MDRP Responsibilities

Any department accepting credit card and/or electronic payments on behalf of Middlebury for gifts, goods or services (“Merchant Department”) must designate an individual (staff or faculty member) within that department who will have primary authority and responsibility for eCommerce and credit card transaction processing within that department. This individual will be referred to in the remainder of this policy statement as the Merchant Department Responsible Person or “MDRP”.
 

Service Provider Management

Third parties, with whom cardholder data is shared, are contractually required to adhere to the PCI DSS requirements and to acknowledge that they are responsible for the security of the cardholder data which they transmit, process, store or can affect the security thereof. Only the minimum amount of data needed to complete the transaction will be shared with a 3rd party.  All interaction must be documented and logged.

Physical Security and Skimming Prevention of Point of Sale Devices

Point of Sale systems (card reading devices used in card present transactions, referred to as Terminals) are subject to Physical Security Requirements in the PCI DSS V3.1, Requirement 9.

MDRP (or designee) Responsibilities for Point of Sale devices include, but are not limited to, the following:

PCI DSS

CLICK HERE FOR THE MIDDLEBURY PCI POLICY

CLICK HERE FOR THE PCI DSS V3.1

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS v3.1) is a standard that has been implemented by the major payment card brands.  We are contractually obligated, with our acquirer, to abide by these standards if we choose to accept payment cards as a form of payment.

PCI DSS Compliance Team

Email:  PCI Compliance Team

Kim Downs-Burns, Chair

802-443-5308

kdowns@middlebury.edu

Jane Aube

802-443-5790