October 1 2015 was an auspicious day for mental health professionals in private practice for two important reasons. As health care providers, we had to switch to ICD-10 for our diagnostic coding. And as small business owners, we got worried about whether we needed to change the way we processed our credit card payments.
So what was so special about October 1, 2015 in the world of credit card processing? That’s the day liability for transactions resulting from fraudulent EMV chip credit cards shifted from the bank issuing the credit card to the business owner running the transaction. In terms relevant to our profession, if a client payment using a fraudulent EMV chip card goes through AND we don’t have an EMV Chip Reader terminal to run the sale, the bank will charge back the cost of the service and we will be stuck unpaid. The good news is, no additional penalties or fees are incurred beyond the charge back. It’s also good to know that nothing has changed for transactions using cards without the EMV chip. So, if your usual method of processing credit cards is using a magnetic swiper (either a free standing terminal or one attached to your computer or smartphone), hand entry from a client’s form authorizing repeated automatic card payments, or client entry using a payment portal web site AND the client uses a fraudulent magnetic strip card, the bank will still be the liable party. The bank also still incurs the liability if we run the card in a way that wouldn’t customarily use an EMV Chip Reader, such a remote entry when the customer and card are not physically present while the transaction is being run.
So what’s the big deal and why all the fuss? Well, apparently just under half of all the world’s credit card fraud occurs here in the USA, even though only one quarter of all credit card transactions occur within our borders. A key reason for these disheartening statistics is that America’s love affair with cheap and easy to use magnetic strip credit cards has lingered way past its prime. Magnetic strip cards are simply too easy to counterfeit. EMV (which stands for Eurocard/Mastercard/Visa) technology has been in use in other parts of the world for years. The inclusion of an electronic chip embedded within the credit card makes it significantly more difficult to create usable counterfeit cards. It is currently estimated that here in the US, only one third of all transactions are processed using chip enabled cards, but that number is expected to rise rapidly. All chip-enabled cards will still have a magnetic strip and will work in magnetic strip readers, but the liability for fraudulent transactions processed in this way has shifted from the bank to the merchant. For the time being, there are no plans to charge merchants differential rates for running EMV chip-enabled cards vs. magnetic strip only cards.
Switching to a new card reader that will do magnetic strip cards, EMV cards and NFC (Near Field Communication) devices such as Apple Pay will eventually be a worthy endeavor and is likely to incur only minimal costs and inconvenience. Given (1) the volume of business we private practitioners generally do, (2) the fact that we hand-enter many transactions based on credit card information we keep on file, and (3) the ongoing professional relationship we have with most of our clients, our actual risk of getting stuck because someone paid us with a fraudulent chip card AND we didn’t have a chip reader is, in fact, pretty low.
I use Transfirst for running my credit card sales and when I called to ask, they freely advised me that they consider my current risk extremely low. Their advice was to plan to get a chip reader at some point but not to worry about it for now. They don’t currently have a chip or NFC based system to use with the iPhone/iPad but they anticipate having something on offer in the near future. I haven’t yet done any diligent research on the new “Chip and Dip and NFC” card reader systems but it seems like options are still pretty limited. I did review Squares’ site and if you use a Square reader plugged into your phone or an iPad to process your credit cards, you can purchase one from them $49. Free-standing machines seem to be running in the $200-$300 range. Remember, if you purchase a free-standing machine, you need to check with your credit card processor first to make sure it will work with their system. I couldn’t find any good peripherals currently available that connect directly to a computer via USB cable. It seems like you will need to hold tight for the time being if you routinely run your transactions through a swiper peripheral connected via USB cable to the computer running your practice management system, as I currently do. Again, check with your credit card processor before buying anything to make sure it will work with their system.
I am all in favor of easy to use, inexpensive systems that reduce fraud. Whether we eat the cost or the bank eats the cost, it is still theft and it is wrong. Updating our equipment as more affordable user-friendly options come available is something we can do to help curb the use of fraudulent cards here in the US. When I have some good affordable options to choose from, I will definitely get an EMV/NFC card reading system. For now, I will stick with what I’ve got, and cross this off my “Things to Worry about List.”