The Problem
As the rise in healthcare consumerism becomes one of the most influential industry trends, more healthcare providers are accepting payment cards in order to collect more patient payments. However, the prevalence of data breaches in healthcare – many of which involve patient payment card data – also is increasing. The financial and reputational cost of a payment card data breach is high and may result in bad publicity and loss of business. To reduce the risk of a breach, providers need a more effective method to achieve payment card security and a simpler way to meet the Payment Card Industry (PCI) standards.
While many providers use Secure Sockets Layer (SSL) to protect patient payment card data, this method isn’t always enough. SSL encrypts data while it is en route to the payment processor, but it does not cover the point of interaction (POI), where a payment card is swiped or card data is keyed in manually. This is where the data is most vulnerable.
The Solution
In order to most effectively protect a patient’s payment card data, the data must be encrypted at the POI. Encryption at the POI is the most secure method of payment card security because once the data is encrypted, it is not decrypted until it arrives at the secured endpoint (the payment processor). Furthermore, no one can access the data at any point, including the provider.
This method automatically segments the provider network, separating systems that store, transmit or process cardholder data from those that don’t – cutting down the number of systems and devices that are exposed to possible data breaches. Encryption at the POI also reduces the scope of PCI requirements for the provider, therefore simplifying compliance.
Coalfire Systems Inc., a respected PCI payment application – qualified security assessor company, stated that when properly deployed, payment card encryption at the POI “can almost completely eliminate the risk of a data breach and is one of the most effective data security controls available to merchants (providers) today.” Encryption at the POI is the latest technology best practice providers should use to ensure the security of their patients’ payment card data and to more easily achieve PCI compliance.
Download our Security and Encryption in Healthcare Payments White Paper.