As part of our commitment to maintaining the highest standard of data security, the MC Trade application will be updated to meet all new standards set forth in the PCI Data Security Standard (PCI DSS) version 4.0, including all technical requirements designed to protect your account and cardholder data. The latest set of requirements will require several changes to the way back-office MC Trade users access the software, outlined below. Click here to learn more about PCI Compliance.
Implementing these changes will ensure that you are well-protected against security risks, and ensures that your organization meets important industry standards of data protection and privacy for your member data.
Click here for Frequently Asked Questions.
What are the key changes?
Higher Password Security Requirements
For back-office staff users logging in to MC Trade, we will begin requiring passwords that are a minimum of 8 characters, and include at least one uppercase, one lowercase, one number, and one symbol.
Starting on March 1, all MC Trade users will be prompted to update their password after logging in to meet these new requirements. Click here to learn more.
Multi-Factor Authentication
For back-office staff users logging in to MC Trade, access to the database will require a secondary code entered after successfully entering the password, emailed to the authenticating user.
The new login flow will require the user to enter their email, then password, then the 6-digit code sent to the user’s email. This new flow will go into effect on March 19. If the user had not yet reset their password prior to March 19, they will also need to use the “Reset Password” link on the login page to set a new password meeting the requirements outlined above. All users must have a valid email associated with their account to be able to log in to MC Trade after this date. Click here to learn more.
Deprecation of Cardholder Data in Public REST API
For any third-party vendors who are using the MC Trade Public Rest API, several subcollections that contain cardholder data will no longer be returned as of March 15, 2025. No endpoints are being deprecated and this change should be backward compatible with any existing integrations using the affected endpoints, as long as no cardholder data was being used in the integration. The following collections will be removed from the noted request endpoints:
RegistrationCreditCardTransactionDetailDto
RegistrationCreditCardTransactionDetailDto
If you use any of the five API endpoints listed above, ensure no data is being pulled from the specific collection listed as part of your integration. All other data outside of the specified CreditCardTransaction collections will remain in place.