As every new year begins, consumer deductibles reset to their annual maximum amount that can range on average from $1,000 to $2,000 – up nearly 50% since 2009 (Kaiser Family Foundation). To prepare for increased consumer collections, healthcare organizations must evaluate their collection methods to ensure these consumers can quickly and conveniently make their payments, and more importantly, that their payments are secure.
We discussed in a previous blog post the latest innovations in payment technology and security, as well as the importance for healthcare organizations to be aware of the risks and options available to protect themselves and consumers. Now, let’s break out exactly what healthcare organizations need to know about new and existing payment technology to collect more from consumers in the new year, including the associated requirements and opportunities presented by each technology.
Point-to-Point Encryption (P2PE)
P2PE encrypts a consumer’s payment card information at the point of entry, where the risk of data breach is especially high, and is not accessible until it is decrypted by the payment processor.
Merchants must comply with the Payment Card Industry (PCI) Data Security Standards. While there are no explicit requirements for P2PE, new PCI P2PE rules are expected to be released in 2015.
P2PE significantly reduces PCI scope on merchant networks and systems that healthcare organizations use to collect payments, as well as the likelihood of a payment card data breach.
Europay, MasterCard and Visa (EMV)
EMV refers to payment cards issued with chip technology that requires new terminals for cards to be inserted while the consumer enters their PIN.
As of October 2015, healthcare organizations that have not implemented EMV acceptance will assume liability for card-present fraudulent transactions.
While EMV reduces card-present fraud, this type of fraud in healthcare is low. Healthcare organizations that accept payments at the point of service should pay special attention to requirements of EMV.
Tokenization replaces the actual payment card data that is being processed with a more secure and unique “token,” used for that transaction only.
Merchants are not required to implement tokenization technology. However, tokenization reduces their PCI DSS scope.
Tokenization significantly reduces PCI DSS scope on merchant networks and systems for healthcare organizations, as well as the likelihood of card data breach.
A digital wallet stores all of a consumer’s payment methods in one secure location. It also allows consumers to use their preferred payment method regardless of the payment types that the merchant accepts. Examples of digital wallets include Square Wallet, Pay with Amazon, SoftCard and Apple Pay.
Merchants are not required to accept payments from digital wallets.
Many digital wallets have a limited scope of use (i.e., online payments only) and there has not been much traction with consumers for any wallets now available. In fact, Google canceled their digital wallet, while PayPal and Square have been unable to introduce their wallets at the point of service. Yet, when Apple Pay was introduced to the market, it gained a considerable amount of attention from consumers.
Near Field Communication (NFC)
NFC is a capability of payment cards, and now phones, to transmit data by being “near” a payment terminal and is completely contactless.
Merchants are not required to accept payments from digital wallets; however to accept NFC payments, merchants must have specific payment devices.
NFC has not gained much usage by merchants or consumers – perhaps because NFC can only be used in point-of-service transactions. Apple Pay will use NFC for payments made at the point of service, which may increase consumer demand.
The Resolution for Healthcare Organizations in the New Year
Trends in healthcare payments show that consumer payments are a growing portion of the revenue for healthcare organizations. In the new year and beyond, healthcare organizations must understand how consumers are making payments, as well as ensure payments are collected efficiently and securely.