MDRP Responsibilities

Any department accepting payment cards on behalf of Middlebury for gifts, goods or services (“Merchant Department”) must designate an individual (staff or faculty member) within that department who will have primary authority and responsibility for eCommerce and payment card transaction processing within that department. This individual will be referred to in the remainder of this policy statement as the Merchant Department Responsible Person or “MDRP”.


PCI DSS is comprised of 12 requirements for protecting account data:

1.0: Install and maintain a firewall configuration to protect cardholder data.

2.0: Do not use vendor supplied defaults for system passwords and other security parameters.

3.0: Protect cardholder data.

4.0: Encrypt transmission of cardholder data across open, public networks.

5.0: Use and regularly update anti-virus software and programs.