EMV (i.e., chip card reader capability) is simply a liability shift (not a mandate, and no fines or penalties will be levied). It also does not mean that you are unable to accept payment without implementing it. This is the biggest misconception we have come across recently in our communication with both current and prospective clients. Most people were worried that their current payment acceptance and processing methods would no longer work after October 1st…as you already know, the lights are still on and credit cards are still being accepted.
The EMV shift is just that, a shift in liability for chargebacks on a credit card only under certain circumstances, but basically (and especially when it comes to the medical industry), if you have outdated equipment and/or if your equipment has not been programmed with the updated EMV implementation, then you may be held responsible for issuing a chargeback should a patient pay a bill to your office using a fraudulent card.
Additionally, the implementation of EMV has nothing to do with your PCI compliance. As explained in The Green Sheet’s article “EMV Myths Debunked” EMV is neither a requirement of complying with “the Payment Card Industry Data Security Standard (PCI DSS)…nor will implementing EMV make you PCI compliant.” Additionally, “EMV chip technology improves the security of processing credit card transactions but does not remove your requirement to comply with the PCI DSS.” Meaning that you are still required to perform your scans and fill out the questionnaires necessary to keep your practice PCI compliant and reduce the extra fees incurred by failing to do so.
So how do you know if you are responsible for chargebacks?
The shortest explanation is what we stated above: if someone pays your practice with a fraudulent card, and you have not implemented EMV, then you might be responsible for issuing a refund to the actual cardholder. The long answer? There are several situations that show the details of how this liability is determined in The Green Sheet Online Edition article “Understanding the 2015 U.S. fraud liability shifts Version 1.0 – May 2015”. Most likely, the medical industry will not encounter many of these fraudulent charges, however. I doubt a medical bill is the first thing that someone who steals a credit card is concerned about paying!
If you have any questions regarding that article, this blog or any other aspect of the EMV liability shift not covered here, please feel free to contact me at email@example.com or 678-232-0129. As always, I am here to help and would gladly answer any questions or address any concerns you might have!