We’re experiencing some exceptionally cold temperatures across the continental U.S. this January. We’ve definitely bumped the thermometer up a few notches in the Dermer household, and this bitter cold a little more bearable as a result.
This got me thinking: how can you turn up the heat on payment security so that folks at your healthcare organization feel a little more comfortable about the protection of sensitive payment information on your network?
(It’s a logical next question for a Security Officer.)
Let’s think about your security program like it’s the polar vortex. The polar vortex is a large area of low pressure and cold air surrounding both of the Earth’s poles. The term “vortex” refers to the counter-clockwise flow of air that helps keep the colder air near the poles. Think of the sensitive payment data on your network as the cold air the polar vortex contains near the poles. A strong security program keeps that data contained; a weak program exposes that data to risk.
With the terms of this metaphor defined, here are some things to consider when “turning up the heat” on payment security at your healthcare organization.
A Strong Security Program Keeps Data Contained and Safe From a Breach
The polar vortex is not unique to the winter months. It exists year-round, but weakens in the summer and strengthens in the winter. When the polar vortex is strong, it keeps the flow of arctic air well-contained, so it does not leak out away from the poles. When the polar vortex is weak, the flow of arctic air becomes disorganized and masses of cold air can push toward the equator, creating a rapid drop in temperature.
When it comes to winter weather, we prefer a strong polar vortex. For payment security, we prefer a strong security program.
To develop a strong security program at your healthcare organization, the first step is to use a payment processor that is a PCI Level One Service Provider. This ensures that your transmitted payments from your organization are processed in compliance with Payment Card Industry Data Security Standards. However, that won’t mitigate every risk associated with accepting payments at your organization. You need to do more, and you need to cater your security program to the different channels through which you collect payments.
For point-of-sale payments, the best way to strengthen security is to leverage point-to-point encryption (P2PE). To do this, choose a payment solution that is PCI-Validated P2PE v2.0. That way, you can ensure that you are accessing the highest level of security for payment card data stored and processed on your organization’s systems.
For online payments, you can strengthen security by leveraging tokenization. Tokenization works by replacing sensitive payment data with a unique identification – or, token – that represents the payment data without compromising its security. The strongest tokenization will ensure that sensitive payment data never touches your organization’s servers, which produces two important benefits: you will be able to reduce your PCI scope by up to 90 percent and you’ll be able to deliver a seamless online payment experience that will appeal to consumers.
Unmonitored Security Programs Will Weaken Over Time
Shifting back to our polar vortex metaphor: the polar vortex doesn’t just experience varying degrees of strength throughout the year, it also strengthens and weakens as a whole from year to year. Similarly, your security program is unlikely to stay stagnant. It will either strengthen from effective monitoring and upkeep, or it will weaken if it is ignored. I don’t think I need to tell you that the former option is the better one. Show your security program the love it deserves by dedicating the right team and resources to develop and strengthen it throughout the year.
Payment Security in Healthcare Is Not a New Phenomenon – And It’s Not Going Away, Either
Many people think that the “polar vortex” is a new phenomenon and may be the result of changes in weather behavior. Actually, the polar vortex is a consistent weather feature, but the term has just become popularized lately. Almost the same can be said for payment security in healthcare. There has always been a need for payment security, but recent headlines about data breaches and the increase in criminal attacks specifically targeting the healthcare industry have brought payment security into the spotlight. However, the increase in consumer out-of-pocket healthcare costs necessitates that we protect payment data at healthcare organizations even more than before.
Even if the risks of processing and storing payment information at healthcare organizations lessen (e.g., out-of-pocket costs decrease, cybercriminals target a different industry), the risks are never going to go away. The financial and reputational risks of a data breach are too great for healthcare organizations to stop paying attention to payment security. So keep monitoring your security programs, keep looking for new and better ways to protect payment data, and keep turning up the heat on payment security at your healthcare organization.