Audit Procedures

All processing departments undergo a payment card processing security audit semi-annually. The date of the audit is determined by Credit Card Operations in coordination with department availability. In order to prepare for the audit, department personnel involved in payment card processing need to ensure that:

1. All personnel involved in payment card processing are current with annual training offered by Credit Card Operations.
2. Departmental representatives must:

   • Log in to the cardops SAQ website

     • Prepare a Device Inventory list of computers that are utilized to access payment systems, login to payment systems, be utilized as a Kiosk or accept physical credit card payments 
     • Prepare an Access Control list of users that should/do have access to log in to Payment Systems 
     • Fill out Online Merchant Questionnaire or Physical or Virtual Acceptance SAQ
     • Fill out new Security Request forms for all users that should have access to Payment Systems

System Usage Waivers

Departments that use external systems to need to complete the System Usage Waiver to prepare for the audit.

This includes any system that:

• Connect to CASHNet or any other payment gateway
• Act as a payment gateway
• Accept Payments on behalf of the University of Arkansas, University of Arkansas Foundation or Arkansas Alumni Association

Credit Card Operations will contact you for your additional documentation. Additional documentation can be but is not limited to.  

• Contract with Vendor
• Vendor Attestation of PCI compliance
• Vendor’s last passing PCI ASV Scan