No category of payment-card-accepting merchants, including healthcare providers, is immune from the EMV liability shift coming Oct. 1. Yet, some payments providers specializing in servicing clinics and hospitals say there is a lack of understanding among their clients that goes beyond what acquirers have found in other merchant categories.
The health care segment requires knowing the customer to pitch EMV, says Chris Seib with InstaMed.
“Healthcare probably lags some industries in terms of EMV readiness,” Chris Seib, chief technology officer and co-founder of InstaMed, a Philadelphia-based payments company. “We’re having a lot of conversations.”
Those conversations often are about more than EMV. “EMV has less of a play in healthcare than in most industries,” Craig Tieken, vice president of product and integrations at TransFirst LLC, a Hauppauge, N. Y.-based payments company that specializes in health care, tells Digital Transactions News. “It doesn’t mean they shouldn’t do it.”
Healthcare providers often are not at the top of the list of merchants where criminals would seek to use counterfeit cards, Tieken says. “In healthcare, you typically know your customer,” he says.
Knowing the customer, however, could be vital to getting healthcare providers to adopt new payment technology. What may be more useful than EMV for payments companies courting healthcare providers is to focus on what Seib calls the consumer experience. That is, adopting some of the innovations rooted in general consumer commerce and applying them to healthcare.
“Moving forward, we see successful healthcare organizations will focus on the consumer experience,” Seib says. “Healthcare has a lot to learn from Apple Pay, Amazon and Uber, which have innovated around the consumer experience.”
Mobile payments, in particular, could be a key sales item, says Tieken. “With mobile payments, we have two major app markets on board and the major network operators on board,” he says, referring to the iTunes and Google Play app stores, and the card brands.
As consumer adoption of these digital wallets grows, many consumers will want to use them, potentially creating demand for contactless readers and payment software that incorporates them.
Another payment service, which may entice even more healthcare providers, is point-of-sale system products that reduce or eliminate burdensome PCI-compliance efforts. “The changes the healthcare market needs to make are less about EMV and fraud…the big benefit is scope reduction,” Tieken says. When POS systems are in scope they must be certified as compliant with the PCI Security Standards Council’s data-security standard, requiring testing and validation.
New services, which place all of the payment-data transmission within a secure POS terminal that handles EMV but also only feeds the transaction amount, type of transaction, and other information necessary for a consumer’s receipt, can remove POS systems from PCI scope, Tieken says.
Essentially, this changes the flow of the transaction from the POS system software to the payment terminal, to one where the POS terminal handles the sensitive cardholder data. “This eliminates the need for the [POS] software to touch the full card information each time,” Tieken says. “Though EMV may be the driver, the benefit is less about EMV and more about scope reduction.”
This article was originally published by Digital Transaction News.