Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

Will Your Business be Keying More Credit Card Transactions as a Result of COVID-19?

Blog Post

In this hectic time and uncertainty, owners are making hard decisions regarding their businesses. Some are shutting down, while others are adapting to the daily life changes of COVID-19. Many medical practices are seeing patients on an emergency basis and others are starting to implement a telehealth approach.

For practices that are considering implementing telehealth to connect with their patients, we'd like to share some guidance. Most practices that have a merchant account in place, may want to consider how best to accept payments over the phone. It is important to arrange payment for the copayment before advising your patient. This can be done over the phone. Basic knowledge and advice are as follows:

Face to face merchant accounts are less risky to the bank and therefore have lower pricing. What many owners do not know, is once a transaction is keyed, the cost of doing so could be one to two percent higher than expected. You should be aware of this additional cost, as it will impact your business’ bottom line. Think of it this way, for every ten thousand dollars keyed, the cost could be an additional two hundred dollars.

You can learn from other businesses who experienced a model change. When your local pizzeria decided to start delivery as part of their business, many never considered that their business model changed from roughly ten percent keyed transactions, to over forty percent. This change in business caused their processing rates to skyrocket, and in some cases, the processor closed their merchant account, because of the additional risk involved. Please avoid this disruption in business and contact your current processor before implementing your new keyed environment for accepting credit card payments.

5 things to consider when adopting a credit card-not-present environment:

  1. Contact your current processor and notify them that your business model is changing. Ask them what impact keying transactions will have on your transaction costs. If you feel you might be keying more than thirty percent of the transactions, having a second merchant account for keyed transactions is an option to help reduce costs. If the processor knows you are keying transactions in their underwriting profile, the business is rewarded with lower pricing.
  2. Make sure you are capturing the proper credit card data for address verification. This includes the number of the street address and zip code for the credit card billing location. Additionally, you will need the three-digit CVV code on the back of the patient’s credit card.
  3. Never save this data on the patient’s file. Doing so will increase your scope of PCI Compliance. You are never allowed to store the three-digit CVV number. 3. The Address verification system is a tool that is better known as AVS. When you contact your processor, please make sure they have this tool active in their software. This tool is used for keyed transactions and helps validate the card information is linked to the address of the card user.
  4. Having the proper information helps eliminate fraudulent transactions and lowers the transaction cost. Review your annual PCI compliance. Accepting payments over the phone requires additional PCI compliance steps to help safeguard your patient’s credit card data. Traditionally, merchants that process face to face transactions using a credit card terminal need to perform an annual self-assessment questionnaire (SAQ) B or B-IP.
  5. Card-not-present merchants must complete an SAQ A or C-VT. Knowing this compliance change will help safeguard you against a possible PCI breach.

Make sure your hardware or software is set up properly to accept keyed transactions. We recommend using a virtual terminal that encrypts and tokenizes the credit card data. This technology is called vaulting and eliminates the need to write down the patient’s credit card data on paper or storing it in spreadsheets. Using this type of technology reduces the scope of your PCI compliance audit. Additionally, the vault can be used to store patient card data for future payments. Lastly, please do not have your patient send their card data through an email or text. These communication methods are not secure. Safeguarding your patient’s payment data should be your number one concern.

Many owners are asking if they can charge the patient to help cover the additional cost of accepting credit cards. The answer is yes, but there are regulations that you must follow to be compliant. The process of charging your patient for credit card acceptance is called surcharging.

Here are the core regulations to consider if you want to surcharge your patients:

  1. As of January 27, 2013, surcharging was made legal. Merchants are required to notify Visa, and their acquirer, 30 days before surcharging.
  2. Surcharging is available in 46 states, as of this writing. You are not permitted to surcharge in CO, CT, MA, and KS.
  3. Surcharging is only allowed for credit card transactions. Debit and prepaid cards cannot be surcharged. This includes HSA and FSA cards.
  4. The surcharge must not be more than your cost of credit card acceptance and is capped at 4%.
  5. Patients must be properly notified that you are adding a surcharge. Visa has specific guidelines for this.
  6. Itemization of the final surcharge amount must be identified separately on the transaction receipt.

The CardChoice team is available for any of your questions or concerns, regarding credit card acceptance, as all of us are working through the COVID-19 pandemic. As a reminder, the World Health Organization has reiterated, you should wash your hands, including after handling money, especially if handling food. It is also recommended, when accepting credit cards in person, use contactless equipment to process the transaction. You may reach CardChoice International at 866-350-3200, Ext. 2248, support@cardchoice.com. 


Ohio Court of Claims Explains Surety’s Obligations After Contractor Default

A surety thinking of funding its bankrupt principal for the purpose of completing a project should take notice of the recent decision in Jutte Elec., Ltd v. Ohio Facilitates Constr. Comm.

Duty to Preserve ESI: The Stakes Just Got Higher

A recent federal court decision highlights the potentially severe consequences for companies that do not take the proper steps to preserve electronically stored information (“ESI”) in anticipation of or in connection with litigation.

Affordable Care Act Nondiscrimination Final Rule

On May 13, 2016, the U.S. Department of Health and Human Services (“HHS”) issued a final rule implementing Section 1557 of the Affordable Care Act (“Section 1557”) protecting individuals from discrimination in health care on the basis of race, color, national origin, age, disability, and sex, including discrimination based on pregnancy, gender identity, and sex stereotyping (the “Rule”).

It Is Time To Update Your Compliance Plans

In 1997, the Office of the Inspector General (“OIG”) began to actively promote that health care providers adopt written compliance plans to assist providers to follow government rules and regulations regarding health care.

HIPAA Compliance Update

HIPAA compliance has been a part of the regulatory landscape of healthcare since the privacy rules became effective in 2003. Since that time, most providers have taken steps to develop their compliance plans, including distributing notices of privacy practices, obtaining authorizations for release of information as needed, and obtaining business associate agreements from third parties.