A Veterinary Practice Management White Paper

Making sense of EMV PCI DSS

Let’s make sense out of EMV and PCI DSS compliance. As the reliance on technology and electronic data continues to grow, veterinary offices are becoming more vulnerable to cyber security threats. Many Practice Owners believe their business isn’t at risk, when in fact 61% of all breaches hit small businesses last year.1 Taking steps to protect your client’s credit card information starts with the right credit card processing solution.

Over the last couple of years you have probably read copious amounts of legal jargon on EMV and PCI DSS compliance, and the liability shift. No matter how secure your payment systems are, accepting credit card payments always carries some degree of risk.

The first thing you should always look for in a POS (point of sale) system is that it is set up to accept EMV chip cards.What is an EMV chip card?

EMV (Europay, Mastercard, and Visa) cards have an embedded microprocessor chip that store and protects card holder data. These chips are far more secure than the old magnetic strip cards.

Second, you should make sure your systems are PCI DSS certified.What does PCI DSS certified mean?

PCI DSS stands for Payment Card Industry Data Security Standard. PCI DSS is a set of security standards designed to ensure all companies that accept, process, store or transmit credit card information maintain a secure environment.2 PCI DSS compliance applies to any organization, regardless of size or number of transactions, which accepts, transmits or stores any cardholder information.3

2..

60%of small businesses go

out of business within six months of an attack4

of small businesses don’t use any data protection at all5

90%

3.

We are here to help you navigate EMV and PCI DSS compliance. We can help you strengthen the integrity of your credit card processing system by partnering you with an approved vendor partner. Knowing the risks and taking precautionary measures will help reduce the risk of fraud to protect your clients’ data… and your bottom line.

1. Verizon Data Breach Investigation Report

2. PCI Compliance Guide

3. Full Council Requirements

4. Internet Privacy in the Digital Age

5. The Guardian

6. Forbes insights 2017

7. PCI Noncompliant Consequences

How can this apply to you?

All Henry Schein Veterinary Solutions Payment Processing approved vendors are EMV and PCI DSS certified, so if you are already using an approved vendor you are already set!

Now let’s chat about card on file. Have you ever taken a phone call from a client and they say “I’ll be in to pick up Randall’s prescription diet tonight, can you charge my card?” within the latest versions of your Henry Schein Veterinary Solutions software you are now able to “store” credit card information for these instances. This is called Tokenization. When the credit card is scanned through your EMV/PCI DSS certified terminal a token is created and stored for future use in a secured encrypted server at the payment processing company. This ensures your clients data is protected on site from internal theft and offsite through the merchant server.

Real world scenarioOne of our Henry Schein Veterinary Solutions employees, Kelly, recently experienced a fraudulent charge on her credit card. Kelly went to a restaurant with her family, where someone who handled her card copied the information while transacting her dinner bill – Then the person who stole the card went to an electronics store and purchased $5,000 in electronic goods. She received a call right away from the credit card company asking her if she made the $5,000 purchase of which she did not – who holds the responsibility for the fraudulent activity liability?

This is where the liability shift comes in.

If the electronics store had terminals that did not accept EMV cards and were not PCI DSS certified, all charges relating to the theft would be placed on the electronic store, including penalties. Noncompliance fines for not being PCI DSS compliant vary based on the length of time of noncompliance, for 1-3 months the fine for a small business is $5,000 per month.7 Did you know every dollar of fraud costs merchants $2.40? The $5,000 purchase could have cost the electronic store $12,000, this doesn’t include the fine for being non-compliant.

Cyber Attacks cost small businesses

$84,000 - $148,0006