University of Illinois System
Policies & Procedures


1. What should we do if we think we've had a security breach?
Report the event immediately to Merchant Card Services ( or 217-244-9384). They will assess the situation and begin the necessary incident response plan. In addition, notify your campus Information Security office:

2. What card brands can merchant units accept?
The University can accept: Visa, MasterCard, American Express, and Discover. PIN-based debit cards can be accepted in face-to-face transactions through a payment card terminal or Point of Sale (POS) system. Although most units accept all of these cards, they are not required to.

3. What determines the transaction fees?
Each payment card transaction is assessed a fee (the discount rate). The fee amount is based on the:

  • Card-issuing bank
  • Type of payment card used (debit versus credit)
  • Transaction amount
  • Time between authorization and settlement
  • Overall perceived risk of the transaction

Fees accumulate for each merchant ID and are charged to the responsible unit each month. These fees are deducted from the C-FOAPALs used to post the revenue unless you make alternate arrangements with University Accounting and Financial Reporting (UAFR).


At this point, the University does not allow for its merchant units to pass credit card processing fees on to their customers in the form of credit card surcharges. Instead, it is recommended that merchants factor the anticipated expense into the price of their goods or services.

4. What credit/debit card transactions are prohibited?
Credit/Debit cards cannot be used for:

  • Tuition payment for a degree-granting program or other fees assessed and billed by Banner. These payments are handled by University Bursar and UI-Pay.
  • Cash advances or "cash back."
  • Giving a discount or charging more based on the method of payment.

5. Can we accept PayPal payments?
No, you cannot accept PayPal payments.

6. Are we subject to audits?
Yes. Merchant Card Services conducts periodic reviews of each unit to ensure that all policies and procedures are being followed. As always, all business operations are subject to formal audit by the Office of University Audits. Units found to be in non-compliance may lose the ability to process card transactions.

Last Updated: April 13, 2012 | Approved: Senior Associate Vice President for Business and Finance | Effective: November 2008