Consumer payment channels are expanding rapidly with new technology, allowing consumers to pay virtually anywhere, from any device and in any way they choose. With the expansion of payment channels comes greater risks to the consumers and to the merchants who accept the payments. Payment security also continues to innovate, giving merchants new tools to protect cardholder data, prevent fraud and also protect their businesses from the risk of a data breach. As healthcare organizations evolve to accept more payment types, and as consumers owe more money for healthcare services, it’s important for healthcare organizations to be aware of the risks and options available to protect themselves and the consumers.
Encryption
In order to most effectively protect consumer payment card data, the data must be encrypted as soon as it is swiped or keyed, a process called point-to-point encryption (P2PE). P2PE is the most secure method of payment card security because once the data is encrypted, it is not decrypted until it arrives at the secured endpoint (the payment processor). Furthermore, no one can access the data at any point, including the merchant.
This method automatically segments the merchant network, separating systems that store, transmit or process cardholder data from those that don’t – cutting down the number of systems and devices that are exposed to possible data breaches. P2PE also reduces the scope of PCI requirements for the merchant, therefore simplifying compliance.
Ultimately, by encrypting payment card data at the point of service, healthcare organizations reduce their risk of data breaches, which can result in significant financial and reputational damages.
EMV
EMV technology integrates a “chip” into a credit card to increase fraud protection for card-present transactions. In healthcare, EMV would offer protection in the event that a patient tried to use a stolen credit card to pay for a co-pay at the point of service. With upcoming regulations around EMV, a merchant may be financially liable for card-present fraud if they have not implemented EMV by October 2015.
However, EMV alone does not protect payment data – it merely prevents fraud at the point of service. To ensure payment data is protected, merchants must use encrypted EMV technology.
Apple Pay®
Recently released and currently only available in 220,000 retail locations, Apple Pay allows consumers to make credit card payments at the point of service using near field communication (NFC) technology with an iPhone. This new payment channel not only offers consumers a quicker and more convenient way to pay, but also offers another layer of security. Credit card information is encrypted and stored directly on the phone and is never passed to the merchant or to Apple, decreasing the risk of a data breach.
InstaMed Payment Technology
While additional payment channels become available for healthcare merchants, it’s crucial that encryption is also in place. As InstaMed expands the healthcare payment channels for consumer-to-provider, consumer-to-payer and payer-to-provider payments, we also incorporate the latest best practices in security to ensure merchants and consumers are protected. Our payment technology was recently validated by Coalfire, a respected Payment Card Industry (PCI) Payment Application – Qualified Security Assessor (PA-QSA), in a white paper that discusses the latest in payment security. To download the white paper, click here.