Introduction
- What it is: This MCC covers businesses providing data processing and information services through computer networks.
- Risk level: Medium — The technical nature of transactions can raise fraud concerns.
- Acceptance difficulty: Medium — Processing companies may require additional documentation due to the service nature.
- Typical business models: web hosting companies; data storage providers; IT consultancy firms; cloud service providers.
- For merchants: Anticipate moderate MDR rates; potential for reserves based on transaction volume; thorough vetting during onboarding.
- What PSPs expect: Clear business plan; technical documentation detailing services offered; compliance with data security standards.
Payment Insights & Benchmarks
Merchants in the computer network/information services MCC should anticipate unique payment dynamics that often involve a mix of acceptance challenges and security considerations. Understanding these factors is essential to maintaining a robust payment strategy.
Payment methods
Cards: commonly accepted, but approval rates can be impacted by perceived risk and merchant profile.
- E-wallets: gaining traction for rapid transactions; however, some may impose fees.
- ACH transfers: a cost-effective option for larger transactions but may involve longer processing times.
- Invoicing and billing solutions: useful for B2B transactions, though they require strong collection processes.
Authentication & security
Strong Customer Authentication (SCA) is frequently mandated, increasing conversion costs.
- 3DS can mitigate fraud but may also lead to cart abandonment if customers perceive additional friction.
- Continuous fraud monitoring is critical; implementing adaptive security measures can optimize acceptance rates.
Benchmarks (indicative, not guaranteed)
MDR: can be higher than standard e-commerce, reflecting perceived fraud risk.
- Rolling reserves: may be necessary for higher-risk transactions, often exceeding average amounts.
- Settlement cycles: typically longer, generally around 5-10 days depending on transaction volume.
- Chargeback ratios: often elevated compared to other sectors due to digital nature of services.
- Approval rates: can vary significantly, especially in cross-border transactions.
Key metrics to monitor
Transaction approval rates segmented by payment method and region.
- Chargeback ratios, focused on distinguishing fraud-related disputes from legitimate customer service issues.
- Average transaction value to better assess cost versus sales dynamics.
- Customer lifetime value to evaluate the long-term impact of payment methods on profitability.
Risk & Compliance
Merchants under this MCC are closely scrutinized due to elevated financial and reputational risks. PSPs and acquirers typically apply stricter controls, expecting merchants to proactively address fraud, chargebacks, and AML/KYC compliance.
Chargebacks & fraud
High incidence of friendly fraud (“I didn’t authorize this transaction”) and bonus abuse, particularly with subscription services.
- Digital goods and services can be vulnerable to account takeovers and use of stolen credit cards.
- Mitigation tools include velocity checks, behavioral analytics, and tokenization to safeguard payment information.
AML/KYC expectations
Strong customer identity verification (IDV) processes with thorough sanctions and PEP checks.
- Continuous monitoring of transactions, particularly for subscriptions or large transactions, to identify potential money laundering activities.
- Manual review triggers include inconsistent user behavior, significant changes in spending patterns, or the use of disposable email accounts.
Operational red flags
Lack of transparency in ownership, especially for operations that use anonymous or shell companies.
- Unclear policies regarding refunds or account terminations, which can lead to customer dissatisfaction and chargebacks.
- Traffic sourced from regions with high fraud rates or unverified affiliates can raise concerns among PSPs.
- Insufficient measures for protecting user data and privacy, such as failing to implement adequate encryption and security protocols.
Onboarding Checklist
Merchants under the Computer Network/Information Services MCC should prepare a complete onboarding package before approaching PSPs or acquirers. A well-structured submission improves approval chances and shortens review times.
Legal & corporate documents
company registration and incorporation documents
- disclosure of beneficial owners (UBO) and corporate structure
- valid licenses for the relevant business activities
- policies: Terms of Service, Privacy, AML/KYC, Refund Policy
Financials & risk management
recent financial statements and cashflow forecasts
- liquidity or reserve model for payouts
- description of antifraud setup and monitoring tools
Product & marketing
demo access or screenshots of the live platform
- marketing plan and traffic source overview (affiliates, SEO, PPC)
- geographic targeting information
- KYC flow details, including IDV providers and thresholds
Technical integration & security
payment architecture overview with supported methods/providers
- description of SCA/3DS flows, retry logic, and tokenization
- PCI DSS compliance status and data storage policy
Operations
customer support coverage (languages, 24/7 if available)
- SLA for dispute handling and chargeback response
- deposit, bet, and payout limits; self-exclusion mechanisms
- internal process for chargeback investigation and documentation
Regulation & Licensing
Licensing and certification are crucial for merchants in this MCC, as they demonstrate compliance with industry standards and regulatory requirements. Recognition of licenses varies based on the merchant's jurisdiction and the specific markets they serve.
Operator licenses
Federal Communications Commission (FCC) — oversees communications by radio, television, wire, satellite, and cable in the United States.
- Licensed internet service providers (ISPs) must comply with regional regulations, which can vary widely by state and country.
