Introduction
- What it is: This MCC covers businesses that offer software development, data processing, and system design services.
- Risk level: Medium — Due to varying client projects, volatility in income may increase risk.
- Acceptance difficulty: Medium — Some financial institutions may scrutinize operations closely due to potential fraud concerns.
- Typical business models: software development firms; data analytics companies; IT consulting agencies; systems integration firms.
- For merchants: Expect moderate MDR rates; potential for reserve funds; comprehensive customer vetting may be needed.
- What PSPs expect: Documentation of services provided; proof of business legitimacy; a robust online presence showcasing past projects.
Payment Insights & Benchmarks
Merchants in this MCC should anticipate a relatively smooth payment experience, but with nuances depending on the payment methods used and the type of services offered. Understanding these dynamics can help in optimizing cash flow and minimizing disruptions.
Payment methods
Cards: Generally accepted, but may face occasional declines due to international processing rules or service fees.
- E-wallets: Popular for subscription services, offering quick transactions and user-friendly experiences.
- Bank transfers: Common for larger B2B transactions, though they can take longer to clear.
- Invoice payment solutions: Widely used in B2B contexts, providing flexibility for clients but requiring careful tracking of receivables.
- Cryptocurrency: Emerging option that can attract tech-savvy clients, though acceptance remains limited.
Authentication & security
3DS (3-D Secure) is often required, especially for high-ticket transactions, enhancing security but potentially impacting conversion rates.
- Regular updates on fraud trends are critical; many services are targeted for hacking due to their tech-centric nature.
- Strong customer authentication measures should be balanced with user experience to maintain conversion levels.
Benchmarks (indicative, not guaranteed)
MDR: May be elevated compared to standard e-commerce due to the technology focus.
- Rolling reserves: Typically low, but can vary based on service complexity and risk factors.
- Settlement times: Usually around 3-5 days, depending on the PSP.
- Chargeback ratios: Generally favorable, yet require monitoring to mitigate risks associated with service dissatisfaction.
- Approval rates: Generally higher for established services but can dip during high-traffic periods.
Key metrics to monitor
Payment refusal rates by method to identify potential issues early.
- Average transaction value to anticipate cash flow and revenue management.
- Chargeback trends to differentiate between legitimate issues and fraud.
- Customer payment preferences to optimize the experience and conversion rates.
- Tracking of recurring payment failures for subscription models.
Risk & Compliance
Merchants operating under the MCC 7372 face significant risks related to fraud and chargebacks, necessitating rigorous compliance measures. PSPs and acquirers seek to mitigate potential losses by ensuring that these businesses have strong processes in place to address these risks effectively.
Chargebacks & fraud
Commonly experienced friendly fraud as customers dispute legitimate transactions, often claiming they did not authorize them.
- Increased risk of chargebacks related to service delivery issues, delayed execution, or unsatisfactory outcomes.
- Mitigation tools include transaction monitoring systems, behavioral analytics, and clear documentation of service agreements.
AML/KYC expectations
Stringent identity verification, including customer ID checks and verification of business credentials for corporate clients.
- Sanctions checks against global lists to ensure compliance with anti-money laundering practices.
- Manual review triggers include unusual transaction patterns, high volumes, or discrepancies in the data provided during onboarding.
Operational red flags
Lack of transparency regarding business ownership or operational structure, leading to uncertainty in accountability.
- Inconsistent or unclear service delivery terms, potentially resulting in high disputation rates.
- Insufficient documentation or tracking of customer interactions that could complicate chargeback disputes.
- Presence of traffic sources from known fraudulent regions or unverified referral systems leading to client acquisition.
Onboarding Checklist
Merchants under the Computer Programming, Data Processing, and Integrated Systems Design Services MCC should prepare a complete onboarding package before approaching PSPs or acquirers. A well-structured submission improves approval chances and shortens review times.
Legal & corporate documents
company registration and incorporation documents
- disclosure of beneficial owners (UBO) and corporate structure
- valid licenses for the relevant business activities
- policies: Terms of Service, Privacy, AML/KYC, Refund Policy
Financials & risk management
recent financial statements and cashflow forecasts
- liquidity or reserve model for payouts
- description of antifraud setup and monitoring tools
Product & marketing
demo access or screenshots of the live software/platform
- marketing plan and traffic source overview (affiliates, SEO, PPC)
- geographic targeting information
- KYC flow details, including IDV providers and thresholds
Technical integration & security
payment architecture overview with supported methods/providers
- description of SCA/3DS flows, retry logic, and tokenization
- PCI DSS compliance status and data storage policy
Operations
customer support coverage (languages, 24/7 if available)
- SLA for dispute handling and chargeback response
- service delivery timelines and project scope descriptions
- internal process for chargeback investigation and documentation
Regulation & Licensing
Licensing and certification are essential for merchants in this MCC, as they ensure compliance with industry standards and regulatory requirements. The recognition of licenses depends heavily on the merchant’s jurisdiction and the specific markets they target.
Operator licenses
Software Development Licenses — required in several jurisdictions, allowing businesses to develop and distribute software.
- Data Protection Licenses — necessary for processing personal data and ensuring compliance with data protection regulations such as GDPR.
