These policies and procedures are for any MIT party who has applied for and been approved to become an MIT merchant. Payment Card Industry (PCI) Compliance will be from two levels: MIT and the PCI Council overseer of the credit card industry.
MIT requires all merchants to:
- Adhere to the policies and to the Merchant Statement
- Complete the annual renewal form.
MIT also requires, as part of the overall PCI compliance effort, that every merchant:
- Complete a Self Assessment questionnaire.
- Agree to penetration testing by a third party provider
If any one merchant does not comply with these policies, it will put the entire MIT merchant community at risk of compliance and could increase our PCI level, which would require more stringent compliance testing and potential audits.
Reconciliation Training: MIT Learning Center via Atlas
These policies and procedures are for any MIT party who has applied and been approved to become an MIT merchant. Payment Card Industry (PCI) Compliance will be from two levels: MIT and the PCI Council overseer of the credit card industry.
This general policy is being updated.
For complete policy information, please reference the individual policies below.
MIT merchants are required to complete the Self-Assessment questionnaire, a standard questionnaire issued through the PCI Security Council. The sections related to the technical environment will be addressed centrally, but merchants must complete and sign off on sections related to how they handle their own credit card processing.
The Compliance team maintains the questionnaires centrally and will make them available to the bank that processes the MIT credit card activity. The bank is responsible for setting compliance levels and can and will fine any merchant who is not in compliance.
TrustKeeper is the certified remote assessment and compliance solution that MIT uses to complete SAQs annually.
PCI DSS (Payment Card Industry Data Security Standard) is a requirement if a merchant agrees to accept credit cards as a form of payment and is intended to help merchants protect their customers from fraudulent transactions.
Annually, merchants will be required to complete a Self Assessment form issued through the PCI Security Standards Council regarding their policies and procedures related to credit card processing. To be compliant, merchants will need to sign this statement and answer each question to the best of their ability. By strictly limiting what MIT does with credit cards, our scope of compliance becomes very limited.
In addition, MIT agrees to be scanned by an independent third-party scanning provider. The third party will attempt to penetrate MIT's systems. Should it succeed, it will report to us any vulnerability and the source of the vulnerability that MIT will need to fix to stay within PCI compliance.
We are committed to preserving your privacy. We use the information that you provide — name, address, and telephone number, sensitive credit card information (card number, CVV/CVC/CID codes, retail track data, etc.) — to process your order and maintain our transaction records. The information will not be used for any commercial or philanthropic purpose not directly connected with or supported by MIT without your consent.
We are committed to providing you with a safe online experience. The software we use for processing credit card payments employs secure encryption technology (SSL) to reduce the possibility of theft, manipulation, and other alteration of any information that you provide to us.
We employ other companies and individuals to processing credit card payments. They have access to personal information needed to perform their functions, but may not use it for other purposes.
We release account and other personal information when we believe release is appropriate to comply with the law or to protect the rights, property, or safety of MIT or our customers. This does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in violation of the commitments set forth in this policy.
Any changes to our policy will be posted on this page. Any information collected prior to the changes will not be subject to the new policy without your consent. The information will remain subject to the policy at the time it was provided to us. Once the change in policy is posted, any new information that you provide and/or information associated with new orders will be subject to the new policy.
If you have questions or concerns about this policy or need to update your customer information, please send email to firstname.lastname@example.org.