Odds are your front desk staff are noticing that more and more patients are carrying credit cards with small, metallic chips on their faces. If your practice doesn’t yet have the equipment necessary to process cards with EMV chips, you could find yourself on the hook for any money your patients end up losing because of credit card fraud. Here’s how to protect yourself.
EMV chip cards are already common in Europe and Asia because they provide more security at point-of-sale than magnetic strip cards provide. (“EMV” stands for “Europay, Mastercard, and VISA.”)
Instead of swiping a card when paying, users insert an EMV card into a reader with a slot similar to an ATM’s. It stays in the slot until the machine instructs the payer to remove it.
EMV chips assign a unique code to every transaction. That means that if a thief acquires that code from a terminal, he can’t use it to make another purchase.
Chip cards are much harder, if not impossible, to duplicate. This makes them more secure than cards with magnetic strips, which are relatively easy to copy because the information on them is static; that is, it is essentially stored account information.
Major credit card companies want to bring this enhanced security stateside.
Visa and MasterCard set an October 1, 2015 deadline for merchants (that includes you, eye care providers) to switch your card machines from accepting magnetic strips alone to accepting both chip and strip cards. You can opt to continue using your old magnetic strip reading equipment, but you will now be liable for any card fraud that occurs as a result of information being stolen from magnetic strips at your front desk.
Recent credit card fraud committed on massive scales at places like Target and Home Depot has led the payment processing giants to institute a sweeping change in the United States and essentially mandate EMV cards by shifting fraud liability to merchants.
Traditionally, financial institutions have been on the hook for almost all credit card fraud. And with the American Bankers Association estimating industry-wide costs of credit card fraud at about $1.75 trillion, they are very eager to unburden themselves of as much of that as possible.
So financial institutions are issuing EMV chip cards to their customers and they are instituting a “liability switch” for merchants unprepared to process cards with the new chips.
If your practice is unable to process a card with the new chip, you are responsible for any fraudulent transaction made with information stolen from the magnetic strip on the chip card.
If you have the ability to accept chipped cards but the bank hasn’t provided one on the card, the bank must cover the loss, according to Stephanie Ericksen, Visa’s vice president of risk products. “It’s based on the individual terminal and the individual card level. If an issuer has issued a certain percentage of their cards as chip but the fraud occurs with a card that doesn’t have chip yet, the liability will fall back on the issuer,” Ericksen says. “And the same thing applies to different merchant locations. If a retailer has EMV payment terminals at one location, but not another where fraud occurs, the liability would be terminal-specific and the merchant would be responsible.”
It’s important to note that the liability shift pertains only to counterfeit fraud tied to EMV chip cards. You won’t be held responsible for large scale data breaches or consumer payment card data stolen prior to the shift. The liability switch also doesn’t apply to all other instances of card fraud, such as online payments and other forms of card-not-present theft.
What You Need To Do Now
If this is news to you and your eye care practice is unprepared for the change, you’re not alone. Many retailers are not ready to handle the new chip technology. The Strawhecker Group, a management consulting company for the payments industry, found in a recent survey that just 27 percent of merchants in the U.S. were able to process chip cards by the October 1, 2015 liability shift date.
Do you rely upon a payment processing company to provide you with your point-of-sale terminals? If so, reach out to that company directly if you haven’t yet received EMV-capable devices. If you don’t rely on a payment processing company, you should go ahead and upgrade your equipment. For most providers, the requisite processing hardware will run from $100-$250. With the trend of steadily rising deductibles it will only take one instance of prevented fraud for the new devices to pay for themselves.
As consumers become more accustomed to EMV and its added security features, your patients will expect you to have the ability to process EMV cards
A Look Ahead
EMV cards still require signatures. Eventually the technology will evolve to be the same in the US as it is in the rest of the world—”chip and PIN.” Consumers will insert their credit cards into the machine and enter a four-digit password to approve the transaction. Security experts believe this is a very safe way to pay for things. Signing for a credit card purchase provides almost no security because signatures are rarely checked.