Today, if a credit or debit card is swiped to make a payment, the bank that issued the card is liable for the costs of any fraudulent transactions – but that is about to change.
Starting October 1, 2015, any merchant processing “swipe and sign” card transactions must also be able to process EMV transactions – or be forced to accept the financial responsibility of counterfeit card losses.
So, what is EMV? How do EMV transactions work? And how do you prepare for the “liability shift?”
Here is a quick EMV overview and how healthcare organizations, using POS readers or terminals to collect payments, can prepare for the upcoming rules.
What is EMV?
EMV – which stands for Europay, Mastercard, and Visa – is the global standard for chip card technology, and the devices or terminals used to authenticate chip card transactions.
You may have already noticed that the majority of U.S. card companies have begun issuing new credit and debit cards to their cardholders.
These new cards have a microchip embedded in the plastic and are referred to as chip cards or EMV cards. Instead of reading a magnetic stripe, EMV terminals read the microchip embedded in the card – helping protect cardholder information and fight card fraud.
How does an EMV card work?
Instead of a traditional “swipe & sign” transaction, EMV transactions use a “dip” method.
This means a consumer “dips” his or her card into the payment terminal and keeps it there during the payment process. Once the transaction is approved, the cardholder confirms the amount by either entering a four digit PIN number or providing their signature on the terminal – depending on what is required by the card issuer.
However, it is important to note that chip cards will not put an end to swipe and-sign transactions.
The EMV cards still have the magnetic stripe on the back of the card which means merchants do not have to invest in devices that process EMV transactions.
But, not obtaining the equipment necessary for EMV transactions could mean greater financial liability for merchants after the October 1 deadline.
What does the October 1 “liability shift” mean for your hospital?
After October 1, 2015, if a healthcare organization is still using the traditional “swipe and sign” system, but a patient has an EMV chip card, that organization will be financially liable for any fraudulent transactions.
Therefore, hospitals must decide if they are willing to accept financial responsibility for fraudulent transactions, or invest in EMV POS devices. And this is a decision that should be made soon to ensure the proper equipment can be obtained before the October deadline.
As the EMV deadline pushes healthcare organizations to update their POS hardware, this is a good time to evaluate the overall security and functionality of your POS devices.
Should your organization also be looking into point-to-point encryption (P2PE) to limit your PCI scope at the point-of-service?
What about incorporating NFC (near field communication) or Apple Pay into your solution for a more convenient and secure patient payment experience?
A best-in-breed solution provider should not only be able to support these initiatives, but should be providing the insight needed to help your organization make these decisions.
For RevSpring clients using our point-of-service payment solution, RevSpring now supports EMV, Signature, and PIN entry. For more information feel free to email us at firstname.lastname@example.org.
About the Author
Mike Alley is the Vice President of Product & Business Development at RevSpring. He has been the instrumental architect of RevSpring’s current healthcare online services and payment solution offering – which currently services over 1800 healthcare locations ranging from large multi-site healthcare systems to individual private practices.