March 15, 2018
Inside: Most consumers prefer to use credit cards over every other form of payment. Find out how processing credit cards easily and securely for patients can improve your business.
Cash? That’s yesterday’s way to pay.
Forty percent of consumers prefer credit cards as their favorite way to pay, according to a 2016 survey by TSYS®, a payment solutions company. Thirty-five percent choose debit cards. Only 11 percent prefer cash.
As more customers pull credit cards out of their wallets instead of cash, businesses like your pharmacy need to keep up with how consumers want to pay. And that includes processing credit cards.
“Independent pharmacies need to accept credit cards to remain profitable and competitive,” said Christina Braatz, Association Development Executive at CardConnect, a payment processing solutions provider that uses patented tokenization and PCI-validated point-to-point encryption (P2PE).
“Processing credit cards will make your pharmacy more accessible to customers while also improving your cash flow.”
Even if your pharmacy is already processing credit cards, every business needs to make sure it does so securely.
Thirty-two percent of identity fraud claims in 2016 were related to credit card fraud.
“Many businesses assume that because they are small, they will not fall victim to a data breach,” Braatz said. “However, any business that accepts credit card payments can be hit with fraudulent activity.”
On Oct. 1, 2015, new regulations went into effect that shifted counterfeit fraud liability to merchants not accepting EMV cards, also known as chip or smart cards.
“Any business that is not accepting chip cards and is hacked may be financially responsible for the hefty fees that come along with the breach,” Braatz said.
Pharmacies need to make sure to upgrade their systems to accept EMV cards. “Accepting EMV payments will allow pharmacies to add an additional layer of security since chip cards create unique transaction codes that cannot be used again,” she said.
Pharmacies with sensitive health information in their systems need to keep their data secure.
Every pharmacy that processes credit cards should know about PCI compliance.
PCI-DSS, or Payment Card Industry Data Security Standard, is a set of rules passed down from the four major card brands (Visa®, American Express®, MasterCard® and Discover®).
“These rules help protect consumers’ personally identifiable information and are even more important for businesses handling medical information,” Braatz said. “Being PCI compliant means your pharmacy is doing its best to keep information like credit card numbers or medical records safe and secure.”
Braatz recommends choosing a payment processor that guarantees PCI-compliant payment processing to protect your business and your patients.
“Pharmacies should use a processor that offers powerful security solutions like PCI-validated point-to-point encryption (P2PE) and tokenization,” she said.
Tokenization creates an irreversible token that gets passed through the payment gateway, instead of the card number.
“By securing cardholder data this way, pharmacies can protect their business and customers from a potential data breach,” she said.
As healthcare providers, pharmacies need to correctly set up their payment processes to accept payments from Flexible Spending Accounts (FSAs) and Health Savings Accounts (HSAs).
To do that, they need one of two things:
According to SIGIS, the Special Interest Group for IIAS Standards, the 90% Rule applies to pharmacies operating in hospitals or medical buildings that mostly fill prescriptions and have a limited availability of other merchandise.
Specialty pharmacies that primarily sell prescriptions, like compounding pharmacies, may qualify. But in all cases, the drug store or pharmacy must attest that 90 percent of its previous year’s gross sales come from prescriptions and eligible healthcare products.
Consumers today want to make payments their way.
That includes in person, online, and with a mobile device or wearable.
“NFC, or near field communication, is also beginning to gain popularity among merchants and their customers,” Braatz said. “NFC allows customers to pay by simply waving their phone over an NFC-compatible device. It provides a quick and easy checkout experience.”
Braatz suggests pharmacies look for a payment processor that offers an omnichannel payment solution, so customers receive an accessible checkout experience at their convenience. And one that accepts the method they prefer to pay with.
“By accepting different types of payments, pharmacies can rest assured knowing they are providing their customers with a seamless payment experience,” she said.
Don’t get overwhelmed by the unfamiliar lingo when it comes to processing credit cards. Take a look at these common payment processing terms.
A method to process payments electronically. The process requires the bank’s routing number and account number. Funds get transferred from the buyer’s to the seller’s account electronically. For example, an eCheck.
A data security process that encrypts sensitive information, such as a customer’s payment card data or personally identifiable information. Tokenization replaces the customer’s data with a mathematically irreversible token. The token has no algorithmic relationship to the original piece of data, meaning hackers can’t unlock it with a decryption code.
A joint venture that created the original standards used for smart card (chip) payment transactions.
Flexible Spending Accounts (FSAs) and Health Savings Accounts (HSAs) allow consumers a tax-free way to save money in an account used for medical expenses.
Also known as RFID or Contactless, near field communication uses a chip embedded in a card, fob, or smartphone, and an antenna that emits a low-level electrical charge. The charge powers the chip, which then transmits the customer’s data to the antenna. Two standards for payments exist today. One works for one-way communication to transmit credit card data. The other works for two-way communication for EMV and couponing on mobile wallets.
A council made up of terminal manufacturers, processors, card brands and security experts from the payment industry. This group sets all standards and practices regarding securing payments, applications, and networks.
Major issuing banks created PCI compliance standards to protect personal information and to ensure security when processing transactions. Due to the rise in data breaches, hackers, and identity theft, all processors now charge breach insurance or PCI compliance fees to protect against such a breach, which could result in hundreds of thousands of dollars in damages and fines.
PCI standards for payment card data security.
When customers swipe or insert their cards, their account data gets encrypted and then decrypted at either a retailer’s switch, a payment gateway, or by the processor, depending on the scheme. Several schemes are in play using various encryption methods.
A credit card terminal run from a computer screen, smartphone, or handheld device. The virtual terminal runs in a window via a web browser or other software application, rather than using dedicated hardware, like a physical credit card terminal.
Want more pharmacy business tips and advice? Sign up for our e-newsletter.