Healthcare organizations not implementing newer debit/credit card processing terminals by October 1 will be financially liable for fraudulent financial transactions.
And it’s not just healthcare providers at risk, but all types of merchants across the nation. Credit and debit card issuers—who have long eaten the costs of fraudulent transactions—are passing on the liability if providers and other merchants aren’t using technology to make card transactions more secure.
The technology that card issuers want used is EMV (Europay, MasterCard, Visa), in which a chip is put in the card. Many consumers today still use traditional swipe cards, but as new cards are issued they typically include the chip.
There actually are two types of EMV cards, says Chris Seib, CTO and co-founder of claims clearinghouse and revenue cycle vendor InstaMed. One type has a chip and a pin and the other type has a chip and requires a signature. Either way, the chip makes it more difficult for thieves to swipe data. While the chip/pin combination offers two-factor authentication, many card issuers are wary of issuing cards with a pin, as they may just take another card out of the wallet to complete the transaction, Seib explains. So, most EMV, which issuers have been preparing for over several years, is the chip/signature version.
It is important to remember that EMV is fraud prevention technology and a liability shift; it provides some security but is not by itself a security tool, Seib says. However, the EMV terminals support both chip/pin and chip/signature transactions, so providers and other merchants using EMV technology won’t be liable for fraudulent transactions.
Seib advises going two steps further to encrypt transactions and offer Android and Apple phone pay capability by tapping the phone on the terminal, a convenience mobile customers increasingly want. Both added services won’t cost much more, he adds.
InstaMed has been supporting EMV since mid-2014 and while newer clients have it, 90 percent of older ones aren’t yet on. Interest is rapidly rising, but more education and awareness is needed to get healthcare ready for the October deadline, Seib says. In particular, larger hospitals are getting on board because they have chief information security officers and risk management officers who can drive the project.