- Data protection and privacy compliance licenses, such as GDPR certifications in the EU, are necessary for businesses handling personal data.
- Some jurisdictions may require specific cybersecurity licenses to ensure protection against breaches.
Geo-restrictions
Countries with strict internet regulations may limit or block services from unlicensed providers.
- In the EU, compliance with GDPR is mandatory for all digital businesses serving EU citizens, regardless of where they are based.
- Some regions prohibit foreign ISPs from operating without local licenses, impacting market access.
Certifications & audits
PCI DSS compliance is crucial for any merchant handling payment card information.
- Regular cybersecurity audits to ensure data protection measures are effectively implemented.
- GDPR compliance audits for businesses processing personal data of EU residents.
- ISO 27001 certification for information security management systems, demonstrating a commitment to data protection.
Official Definitions & Network Comparisons
This section shows how major card networks define this MCC and highlights practical differences that affect merchant onboarding.
| Network | Definition | Key notes |
|---|---|---|
| Visa | Services related to computer networking and data processing | Requires documentation on services offered; may require proof of technical support capabilities |
| Mastercard | Providers of computer network services, including software | May require compliance with data security standards; regional variations exist |
| American Exp. | Services encompassing computer network management and online information services | Stricter approval process; may assess business plans for scalability |
| Discover | Companies providing online information and computer network services | Focus on established business model; may impose limits on transaction volumes |
Explanation:
The definitions across networks highlight different aspects like “data processing” versus “network management,” which may affect how certain services are classified during onboarding. Notably, some networks may require specific security compliance or additional documentation. Common denial reasons can include insufficient evidence of service capacity, non-compliance with required standards, or an unclear business model.
Alternative MCC Codes
Merchants often confuse this MCC with other categories. The table below shows which codes are related, why they are confused, and what risks misclassification brings.
| MCC | How it is used | Why confused | When acceptable | What is risky |
|---|---|---|---|---|
| 4812 | Radiotelephone services | “We provide communication services” | Traditional telecommunication services | Broadband or internet services disguised as telecom |
| 5734 | Computer software stores | “We sell software as part of our service” | Retail sales of software | Misclassifying service-based software sales as retail |
| 4813 | Telephone communication services | “Our service includes phone connections” | Standard phone service providers | Online phone services or apps misclassified as telecom |
| 7372 | Computer programming services | “We offer programming as part of IT” | Custom software development for clients | Misclassifying general IT consulting or services as programming |
Rule of thumb for merchants:
If your primary business is providing network or information services related to computer systems, use MCC 4816. Misclassifying your services under alternative codes can complicate compliance and lead to potential account disruptions. Always choose the MCC that best reflects the core of your business activities.
Best Practices for Merchants
Merchants operating under the Computer Network/Information Services MCC must prioritize payment security and operational transparency to mitigate risks and enhance customer trust. Adopting the following best practices ensures smoother transactions and builds a sustainable relationship with payment service providers (PSPs).
Classification & transparency
always use the correct MCC; misclassification can lead to increased scrutiny and account issues
- provide clear information on services offered, geographic service areas, and compliance policies on your website
- ensure billing descriptors clearly reflect the nature of your services to avoid customer confusion
Fraud & chargeback reduction
implement 3DS or step-up authentication for high-risk transactions (e.g., larger payment amounts or unusual locations)
- use straightforward billing descriptors, and provide instant transaction confirmations through SMS or email to enhance customer awareness
- maintain detailed logs of transaction events and customer interactions to aid in dispute resolution
Payment acceptance optimization
offer multiple payment methods, including credit/debit cards, e-wallets, and local payment options, to cater to a broader audience
- route transactions based on geographic location or preferred payment methods to improve acceptance rates
- conduct A/B testing with different PSP providers to find the best performance for your specific business needs
Operational discipline
monitor key performance indicators (KPIs) such as approval rates, decline codes, chargeback ratios, and average revenue per transaction
- conduct regular compliance audits to ensure adherence to policies and best practices while updating procedures as needed
- designate a dedicated team or individual for managing disputes and establish clear response timeframes
Payouts & liquidity
maintain liquidity buffers to address rolling reserves and potential delays in payouts
- automate anti-money laundering (AML) checks for withdrawals, particularly for transactions above certain thresholds
- keep an eye on payout frequency and patterns to detect any irregular or suspicious withdrawal activities
Business Scope & Examples
This MCC encompasses businesses that provide computer network and information services, including those focused on telecommunications or data processing. Merchants classified under this category typically offer platforms for communication, information storage, or data management.
Models
Internet service providers (ISPs)
- Web hosting and domain registration services
- Data processing and data warehousing services
- Virtual private network (VPN) services
- Cloud computing solutions
Borderline cases
Software development firms — while they may utilize network services, their primary focus is not providing network access or information services directly.
- Mobile app developers — often rely on internet services for app functionality but don't inherently fall under this MCC unless they provide direct internet services.
Signals for correct classification
primary business model involves offering direct connectivity or data services
- service agreements are primarily about data transmission or hosting
- revenue is generated from ongoing service subscriptions or data access fees
Comments