- Telecommunications Licenses — needed when offering services that require telecommunications, often overseen by national regulatory authorities.
- Business Licenses — local or state business registration that legitimizes operations within specific territories.
Geo-restrictions
Regions with strict data privacy laws may impose limitations on data processing services, impacting where the merchant can operate.
- Certain countries may restrict software services from foreign providers, requiring localized solutions or partnerships.
- Compliance with export controls can limit the availability of software to certain jurisdictions.
Certifications & audits
ISO 27001 for information security management systems, relevant for data handling and protection.
- SOC 2 compliance audits demonstrating proper security practices for data management services.
- PCI DSS compliance if handling any payment card information as part of the service.
- Regular IT security audits to ensure compliance with industry standards and regulations.
Official Definitions & Network Comparisons
This section shows how major card networks define this MCC and highlights practical differences that affect merchant onboarding.
| Network | Definition | Key notes |
|---|---|---|
| Visa | Computer programming, data processing, and integrated systems design services | Must provide detailed service descriptions; potential for AR/AP risk assessment |
| Mastercard | Programming and related services for data processing and systems integration | Requires compliance with service standards; monitor for fraud risk |
| American Exp. | Computer programming and data services | Higher risk assessment for new vendors; can impose additional underwriting |
| Discover | Data processing and integrated computer systems design services | Varies by sector focus; regional service limitations may apply |
Explanation:
The definitions across networks share core elements but vary in terminology and focus. Visa emphasizes detailed service descriptions, while Mastercard is more concerned with compliance to service standards. American Express has a more stringent underwriting process for new vendors, reflecting a cautious approach to risk, and Discover's policies can vary depending on sector focus. Issues such as inadequate service information and high-risk categories could lead to onboarding difficulties.
Alternative MCC Codes
Merchants often confuse this MCC with other categories. The table below shows which codes are related, why they are confused, and what risks misclassification brings.
| MCC | How it is used | Why confused | When acceptable | What is risky |
|---|---|---|---|---|
| 7371 | Computer Programming Services | “We provide software development” | Custom software development services | Misclassifying IT consulting as pure programming work |
| 7373 | Computer Integrated Systems Design | “We design systems” | Systems that integrate hardware/software | Misclassifying standalone hardware sales or services |
| 4816 | Computer Network Services | “We provide network support” | Services directly related to networking | Misclassifying services primarily for software under this MCC |
| 7699 | Repair Shops/Service Providers | “We fix computers and software” | General repair services for technology | Classifying data processing services as repair work |
Rule of thumb for merchants:
Ensure that your classification under MCC 7372 accurately reflects the primary activities of your business. If your services predominantly involve software development and integrated systems design, this MCC is appropriate; however, misrepresenting your services can lead to compliance scrutiny and potential account issues.
Best Practices for Merchants
Merchants under the MCC 7372 are involved in the provision of computer programming, data processing, and integrated systems design services. To mitigate risks and optimize payment processing, it is imperative to adopt best practices consistently.
Classification & transparency
always use the correct MCC to ensure compliance and avoid account risk
- provide clear disclosures on websites regarding services offered and terms of use
- maintain transparent billing descriptors that reflect the nature of the service
Fraud & chargeback reduction
implement 3DS or step-up authentication for transactions that exhibit high-risk factors
- ensure clear billing descriptors are used and provide immediate confirmations to customers
- keep detailed records of transactions and service deliveries to support evidence collection for disputes
Payment acceptance optimization
support various payment methods, including credit cards, digital wallets, and ACH transfers
- use geo-routing to direct transactions through optimal processors based on customer location
- test different payment service providers (PSPs) to identify the best performance for your services
Operational discipline
monitor key performance indicators (KPIs) such as customer acquisition costs, churn rates, and chargeback ratios
- conduct regular compliance audits and update operational protocols as necessary
- assign specific team members to manage payment disputes with established service level agreements (SLAs)
Payouts & liquidity
prepare liquidity buffers to accommodate rolling reserves typically required for high-risk services
- implement automated checks for anti-money laundering (AML) compliance on all substantial withdrawals
- consistently monitor payout schedules and withdrawal activity for any anomalies or suspicious patterns
Business Scope & Examples
This MCC encompasses businesses that specialize in providing computer programming, data processing, and integrated systems design services. Merchants classified under this category typically engage in creating software solutions, processing data for clients, and designing IT systems. The focus is on businesses that deliver technical services, often tailored to meet specific customer needs.
Models
custom software development firms
- IT consulting and systems integration services
- data processing companies (data entry, management)
- website design and development agencies
- cloud computing service providers
- mobile application development studios
Borderline cases
IT training services — institutions providing educational services in IT fields, often focused on teaching rather than delivering technical solutions.
- Freelance coding platforms — marketplaces that connect freelancers with clients for programming tasks; may offer broader services outside traditional MCC scope.
- Managed IT services — companies that provide ongoing IT support; can blend elements of consulting and technical service delivery.
Signals for correct classification
services involve creating custom software or IT solutions for specific client requirements
- business generates revenue through service contracts or project fees rather than physical goods
- company has a team of technical specialists focused on programming or systems design
Comments