Guest Blogger: Jeff Lin, Senior Vice President of Product Management, InstaMed
Recently, I wrote an article about how the healthcare industry faced a massive shift with the “other” October 2015 deadline: the EMV fraud liability shift. While many were focused on the ICD-10 transition, I listed the essentials to how EMV works and what providers could do to prepare.
October 1, 2015 has come and gone, but I am still hearing confusion and misinformation in the industry regarding how to manage the transition to EMV-capable cards and point-of-service (POS) devices. Below, I have outlined the essentials to ensuring a complete EMV-ready solution that meets the highest levels of security and compliance.
The Impacts of EMV in Healthcare
Before we can discuss EMV-ready solutions, let me take a step back to define EMV and review its impacts in healthcare. The term EMV stands for Europay, MasterCard and Visa. EMV is a global standard for authenticating credit and debit card transactions with integrated circuit cards, or “chip cards” at capable point of sale (POS) terminals.
In healthcare, EMV offers protection in the event that a patient tried to use a counterfeit credit card to make a payment during an office visit for their responsibility, such as a copay, deductible or self-payments. The EMV-fraud liability shift could have significant financial implications if a healthcare provider accepts a fraudulent payment card during a visit without an EMV-certified payment solution. This risk will only grow as patients pay directly for their healthcare expenses and now more often, for larger amounts. According to the Trends in Healthcare Payments Annual Report: 2014, the average patient payment transaction is $143 compared to $128 in 2011
It is important to note that healthcare merchants will be required to upgrade their POS devices for the EMV fraud liability shift. With the rapid increase of consumer payment responsibility, it will be worth investing in devices that can also capture payments made with NFC (near field communication) technology, including Apple Pay® and Android Pay™, which meets evolving consumer demand for omnichannel payments.
The Importance of EMV Certification
EMV certification ensures that the payment terminal and POS software are able to process payment transactions in accordance with the specifications for all four major card brands. It is a long, arduous process to become certified, which can take many months and hundreds of man-hours to complete. Yet, it is shockingly easy for a payment vendor to self-attest to meeting these standards or proclaim that they are “EMV ready.” (Important to note: Most gateway solutions do not complete the EMV certification.)
How can organizations ask the right questions of a vendor that self-attests to being compliant? Ask to see the letters of certification, including the EMV certification. With this due diligence, you can ensure that your vendor has met the highest levels of security and compliance, and demonstrates the highest level of commitment to protecting payment data in the healthcare industry.
Comprehensive Healthcare Payments Solution
Healthcare organizations can trust that their POS transactions are not liable for possible fraudulent POS transactions when they work with an EMV-certified vendor. However, this will only offer one layer of protection when collecting payments from consumers. Organizations must take an enterprise-level view and full-stack approach across their organizations, everywhere payments are accepted, including over the phone, online, mobile and in the back office.
To most effectively protect all payment data, merchants must use credit card encryption technology wherever they may collect payments, which allows all credit cards to be encrypted at the point of sale and in the back office. Additionally, embedded payment solutions allow providers to securely collect payments online and from mobile devices without ever having credit card data passing through the networks. (Learn more in the InstaMed Developer Portal.)
Point-to-point encryption (P2PE) is the most secure method of payment card security because once the data is encrypted, it is not decrypted until it arrives at the secured endpoint (the payment processor). P2PE isolates the payment data to ensure that sensitive data is not leaked or accessed at any point, reducing the risk of a breach. This solution coupled with a certified and compliant EMV solution will deliver security and simplicity to healthcare providers.
Learn How to Protect Your Organization
Download our white paper with Coalfire for the most comprehensive guide on healthcare payment compliance and security. For more information about EMV and encryption, visit our frequently asked questions.