MDRP Responsibilities

Any department accepting credit card and/or electronic payments on behalf of Middlebury for gifts, goods or services (“Merchant Department”) must designate an individual (staff or faculty member) within that department who will have primary authority and responsibility for eCommerce and credit card transaction processing within that department. This individual will be referred to in the remainder of this policy statement as the Merchant Department Responsible Person or “MDRP”.

Physical Security and Skimming Prevention of Point of Sale Devices

Point of Sale systems (card reading devices used in card present transactions, referred to as Terminals) are subject to Physical Security Requirements in the PCI DSS V3.2, Requirement 9.

MDRP (or designee) Responsibilities for Point of Sale devices include, but are not limited to, the following:

Service Provider Management

Third parties, with whom cardholder data is shared, are contractually required to adhere to the PCI DSS requirements and to acknowledge that they are responsible for the security of the cardholder data which they transmit, process, store or can affect the security thereof. Only the minimum amount of data needed to complete the transaction will be shared with a 3rd party.  All interaction must be documented and logged.