To comply with MIT's policy that NO credit card information will be stored on campus anywhere in any format (e.g. servers, PC's, file drawers, and spreadsheets), MIT has adopted the Payment Card Industry's (PCI) Data Security Standards. Compliance with all 12 standards is required of all entities on campus that store, process, or transmit cardholder data (e.g. banks and card associations).
Effective July 1, 2008, MIT merchants are using the PCI compliant provider (Cybersource), and are expected to comply with MIT policies and procedures, submit to annual self-assessments and renew their merchant status annually.
For more information see Credit Card Processing @ MIT.