Payment devices enable healthcare organizations to collect patient payments at critical touchpoints throughout a patient encounter, such as check-in, phone calls to the back office or even mobile workstations. When selecting payment devices, healthcare organizations need to consider a lot of factors, especially when it comes to security and convenience. Here are answers to some commonly asked questions about payment devices in healthcare.
How can we ensure our payment devices are secure?
The best way to ensure your payment devices and your network is secure is to not store any card data at all. Instead, you should outsource card processing to a PCI DSS compliant service provider. Make sure you work with a trusted payment vendor who understands payment security and compliance for healthcare organizations. Here are a few tips for selecting a payment vendor.
You also want to make sure your devices are protected with point-to-point encryption (P2PE). P2PE is a methodology for securing credit card data by encrypting it from the time a card is swiped or keyed until it reaches a secure endpoint where it is decrypted.
Are P2PE and PCI-Validated P2PE different?
There are a few differences between a PCI-Validated P2PE solution and a non-validated solution. A key difference is that a validated solution has completed the detailed security requirements and testing procedures outlined by the PCI Council to ensure that the solution meets the necessary requirements to protect payment card data. A full assessment of the solution is completed by a Qualified Security Assessor (QSA) who then submits the assessment to the PCI Council for review and approval.
Another difference is that healthcare organizations that leverage a PCI-Validated P2PE solution qualify for a different self-assessment questionnaire, the SAQ P2PE. Additionally, the use of a PCI-validated P2PE solution enables healthcare providers to expand payment opportunities for patients with the confidence that they are processing payment card information securely.
InstaMed is a PCI-Validated P2PE Solution Provider. View InstaMed’s solution on the PCI DSS website and see which devices we support with our PCI-Validated P2PE solution, then learn more about InstaMed Healthcare Payments P2PE.
If we use devices that enable chip cards to be inserted, can we process EMV transactions?
Not necessarily. Having an EMV-capable device is not enough to actually process EMV transactions – your merchant processing solution needs to be able to support EMV as well (read: Why Doesn’t My EMV Work?). Your vendor needs to become EMV-certified with every processor they work with, every card brand and every device they offer. Not only is the certification process difficult and time-consuming, it also costs hundreds of thousands of dollars each time a vendor goes through the process. Ultimately, a lot of roadblocks can pop up, usually as a result of handoffs between your gateway, processor and acquirer.
To make sure your organization is able to process EMV transactions, you want to work with a payment vendor who has full accountability and ownership of the end-to-end healthcare payments infrastructure, from the point where you capture payment information through to the funding, settlement and reconciliation of that payment and data. A vendor like this also makes it easier to accept other payment innovations, like NFC.
Is it necessary to be able to accept NFC/contactless payments?
NFC payment options – such as Apple Pay – enable quick and convenient payment experiences at the POS. Instead of digging for their wallet and pulling out a payment card, a consumer can simply hold up their phone to a payment terminal to make a payment.
Apple Pay might not seem like the go-to option for patients in a healthcare scenario, but the payment method is more popular than you might think. In a recent blog post, InstaMed Security Officer Noah Dermer explained the growing popularity of contactless payments and a recently issued mandate that European retailers must ensure that POS devices are contactless-enabled by 2020.
Do you have more questions about payment devices? We’ll be hosting a device showcase at the InstaMed User Conference 2018, April 9-11 in Philadelphia, PA. There’s still time to register for this one-of-a-kind healthcare payments event!