EMV and Encryption

Frequently Asked Questions

What is EMV?

EMV stands for Europay, Mastercard and Visa. It is a global standard for authenticating credit and debit card transactions with integrated circuit cards, or “chip cards” at capable point-of-sale (POS) terminals.

What is the impact of EMV?

In October 2015, the major processing banks implemented a shift that transferred fraud liability to merchants who accept fraudulent chip card transactions, unless they use EMV-capable (POS) devices. This fraud liability impacts healthcare organizations as well. Before October 2015, the issuing bank was liable for POS card-present fraud. This transition from the issuer to the merchant on October 1, 2015 is known as “the liability shift.”

Effective April 13, 2019, all merchants that accept contactless payments must support EMV contactless chip functionality. InstaMed is prepared for this mandate and only delivers compliant devices to merchants.

By 2020, Mastercard and Visa will require all U.S. merchants to accept contactless payments. InstaMed has multiple device options for providers that meet this mandate.”

What do I need to do to accept EMV?

Below are some recommendations on measures merchants can take to accept their patients’ chip cards:

• Ensure that you have devices and a POS solution that can read chip cards
• Plan for physical space — some EMV-capable devices are larger, need to be facing the cardholder, and require supplemental power
• Train your staff on the workflow to accept EMV transactions

How does EMV protect merchants?

There are two ways that EMV protects merchants:

• Chip cards are more difficult to counterfeit than their magnetic-strip predecessors, and counterfeiting makes up the majority of POS fraud in the industry.
• If POS fraud does occur at a terminal that can accept EMV transactions, then the liability for that fraud stays with the issuer, and does not shift to the merchant.

To learn more about how InstaMed protects against POS fraud and reduces PCI scope, read our Security and Encryption in Healthcare Payments White Paper.

How does EMV verify the cardholder?

There are two different verification methods:

• Chip & PIN: User dips the card into the payment terminal and enters a PIN number
• Chip & Signature: User dips card into the payment terminal and presents a signature for verification*

*Mastercard, Discover, American Express and Visa no longer require signature verification for EMV transactions.

How does an EMV transaction work?

New payment transaction devices are required; instead of simply swiping a card, a consumer must “dip” or insert their card into a PIN device and enter a PIN before a transaction is processed.

Is EMV the only payment data protection I need?

EMV by itself does NOT protect the merchant from a data breach. EMV will protect healthcare organizations from accepting fake credit/debit cards at the point of service. Encryption will protect healthcare organizations’ networks in the event of an enterprise-level data security breach. When implemented properly, InstaMed payments with encryption can almost completely eliminate the risk of a data breach. Read more about getting started on the InstaMed Developer Portal.

The Following Sections Apply to InstaMed Customers:

Can any credit card reader support EMV payments?

No. In order to accept EMV payments with InstaMed Online or InstaMed Connect, merchants must use one of the following encrypted EMV devices: Ingenico Lane 3000, Ingenico Lane 5000 or the Ingenico Link 2500. The following models support encrypted magnetic card swipe, EMV, and NFC (Apple Pay):

Do I need to configure my receipts differently for EMV transactions?

No. Additional information will be automatically generated on the receipt for EMV transactions.

What happens if a cardholder has a chip card but swipes it on an encrypted EMV device?

When a credit card is swiped, the encrypted EMV devices can detect whether a chip is present. If the card does have a chip, then the cardholder will be prompted to insert the card into the EMV reader location. If the cardholder continues to attempt a swipe, the device will repeat this workflow three times before ultimately allowing the swipe.