MDRP Responsibilities

Any department accepting payment cards on behalf of Middlebury for gifts, goods or services (“Merchant Department”) must designate an individual (staff or faculty member) within that department who will have primary authority and responsibility for eCommerce and payment card transaction processing within that department. This individual will be referred to in the remainder of this policy statement as the Merchant Department Responsible Person or “MDRP”.

Physical Security and Skimming Prevention of Point of Sale Devices

Point of Sale systems (card reading devices used in card present transactions, referred to as Terminals) are subject to Physical Security Requirements in the PCI DSS V3.2, Requirement 9.

MDRP (or designee) Responsibilities for Point of Sale devices include, but are not limited to, the following:

Standards

PCI DSS is comprised of 12 requirements for protecting account data:

1.0: Install and maintain a firewall configuration to protect cardholder data.

2.0: Do not use vendor supplied defaults for system passwords and other security parameters.

3.0: Protect cardholder data.

4.0: Encrypt transmission of cardholder data across open, public networks.

5.0: Use and regularly update anti-virus software and programs.