MDRP Responsibilities

Any department accepting credit card and/or electronic payments on behalf of Middlebury for gifts, goods or services (“Merchant Department”) must designate an individual (staff or faculty member) within that department who will have primary authority and responsibility for eCommerce and credit card transaction processing within that department. This individual will be referred to in the remainder of this policy statement as the Merchant Department Responsible Person or “MDRP”.
All MDRPs must:
  • Execute on behalf of the relevant Merchant Department the Process to Implement Acceptance of Credit Cards for Payment detailed below.
  • Ensure that all employees (including the MDRP), contractors and agents with access to payment card data (within the relevant Merchant Department) complete the PCI Security Awareness Training & Agreement, at  The training consists of a security awareness video, review of Middlebury PCI Policy and electronically sign the PCI Security Awareness and Confidentiality Statement.  Training must be completed upon hire and at least annually.  The MDRP should forward the PCI Security Awareness and Confidentiality Statement to PCI Compliance Team upon request.  
  • Ensure that all credit card data collected by the relevant Merchant Department, in the course of performing Middlebury business, is secured. 
  • Ensure all Point of Sales (POS) devices, including cellular based stand-alone swipe terminals and point of sale systems, are maintained under a state of consistent control and supervision. **The Cashiers Office has a cellular card swipe terminal for loan to staff/departments that have completed the PCI Security Awareness and Confidentiality Statement.  
  • Ensure Point of Sale devices/terminals (cash registers, stand-alone swipe terminals etc.) are physically secured.  Complete a Terminal Characteristics form, Monthly Physical Inspection checklist, for tampering or substitution. Systems not in use must be secured in a locked facility and regularly inventoried. Retain inspection log for a minimum of one year.  **Please see Physical Inspection of PoS-Skimming Prevention.
  • Ensure all Point of Sale (POS) devices have updated patches and anti-virus with up to date logging.  Retain logging and audit trail history for a minimum of one year. 
  • Service Provider Management - verify and collect PCI DSS Compliance Certificates or PA-DSS Validation certificate (POS systems) on all service providers within the relevant Merchant Department on an annual basis.  The MDRP should retain a copy of the certificates and submit a copy to the PCI DSS Compliance Team upon receipt.  
  • Ensure user access to cardholder data environment, within the relevant Merchant Department, is revoked when the individual’s job no longer requires access to the CDE. Maintain an audit log of user access to cardholder data environment for a minimum of one year. 

Please read the PCI Policy for additional responsibilities.

MDRP by department:



MDRP Email


Quinn, Erin


Jones- Poppe, Erin

Box Office

Anderson, Debby

Bread Loaf Writers Conference

Lamb, Jason

Event Management

Reed, Mary

Golf Course

Daly, Chris

Golf Course

Dayton, Jim

History- Starr Axinn Center

Wilkinson, Claire

ITS- Middlebury & MIIS

Norris, Chris

Language Schools

Gennarelli, Kara M.

Library Circulation & Inter Library Loans

Gurney, Kim

Mailing Services

Murray, Patty

MIIS-Alumni Relations

Anda, Maureen


O'Dell, Grace


Garner, Regina

MIIS-Student Services

Arrocha, Ashley

Museum of Art

Lane, Mikki

New England Review

deCourval, Lexa

Office of Advancement

Sweet, Timothy

Office of Advancement- APP

Andres, Molly

Parton Health Center

Jack, Annette

Public Safety

Torrey, Fawn

Registrar’s Office

Thompson, Jennifer

Retail Food Operations (Dining)

Pierce, Ken

Rikert Nordic Center

Hussey, Mike

Schools Abroad

Miller, Beth Q.

Schools Abroad

Mayers, Bill

Snow Bowl

Mackey, Peter

Student Financial Services

Aube, Jane