especially for high-value rooms.

Unusual Requests: Demands for third-party payments or cash advances.

Multiple Reservations: Several bookings under different names using the same payment method.

High-Risk Locations: Reservations from regions known for higher fraud rates.

Excessive Declines: Multiple declined transactions before a successful charge.

Underwriting Tips

Business Verification:

Confirm the merchant's operating licenses and certifications.
Verify the physical address and existence of the lodging establishment.

Financial Assessment:

Review financial statements to evaluate stability and profitability.
Analyze average transaction sizes and monthly processing volumes.

Risk Evaluation:

Examine historical chargeback ratios and dispute records.
Assess the effectiveness of existing fraud prevention measures.

Policy Review:

Ensure transparent cancellation and refund policies are in place.
Check that terms and conditions are clearly communicated to customers.

Reputation Analysis:

Research online reviews and ratings on platforms like TripAdvisor and Yelp.
Investigate any history of legal issues or regulatory penalties.

Reserve Requirements:

Consider implementing rolling reserves or delayed funding to mitigate risk.

Example Scenarios and Red Flags

Surge in International Bookings:

A local hotel experiences a sudden influx of international reservations paid with foreign credit cards, potentially indicating fraud.

High Volume of Refunds:

An establishment shows an unusually high rate of refunds or cancellations, which may suggest booking manipulation or poor service quality.

Third-Party Payments:

Guests attempt to pay with cards not in their name or request charges to be split among multiple cards.

Inconsistent Transaction Data:

Discrepancies between the billing address and IP location used during online booking.

Repeated Booking Attempts:

Multiple failed payment attempts followed by a successful charge could indicate card testing.

Common Underwriting Questions

Business Operations:

What types of accommodations do you offer (e.g., luxury hotel, budget motel, vacation rental)?
How many rooms or units are available for booking?
Do you operate seasonally or year-round?

Payment and Cancellation Policies:

What are your policies regarding deposits, prepayments, cancellations, and refunds?
How are these policies communicated to customers?

Security Measures:

What verification processes are in place during check-in?
Do you use any fraud detection tools or services for online bookings?

Customer Service:

How do you handle customer complaints and disputes?
What is your average response time for resolving issues?

Compliance and Certifications:

Are you compliant with PCI DSS and other relevant data security standards?
Do you adhere to local and international privacy laws (e.g., GDPR)?

Marketing and Sales Channels:

Through which channels do you receive bookings (own website, OTAs, travel agents)?
Do you offer promotions or discounts that might affect transaction patterns?

Ongoing Monitoring

Transaction Monitoring:

Implement real-time monitoring to detect unusual transaction patterns.
Set alerts for high-risk activities, such as large refunds or chargebacks.

Regular Compliance Checks:

Conduct periodic reviews to ensure ongoing adherence to PCI DSS and other regulations.
Update security protocols in response to new threats.

Chargeback Analysis:

Analyze chargeback reasons to identify and address underlying issues.
Work with the merchant to implement strategies that reduce disputes.

Customer Feedback:

Monitor reviews and ratings to gauge customer satisfaction.
Address negative feedback promptly to improve services and reduce complaints.

Merchant Communication:

Maintain open lines of communication for updates on business changes.
Provide resources and training on fraud prevention and compliance.

Adjust Risk Parameters:

Update risk assessments based on changes in transaction volumes, average ticket sizes, or market conditions.

‍