MDRP Responsibilities

Any department accepting payment cards on behalf of Middlebury for gifts, goods or services (“Merchant Department”) must designate an individual (staff or faculty member) within that department who will have primary authority and responsibility for eCommerce and payment card transaction processing within that department. This individual will be referred to in the remainder of this policy statement as the Merchant Department Responsible Person or “MDRP”.

Click here to print the MDRP Responsibilities Checklist

All MDRPs must:

Ensure that all staff, contractors, student workers, volunteers, hereinafter referred to as agents of the College, complete the PCI Security Awareness Training & Agreement, upon hire and annually. A current listing of completed trainings is available at http://go.middlebury.edu/pcitrainingspreadsheet.

Verify and collect PCI DSS Compliance documentation, in accordance with the Service Provider Management tab, for Service Providers on an annual basis or upon major changes. The MDRP should retain a copy of the Attestation of Compliance (AOC) and submit a copy to the PCI DSS Compliance Team upon receipt.  

Validate compliance for the merchant department on an annual basis, by completing the Self- Assessment Questionnaire in collaboration with the PCI Compliance Team.

Ensure user access to cardholder data environment is revoked (notify the pcicomplianceteam@middlebury.edu ) when the individual’s job no longer requires access to the cardholder data environment. Maintain an audit log of user access to cardholder data environment for a minimum of one year. 

Be aware of all payment processes and practices within your merchant department. It is the responsibility of the MDRP to ensure Standard Operating Practices are known by all in your department, are adhered to, are in accordance with the PCI DSS and are approved by the PCI Compliance Team.  

Payment Card Terminals and Point of Sale (PoS) Devices:

Ensure all devices accepting payment card data are maintained under a state of consistent control and supervision.

Ensure Point of Sale devices/terminals (cash registers, stand-alone swipe terminals etc.) are physically secured.

Complete a Terminal Characteristics form and Monthly Physical Inspections for tampering or substitution. Systems not in use must be secured in a locked facility and regularly inventoried. Monthly Physical Inspection forms must be forwarded to the PCI Compliance Team upon completion of monthly  inspections.

Ensure that all agents of the College are trained on tampering and skimming prevention upon hire and at least annually. Please see Physical Security and Skimming Prevention.

Please read the Middlebury PCI Policy for Credit Card and eCommerce Payments for additional responsibilities.

Initiate the process in the event of a security incident or breach, see Security Breach Response

Please read the Middlebury PCI Policy for Credit Card and eCommerce Payments for additional responsibilities.
Individuals found to have violated the Middlebury PCI Policy for Accepting Credit Card and eCommerce Payments and the PCI WISP, whether intentionally or unintentionally, may be subject to disciplinary action including termination and could limit a department’s payment card acceptance privileges.

MDRP by department:

Department

MDRP

MDRP Email

Admissions

Nordmeyer, John

jnordmey@middlebury.edu

Athletics

Cota, Suzanne

scota@middlebury.edu

Bookstore

Jones- Poppe, Erin

ejonespoppe@middlebury.edu

Box Office

Anderson, Debby

danderso@middlebury.edu

Bread Loaf Writers Conference

Lamb, Jason

jlamb@middlebury.edu

Event Management

Reed, Mary

mreed@middlebury.edu

Golf Course

Cram, Derrick

dpcram@middlebury.edu

ITS- Middlebury & MIIS

Norris, Chris

cnorris@middlebury.edu

Library Circulation & Inter Library Loans

Gurney, Kim

kgurney@middlebury.edu

Mailing Services

Murray, Patty

murray@middlebury.edu

MIIS-CACS

Weidner, Emily

eweinder@miis.edu

MIIS-Cashier's Office

Rowe, Cheryl

crowe@miis.edu

MIIS-Office Services

Braswell, Naomi

nbraswell@miis.edu

MIIS-SFS

Garner, Regina

rlomboy@miis.edu

MIIS-Student Services

Arrocha, Ashley

aarrocha@miis.edu

Museum of Art

Lane, Mikki

mlane@middlebury.edu

New England Review

Kuebler, Carolyn

ckuebler@middlebury.edu

Office of Advancement - Middlebury & MIIS

Kiel, Stephen

skiel@middlebury.edu

Outdoor Programs

Connelly, Doug

dconnelly@middlebury.edu

Parton Health Center

Jack, Annette

jack@middlebury.edu

Public Safety

Torrey, Fawn

ftorrey@middlebury.edu

Registrar’s Office

Thompson, Jennifer

jenthompson@middlebury.edu

Retail Food Operations (Dining)

Pierce, Ken

kpierce@middlebury.edu

Rikert Nordic Center

Hussey, Mike

mhussey@middlebury.edu

Schools Abroad

Miller, Beth Q.

bqmiller@middlebury.edu

Snow Bowl

Mackey, Peter

mackey@middlebury.edu

Student Financial Services

Aube, Jane

jaube@middlebury.edu

Investment & Treasury Operations Office

Marbleworks Office Complex
152 Maple Street
Suite 102
Middlebury, VT 05753
Phone: 802-443-5751