No category of payment-card-accepting merchants, including health-care providers, is immune from the EMV liability shift coming Oct. 1. Yet, some payments providers specializing in servicing clinics and hospitals say there is a lack of understanding among their clients that goes beyond what acquirers have found in other merchant categories.
“Health care probably lags some industries in terms of EMV readiness,” Chris Seib, chief technology officer and co-founder of InstaMed, a Philadelphia-based health care payments network. “We’re having a lot of conversations.”
Those conversations often are about more than EMV. “EMV has less of a play in health care than in most industries,” Craig Tieken, vice president of product and integrations at TransFirst LLC, a Hauppauge, N. Y.-based payments company that specializes in health care, tells Digital Transactions News. “It doesn’t mean they shouldn’t do it.”
Health care providers often are not at the top of the list of merchants where criminals would seek to use counterfeit cards, Tieken says. “In health care, you typically know your customer,” he says.
Knowing the customer, however, could be vital to getting health-care providers to adopt new payment technology. What may be more useful than EMV for payments companies courting health care providers is to focus on what Seib calls the consumer experience. That is, adopting some of the innovations rooted in general consumer commerce and applying them to health care.
“Moving forward, we see successful health-care organizations will focus on the consumer experience,” Seib says. “Health care has a lot to learn from Apple Pay, Amazon, and Uber, which have innovated around the consumer experience.”
Mobile payments, in particular, could be a key sales item, says Tieken. “With mobile payments, we have two major app markets on board and the major network operators on board,” he says, referring to the iTunes and Google Play app stores, and the card brands.
As consumer adoption of these digital wallets grows, many consumers will want to use them, potentially creating demand for contactless readers and payment software that incorporates them.
Another payment service, which may entice even more health-care providers, is point-of-sale system products that reduce or eliminate burdensome PCI-compliance efforts. “The changes the health care market needs to make are less about EMV and fraud…the big benefit is scope reduction,” Tieken says. When POS systems are in scope they must be certified as compliant with the PCI Security Standards Council’s data-security standard, requiring testing and validation.
New services, which place all of the payment-data transmission within a secure POS terminal that handles EMV but also only feeds the transaction amount, type of transaction, and other information necessary for a consumer’s receipt, can remove POS systems from PCI scope, Tieken says.
Essentially, this changes the flow of the transaction from the POS system software to the payment terminal, to one where the POS terminal handles the sensitive cardholder data. “This eliminates the need for the [POS] software to touch the full card information each time,” Tieken says. “Though EMV may be the driver, the benefit is less about EMV and more about scope reduction.”