Utility ServicesCardflo supports this MCC
MCC 4816

Computer Network & Information Services

Internet service providers, hosting and online information services.

What MCC 4816 covers

Merchant Category Code 4816 is the ISO 18245 identifier used by the card networks for computer network & information services. Acquirers, issuers and regulators use this code to set interchange, scheme fees, fraud rules and reporting categories for every transaction your business processes.

Internet service providers, hosting and online information services. Choosing the right MCC is critical: an incorrect code can lead to higher interchange, surcharges, or, in regulated categories, declined transactions and account holds.

This MCC encompasses internet service providers (ISPs), web hosting companies, data processing firms, and other online information service providers. Services generally involve recurring monthly or annual billing, with ticket sizes ranging from low-cost personal hosting plans to high-value enterprise network solutions.

Chargebacks often arise from 'services not rendered' (e. g.

, website downtime, internet outage), 'not as described' (e. g.

, slower speeds than advertised, missing features), or unauthorised use of services (e. g.

, phishing sites hosted on a server, account takeover generating unexpected charges). Fraudulent sign-ups are a concern, particularly for domain registrations or hosting, where services can be quickly exploited.

Compliance with PCI DSS is critical for handling cardholder data in this sector.

Cardflo's secure payment gateway, coupled with its advanced fraud detection and recurring billing capabilities, supports these merchants in managing continuous revenue streams while mitigating the risks associated with digital service provision and online fraud.

Acquirer & underwriting stance

Medium-risk standard board with monitoring. Risk factors include potential for service abuse by fraudsters (e.

g. , hosting illegal content), high churn, and service-related disputes.

Robust fraud prevention and clear service level agreements are essential. Reserves may be considered for newer entities or those with high churn/dispute rates.

How Cardflo handles MCC 4816

  • Underwriting with acquirers that actively board MCC 4816 businesses in your region.
  • Recurring-billing infrastructure designed for utility and metered-service bill runs.
  • Surcharge-rule support that meets local utility-regulator requirements.
  • Dunning and decline-recovery flows tuned to long-tenure subscriber bases.
  • Settlement and reconciliation aligned to monthly utility billing cycles.

Payment methods typically enabled

Credit Card
Debit Card
Direct Debit
PayPal
Bank Transfer

Common questions

What are the common chargeback reasons for web hosting and ISP services?

Common chargeback reasons include 'services not rendered' (e. g.

, prolonged downtime, failure to activate service), 'not as described' (e. g.

, inadequate bandwidth, missing features), and 'unauthorised transaction' (stolen credentials used for new accounts or upgrades). 'Fraudulent transaction' is also prevalent where services are provisioned to bad actors using stolen payment information for illicit activities like phishing or malware distribution.

How can internet service providers manage their fraud risk effectively?

ISPs can manage fraud by implementing multi-factor authentication for account access and changes, utilising advanced fraud screening tools at sign-up (including IP analysis, device fingerprinting, and email risk scoring), and collaborating with industry bodies to identify and block known fraudsters.

Limiting initial service allowances or requiring upfront payments for new customers from high-risk regions can also be effective.

Are there specific PCI DSS implications for web hosting companies and ISPs?

Yes, web hosting companies and ISPs typically have significant PCI DSS implications, especially if they directly store, process, or transmit cardholder data on their infrastructure, or if they offer payment gateways as part of their service.

They often fall under PCI DSS Level 1 or 2. Even if they outsource direct payment processing, their network infrastructure must be PCI compliant to ensure a secure environment for any transmitted card data.

Get started

Ready for velocity?

Tell us about your business. We'll match you with the right acquiring partners and the right route, typically inside a week.

Apply now