Changing habits and technological innovation are profoundly changing the way we pay, at a speed never seen before, as consumers realise the benefits of alternative payment methods such as contactless and mobile. As a result, optical practices need to consider how to accommodate shifting customer demands as more and more payment options become available.
According to the Payments Council, 2015 could be the first year that cashless payments overtake cash payments. What’s more, it also predicts that the number of cashless payments is set to increase by 700 million over the next year, while the number of cash payments will drop by 400 million transactions. This is partly due to the increasing popularity of contactless payments, with card issuer Visa attributing the payment method as partly behind an 8.3 per cent boost in spend on Visa cards in 2014.
Mobile payments are also an area that is primed for growth, with the increasing availability of technology in this area through smartphones. The swift adoption of mobile technology among the younger generation, could potentially present practices with a patient base that is highly engaged and ready to adopt new technology when it comes to alternative payment methods. Therefore, practices should consider updating their card terminals in order to accept near-field communication technology which allows acceptance of contactless and mobile payments.
Growing problem
Alternative payment methods such as contactless are quick, convenient and increasingly the payment method of choice for customers, but practices need to be aware of the complications that accepting any kind of electronic payment can bring. Card fraud and data theft are a growing problem as fraudsters become ever more sophisticated. Stories about criminals targeting both companies and individuals to obtain the sensitive information contained in credit and debit cards are becoming more frequent.
While cards carry obvious benefits, both practices and their customers can often be unaware of the imminent danger of data theft and how valuable card data can be to criminals – which can, in the right hands, be more valuable than stolen cash.
Criminals continue to develop ever more sophisticated methods to gain access to cardholder details and other relevant data. It is therefore essential to be alert to card security to ensure that payment systems are safe, in order to protect cardholder data when processing card payments.
This is where the Payment Card Industry Data Security Standard – or PCI DSS – steps in. PCI DSS is a set of globally agreed compliance standards for any retailer or service provider who processes, stores or transmits cardholder data. It is designed to provide a framework for minimising fraud and safeguarding patients’ data.
The principles of PCI DSS mean that small outlets are held to the same security standards as large organisations. This is important as it means that regardless of how a patient pays, their card information must be treated with the equivalent level of care, irrespective of the size of the establishment.
Research suggests that smaller businesses can be particularly exposed. Symantec’s 2014 Internet Security Threat Report has shown that 41 per cent of all targeted attacks were aimed at smaller businesses, namely those with less than 250 employees. With the help of the right software and products on terminals, firms can safeguard their patient’s sensitive data against internet-based attacks.
The positive news is that compliance is usually inexpensive, if undertaken correctly. However, if you fail to comply with PCI DSS requirements, you run the risk of being subject to a ‘breach’ (a leak of data) resulting in large fines – starting at £10,000. Of even greater concern is the reputational damage and impact on the loyalty of patients that can result from cards being compromised.
Stolen cards
Likewise, practices need to be alert to the potential of fraudulent card use that can arise from criminals using stolen cards and data. Card processors can provide a checklist of steps to take if you are concerned about the authenticity of a card, such as calling them for additional authorisation, or requesting proof of address if you are particularly suspicious.
Accepting a stolen card can lead to the genuine cardholder ‘disputing’ the transaction with their card issuer. If you have undertaken the right steps in advance to verify the card, your card processor will help you defend this dispute. If the card is then proven to be fraudulent and you have not followed the steps to confirm the identity of the cardholder, then you will potentially be exposed for covering the cost of the goods. This is why carrying out security checks when suspicious is imperative. Keep in mind, however, that if the transaction is chip and pin, the practice will not be liable for fraudulent transactions.
At a time of heightened concern about card fraud and data theft, you need to urgently address how you achieve compliance with security standards in order to provide the best possible protection for both your patients and your own store.
Chris Davies is managing director of Global Payments which specialises in card payment processing for customers ranging from owner-managed businesses to multinationals