MC Professional implements multiple layers of security to protect your organization's data. This article describes each security measure and what it means for your account.
On this page
PCI compliance
PCI compliance is required for any organization that accepts credit card payments online. MC Professional is certified PCI compliant, meeting the credit card industry's standard for data security. Learn what this means for your organization.
Multifactor authentication
MC Professional offers an extra layer of protection for administrator access with multi-factor authentication (MFA). This feature requires administrators to enter a verification code sent by email before accessing the admin view of your MC Professional account.
Firewall protection
MC Professional uses a defense-in-depth approach, combining the built-in security features of Amazon Web Services (AWS) with additional security controls and tools. Regular penetration testing is performed by trusted third-party auditors.
SSL encryption
All data is protected with 128-bit Secure Sockets Layer (SSL) encryption. All financial data processed through the Form Module is transmitted via SSL.
Data center security
All MC Professional services run through Amazon Web Services (AWS), leveraging data centers trusted by some of the most highly regulated organizations in the world. For more information on how AWS data centers support security standards and compliance, see AWS compliance documentation.
Password protection
Access to private areas of your MC Professional account requires a unique username and password. MC Professional enforces admin password standards that follow best practices and meet PCI compliance guidelines.
All admin passwords must meet the following criteria:
- At least 12 characters long
- Include at least one uppercase letter
- Include at least one lowercase letter
- Include at least one number
- Include at least one special character
- Must not match any of your last four passwords
- Must not match your username
- Must not be easy to guess or appear in common password databases
Session timeout
Each login session expires after 60 minutes of inactivity to prevent unintended access. A notification appears before the session ends, giving the option to continue.
User group permissions
Administrators control what member information and product features each user type — such as members, staff, board members, or vendors — can access.
Data privacy
MC Professional stores your data and does not share it with third parties.
reCAPTCHA
MC Professional forms are protected by Google reCAPTCHA, which helps prevent automated bots from submitting spam or abusive entries. reCAPTCHA analyzes user behavior in the background and presents a challenge only when activity appears suspicious, minimizing friction for legitimate users.