PCI to EMV – Protecting Your Patient Credit Card Data
As of Oct. 1, 2015, the liability for fraudulent transactions will no longer be assumed by the credit card issuing institution. Instead, if you (the merchant) fail to adopt EMV technology, your dental practice will be responsible for any loss that results from a fraudulent transaction.
Like their screenings and dental procedures, your patients want their payment experience to be as easy and painless as possible, which is why you have come to depend on the ability to process credit card payments, which are frequently used to cover the difference after insurance pays a portion. But did you know that the magnetic stripes on your patient’s credit cards make them susceptible to fraud?
Major data breeches have made the news in recent years and all businesses are at risk (including your dental practice). Fraudsters are able to steal the information hidden within the cards magnetic stripe and use that information to create a fraudulent card. To combat the growing threat on consumer data, most American businesses will be expected to implement Credit Card EMV (EuroPay, MasterCard and Visa) technology October 1.
Read Also: ID Thieves Don’t Discriminate, Health Professionals Are At Risk
Change Is Necessary To Protect Your Patients
Due to the increasing number of credit card breaches where millions of credit card numbers and associated data have been stolen, the industry has forced small businesses nationwide to adhere to PCI (Payment Card Industry) Security Requirements. Supported by the PCI Security Council, the ultimate goal of EMV is to stop and prevent further fraudulent activity. Success has already been noted in countries outside the U.S.
“Currently, almost half of the world’s credit card fraud happens in the U.S. where magnetic stripe technology is the standard,” states David Navetta and Susan Ross in a blog on Data Protection Report. “Outside the U.S., an estimated 40 percent of the world’s cards and 70 percent of the terminals already use the EMV technology. These countries are reporting significantly lower counterfeit fraud levels with EMV cards than with the magnetic stripe cards.”
Understanding EMV Technology
Credit Card EMV technology, which has been used in Europe since the early 1990s, replaces the magnetic stripe we have grown accustomed to with an imbedded chip that, scrambles sensitive cardholder data at the point of sale terminal. This technology ultimately makes it more difficult to access and replicate consumer data in an attempt to commit fraud.
Dental Practices Must Comply
Why should you be concerned about the credit card industry’s switchover to EMV technology? As of Oct. 1, 2015, the liability for fraudulent transactions will no longer be assumed by the credit card issuing institution. Instead, if your dental practice fails to adopt EMV technology, your practice will be responsible for any loss that results from a fraudulent transaction. If your practice currently accepts credit cards as a form of payment (and you would like to continue to do so), unless you want to be hit with potentially devastating losses, you must make sure to install and activate the new technology before the Oct. 1 deadline.
That being said, some types of businesses will have a little more time to comply. If you aren’t quite sure whether or not your practice is exempt, visit the website of each payment brand you accept to learn more.
Next Steps For Dentists
- If you have not investigated or planned for EMV Technology, contact your card processor immediately to determine your business’s specific needs.
- Implementing EMV technology can be a cumbersome and time consuming project, but the best way to protect your practice from fraud and liability is to implement the new technology as soon as possible.
- If EMV technology has been implemented be sure to confirm that the chip reading capability has been enabled. In addition, confirm with issuers that cryptographic values are being associated with the card number to ensure that the EMV technology has been setup and configured properly. Verifying that cryptographic values are being assigned will eliminate the chance of misconfiguration and possible fraudulent activity.
- Train your staff on the new procedures. When a patient tries to use their card, they will notice some changes, such as their credit card being held in the EMV reading slot throughout the entire transaction process. This is normal, however your staff should be prepared to answer the questions that will certainly arise.
By Joe Welker, CISA (New Philadelphia office)
Want to learn more ways you can protect your dental practice and your patients from a fraudster? Check out these articles:
Dental Practices Should Beware Of Wire Transfer Scam
Is Your Dental Practice Safe From Scammers?
Internal Controls For Dental Practices