MDRP Responsibilities

Any department accepting credit card and/or electronic payments on behalf of Middlebury for gifts, goods or services (“Merchant Department”) must designate an individual (staff or faculty member) within that department who will have primary authority and responsibility for eCommerce and credit card transaction processing within that department. This individual will be referred to in the remainder of this policy statement as the Merchant Department Responsible Person or “MDRP”.
 
All MDRPs must:
  • Execute on behalf of the relevant Merchant Department the Process to Implement Acceptance of Credit Cards for Payment detailed below.
  • Ensure that all employees (including the MDRP), contractors and agents with access to payment card data (within the relevant Merchant Department) complete the PCI Security Awareness Training & Agreement, at http://go.middlebury.edu/pcidss.  The training consists of a security awareness video, review of Middlebury PCI Policy and electronically sign the PCI Security Awareness and Confidentiality Statement.  Training must be completed upon hire and at least annually.  The MDRP should forward the PCI Security Awareness and Confidentiality Statement to PCI Compliance Team upon request.  
  • Ensure that all credit card data collected by the relevant Merchant Department, in the course of performing Middlebury business, is secured. 
  • Ensure all Point of Sales (POS) devices, including cellular based stand-alone swipe terminals and point of sale systems, are maintained under a state of consistent control and supervision. **The Cashiers Office has a cellular card swipe terminal for loan to staff/departments that have completed the PCI Security Awareness and Confidentiality Statement.  
  • Ensure Point of Sale devices/terminals (cash registers, stand-alone swipe terminals etc.) are physically secured.  Complete a Terminal Characteristics form, Monthly Physical Inspection checklist, for tampering or substitution. Systems not in use must be secured in a locked facility and regularly inventoried. Retain inspection log for a minimum of one year.  **Please see Physical Inspection of PoS-Skimming Prevention.
  • Ensure all Point of Sale (POS) devices have updated patches and anti-virus with up to date logging.  Retain logging and audit trail history for a minimum of one year. 
  • Service Provider Management - verify and collect PCI DSS Compliance Certificates or PA-DSS Validation certificate (POS systems) on all service providers within the relevant Merchant Department on an annual basis.  The MDRP should retain a copy of the certificates and submit a copy to the PCI DSS Compliance Team upon receipt.  
  • Ensure user access to cardholder data environment, within the relevant Merchant Department, is revoked when the individual’s job no longer requires access to the CDE. Maintain an audit log of user access to cardholder data environment for a minimum of one year. 

Please read the PCI Policy for additional responsibilities.

MDRP by department:

Department

MDRP

MDRP Email

Athletics

Quinn, Erin

quinn@middlebury.edu

Bookstore

Jones- Poppe, Erin

ejonespoppe@middlebury.edu

Box Office

Anderson, Debby

danderso@middlebury.edu

Bread Loaf Writers Conference

Lamb, Jason

jlamb@middlebury.edu

Event Management

Reed, Mary

mreed@middlebury.edu

Golf Course

Daly, Chris

cdaly@middlebury.edu

Golf Course

Dayton, Jim

jdayton@middlebury.edu

History- Starr Axinn Center

Wilkinson, Claire

cwilkinson@middlebury.edu

ITS- Middlebury & MIIS

Norris, Chris

cnorris@middlebury.edu

Language Schools

Gennarelli, Kara M.

kgennare@middlebury.edu

Library Circulation & Inter Library Loans

Gurney, Kim

kgurney@middlebury.edu

Mailing Services

Murray, Patty

murray@middlebury.edu

MIIS-Alumni Relations

Anda, Maureen

manda@miis.edu

MIIS-CACS

O'Dell, Grace

godell@miis.edu

MIIS-SFS

Garner, Regina

rlomboy@miis.edu

MIIS-Student Services

Arrocha, Ashley

aarrocha@miis.edu

Museum of Art

Lane, Mikki

mlane@middlebury.edu

New England Review

deCourval, Lexa

decourva@middlebury.edu

Office of Advancement

Sweet, Timothy

tsweet@middlebury.edu

Office of Advancement- APP

Andres, Molly

mandres@middlebury.edu

Parton Health Center

Jack, Annette

jack@middlebury.edu

Public Safety

Torrey, Fawn

ftorrey@middlebury.edu

Registrar’s Office

Thompson, Jennifer

jenthompson@middlebury.edu

Retail Food Operations (Dining)

Pierce, Ken

kpierce@middlebury.edu

Rikert Nordic Center

Hussey, Mike

mhussey@middlebury.edu

Schools Abroad

Miller, Beth Q.

bqmiller@middlebury.edu

Schools Abroad

Mayers, Bill

wmayers@middlebury.edu

Snow Bowl

Mackey, Peter

mackey@middlebury.edu

Student Financial Services

Aube, Jane

jaube@middlebury.edu