Beginning in October 2015 all medical practices must be EMV Compliant or they run the risk of being 100 percent at fault for any credit card fraud initiated from their office. The new EMV policy places the onus on the doctors office rather than the credit card processor if any fraud is committed. Therefor it is imperative to be EMV compliant before October 2015.
EMV is the new standard set of specifications for smart card payments and acceptance devices. These new standards are set to be officially implemented October 2015. EMV stands for Europay, MasterCard and Visa and were developed to define a set of requirements to ensure interoperability between chip-based payment cards and terminals. Today, EMVCo manages, maintains and enhances the specifications. EMVCo is owned by American Express, Discover, JCB, MasterCard, UnionPay, and Visa, and includes other organizations from the payments industry participating as technical and business associates.
The United States is one of the last countries to migrate to EMV chip technology due to the tremendous cost to upgrade merchant terminals, POS systems and ATM machines. American Express, Discover, MasterCard and Visa have all announced plans to be ready for October’s deadline. But, are you ready?
How Do I Get Ready for EMV?
Now is the time to begin to adopt EMV protocol, ahead of the October 2015 deadline. EMV compatible terminals are now available and can be implemented in your place of business. Start planning to replace your current terminal, whether hardware, virtual or computer-based systems.
If you have had the same terminal or software longer than 2 years then you are probably not compliant. Your processing rep or bank should have contacted you by now, if not then they may not want to eat the cost of a new system for you. After all, come October they are off the hook if there is a fraud committed in your office. It's now your responsibility. Contact a reputable card processor and begin the switch now.
Regions that have transitioned to EMV already have seen drastic reductions in fraud losses. As the amount of fraud continues to rise in the U.S., switching to the new payment technology is inevitable to provide a more secure environment for your patients to pay for appointments, medications and other services.
The biggest benefit of EMV is the reduction in card fraud resulting from counterfeit, lost and stolen cards. EMV also provides interoperability with the global payments infrastructure – consumers with EMV chip payment cards can use their card on any EMV-compatible payment terminal. EMV technology supports enhanced cardholder verification methods and, unlike magnetic stripe cards, EMV payment cards can also be used to secure online payment transactions.
How does EMV work?
EMV cards include a secure microprocessor chip that can store information securely and perform cryptographic processing during a payment transaction. EMV cards carry security credentials that are encoded by the card issuer at personalization. These credentials, or keys, are stored securely in the EMV card’s chip and are impervious to access by unauthorized parties. These credentials therefore help to prevent card skimming and card cloning, one of the common ways magnetic stripe cards are compromised and used for fraudulent activity. Second, in an EMV transaction, the card is authenticated as being genuine, the cardholder is verified, and the transaction includes dynamic data and is authorized online or offline, according to issuer-determined risk parameters. As described above, each of these transaction security features helps to prevent fraudulent transactions. Third, even if fraudsters are able to steal account data from chip transactions, this data cannot be used to create a fraudulent transaction in an EMV or magnetic stripe environment, since every EMV transaction carries dynamic data.
And lastly, EMV can also address card-not-present (CNP) fraud, with cardholders using their EMV cards and individual readers to authenticate Internet transactions.
Can EMV address card-not-present fraud–for example, with Internet merchants?
Yes. For example MasterCard and Visa allow EMV smart cards to be used to authenticate the user for online transactions (where no card is present). For an online transaction, the user would insert the EMV credit or debit card into a handheld reader. Once the user enters the PIN, the reader will display a one-time password which can be used to validate the user’s identity. The user enters the password in the appropriate field on the merchant’s checkout page (or online banking site) and the password is passed back to the issuer for authentication using the MasterCard securecode, Verified by Visa, or online banking infrastructure. According to Toni Merschen, the former group head of chip for MasterCard International and now principal of his own consulting firm, 30 million Europeans already use EMV cards and readers for Internet transactions. These programs prevent CNP fraud on the Internet and removes the value to cyber criminals of stealing payment card numbers.
Practices that have not adopted contact chip technology by October of 2015 will be liable for losses linked to card fraud, if EMV chip technology could have prevented the fraud. Hospitals, physicians’ offices and all other healthcare providers that accept credit or debit cards for payment are strongly urged to upgrade their equipment at some point before the liability shift.
Are you ready?
David Benoit is the Central Florida Account Executive for Central Payment (TYSYS). Total System Services is a United States credit card processor, merchant acquirer and bank credit card issuer. He has been in the Merchant Service, Retail and Medical Office profession for over 30 years and specializes in improving payment transaction costs and efficiency in the healthcare industry.
David can be contacted at firstname.lastname@example.org