Jeff Holt
By Jeff Holt, VP, Senior Healthcare Business Banker with PNC Bank

Is your practice prepared for processing chip cards from your patients starting this October, 2015? We are now beyond the deadline and still many dental practices have not yet upgraded their equipment and software to the new improved EMV technology.

It is important for all dental practices to understand the history of how and why this technology has evolved, and then to consider what is best for your patients and practice before properly implementing and utilizing EMV technologies.

A chip card enhances card security for electronic payments when inserted in the chip card reader (not swiped) of a chip-enabled terminal. The chip generates a unique transaction code, which is shared with the merchant, instead of your card information. This makes the card difficult to copy. Your chip card provides an additional layer of security at chip-enabled terminals; however, perpetrators continue to look for new opportunities to commit fraud.

Starting in October 2015, financial liability for card-present counterfeit card losses will shift from the card-issuing banks to merchants if merchants receive chip-enabled cards but have not yet installed chip card capable terminals. This liability shift will apply to all merchants, regardless of size. As a card processor, your medical practice will need to ensure your point-of-sale (POS) system is capable of accepting chip cards due to this fraud liability shift. Now is the perfect time to review your processing needs, and upgrade to a chip card capable system.

“For healthcare professionals, the need to protect patient information goes beyond desire – HIPAA / FIPA compliance, regulations, and reputation demands it,” explains Dylan Floyd, regional account executive with PNC Merchant Services. “EMV utilizes a European-based chip and pin technology that has decreased fraud by over 90 percent worldwide for face-to-face transactions.”


Let us first cover some of the staggering statistics that will show you why this technology came to be needed:

  • The total cost of fraud in the U.S. is estimated at $8.6 billion per year, according to an Aite Group report from 2010; so preventing fraud growth is of the upmost importance.
  • A recent USA Today article ranked Florida as the #1 state in the U.S. for number of identity theft complaints, with the average amount paid of $2,104.
  • An analysis by Visa® found that small merchants account for more than 80 percent of data security breaches.
  • Major insurance companies like, AIG and Great American, proclaim that the average cost of a data breach in 2012 was more than $38,000.
  • And security experts affirm that the sale of credit card information is still thriving on the black market.

In the end, security breaches may not only expose your practice to fines from bank regulators and the card associations, but they also can rob you of your patient’s trust.

How could your Practice be Financially at Risk when Non-Compliant?

A data breach can already have a very negative impact on your practice and your patients, but a breach while out of compliance could result in card association fees and penalties up to $10,000 per occurrence and $500,000 in total; monthly non-compliance fees; damage to the reputation of your practice; and worst case scenario – be possibly driven out of business.

“Non-compliance with PCI-DSS requirements provides banks and the credit card companies the means to recoup lost funds, as well as levy penalties,” said Tatiana Melnik, a healthcare attorney based in Tampa. “But losing the trust of your patients could have a greater negative financial impact on the practice than the fines.”

When considering the unfortunate possible combination of both the fines and loss of patient trust, the resulting total financial impact could be difficult to recover from. So how should your practice prepare for implementation? Initially, identify all credit card collection points and systems used by your organization and talk to your merchant services provider to understand their strategy for chip cards. Then, assess your practice’s potential risks based on credit card volumes, current fraud experience and areas of potential exposure.

This process could require an initial investment, so you need to budget for new credit terminals and/or system upgrades, as well as training for your staff.

If your practice was unable to meet the October 2015 deadline, you may want to investigate whether potential losses due to fraudulent card transactions will be covered by corporate insurance policies.

Basic Payment Card Industry Data Security Standard (PCI DSS) data security requirements should still be implemented for security and compliance reasons. Twice a year, complete a PCI DSS Self-Assessment Questionnaire (SAQ) to self-evaluate your compliance with PCI DSS. (Visit to learn more about what you need to do to become PCI compliant).

Please ask your healthcare business banker for assistance to get your practice in the best possible position to be EMV compliant at all times.

Jeff Holt is a Senior Healthcare Business Banker with PNC Bank’s Healthcare Business Banking and can be reached at (352) 385-3800 or

Did you know?

EMV stands for Europay, MasterCard® and Visa®, and is interchangeable with the name Chip Card, and evolved in the mid 1990’s. Currently, more than 1.55 billion EMV-compliant cards are now being used at 20 million EMV acceptance terminals. As of October 1st 2015 the implementation of EMV makes the United States the last major world economy to migrate to EMV. Fortunately, that does allow us to adopt existing best practices and learn from mistakes other countries have made.

The United Kingdom was one of the earliest adopters of Chip and PIN technology based on EMV. While total card purchase volume in the UK grew 32 percent between 2005 and 2010, total card fraud decreased by 17 percent. In addition, lost, stolen and counterfeit card frauds in the UK are now at their lowest levels since the 1990s.

How does EMV makes processing more secure?

The new Chip cards are nearly impossible to duplicate, and when combined with additional layers of security—such as encryption, tokenization and other strong authentication techniques — EMV significantly reduces opportunities for card payment fraud.

The security difference between cards:

Traditional Credit/Debit Cards – The magnetic strips contain data that does not change. This data gives thieves all the information that they need to steal thousands of dollars from your patients.

Chip (EMV) Credit/Debit Cards – When a chip card is used for a payment, a unique code for each transaction is generated and stored on the chip. That newly created code cannot be used again, and therefore is useless to thieves. The chip technology gives criminals unusable data only when properly used with the coinciding compliant merchant service equipment.

Schedule An Appointment

Your email will never be published nor shared in public. Required fields are marked (*)



For Member Information Call: (407)894-9798