Deadline Looms for Providers to Upgrade Payment Card Terminals
Healthcare organizations not implementing newer debit/credit card processing terminals by October 1 will be financially liable for fraudulent financial transactions.
And its not just healthcare providers at risk, but all types of merchants across the nation. Credit and debit card issuerswho have long eaten the costs of fraudulent transactionsare passing on the liability if providers and other merchants arent using technology to make card transactions more secure.
The technology that card issues want used is EMV (Europay, Mastercard, Visa), in which a chip is put in the card. Many consumers today still use traditional swipe cards, but as new cards are issued they typically include the chip.
There actually are two types of EMV cards, says Chris Seib, CTO and co-founder of claims clearinghouse and revenue cycle vendor InstaMed. One type has a chip and a pin and the other type has a chip and requires a signature. Either way, the chip makes it more difficult for thieves to swipe data. While the chip/pin combination offers two-factor authentication, many card issuers are wary of issuing cards with a pin, as they may just take another card out of the wallet to complete the transaction, Seib explains. So, most EMV, which issues have been preparing for over several years, is the chip/signature version.
It is important to remember that EMV is fraud prevention technology and a liability shift; it provides some security but is not by itself a security tool, Seib says. However, the EMV terminals support both chip/pin and chip/signature transactions, so providers and other merchants using EMV technology wont be liable for fraudulent transactions.
Seib advises going two steps further to encrypt transactions and offer Android and Apple phone pay capability by tapping the phone on the terminal, a convenience mobile customers increasingly want. Both added services wont cost much more, he adds.
InstaMed has been supporting EMV since mid-2014 and while newer clients have it, 90 percent of older ones arent yet on. Interest is rapidly rising, but more education and awareness is needed to get healthcare ready for the October deadline, Seib says. In particular, larger hospitals are getting on board because they have chief information security officers and risk management officers who can drive the project.
More information on EMV also is available here from revenue cycle management vendor RevSpring.