If you start looking into credit card processing options, you’re going to get hit with a lot of buzzwords, acronyms and probably some straight out confusion. There are so many different considerations, opinions and no small amount of conflicting information.
So what does it really all mean? What features are out there and how does adopting, or not adopting, one of those features impact you? Here’s a summary of some of the key features to look for.
What is it? Directly translated into “Europay MasterCard Visa”, EMV or “Chip and PIN” is one of the most hot button credit card topics out there. First implemented in Europe in 1995, EMV cards has an embedded microchip that creates a unique transaction code each time the card is used. This is different than a standard magnetic strip on a traditional swipe transaction that contains constant and unchanging data. Basically, this technology prevents a card from being physically duplicated and used fraudulently.
Why do I need it? EMV is not required for any merchant in the United States. Chip enabled cards will still process as a regular swiped transaction. However, this doesn’t mean not processing EMV transactions doesn’t matter. If a charge-back (basically a dispute of a processed transaction) occurs on an EMV enabled card that you swiped, you become liable for those funds. Additionally, customer perception of EMV matters. Despite that EMV does not protect actual customer card data, many customers see EMV as a more secure processing option. Even if charge-backs haven’t been an issue for your pharmacy, investing EMV may be worthwhile.
What is it? End to End encryption or E2EE is the technology that actually protects customer card information. Card information is encrypted immediately at the time of the card swipe or insert and sent directly to the processor where it is decrypted for the first time. No card data actually touches your point-of sale system, or the computers in your store.
Why do I Need It? Because no card information is ever in your point-of-sale system, there’s no data to be compromised. It virtually eliminates the chances of a data breach like those experienced by Target, Home Depot and countless other retailers. P2PE is also one of the best ways you can protect your pharmacy and your customers from a credit card data breach.
What is it? Validated P2PE uses the same technology that E2EE does. It just takes it up a level. The big difference is that Validated P2PE has been vetted and certified by the PCI Security standards council, validating all aspects of the credit card hardware, right down to the hardware serial numbers that you install in your store.
Why do I need it? Validated P2PE is by no means a requirement. However, having a validated solution allows merchants to significantly reduce their scope for PCI Compliance. Many security assessors and IS departments prefer a validated solution.
What is it? Near Field Communication, or NFC, is almost never referred to as such directly. Instead, you’ll hear words like ApplePay or AndroidPay or Tap to Pay. Basically, think of NFC as your blanket acronym for a credit card payment via mobile device.
Why do I need it? When it comes to NFC payment processing, it’s all about knowing your customer base. Having this option is definitely nice for anyone who wants to use this convenience, but there aren’t other incentives for offering it or penalties for non-use.
What is it? Tokenization is a secure and compliant option for storage of credit card information for later and/or recurring use. Breaking down the process, you enter card information via an encrypted terminal or secure portal and receive what’s known as a “token” in return. This token is then stored in your point-of-sale system, attached to the customer record. Selecting this token as a method of payment when a card is not present will allow that card to be charged. The key takeaway is that the card information is not stored anywhere in your POS system or store network.
Why do I need it? Tokenization is the best way secure way to retain cardholder information for recurring payments. For mail order and delivery, solutions have begun to move in this direction. It follows the same trend as E2EE for removing cardholder data from the point-of-sale system and we expect it to be the primary option as solutions of this kind become more popular and desirable for businesses of all sizes. Security aside, tokenization is also crazy easy to use and very convenient for any number of reasons in daily pharmacy activities.
Now that you understand the features available to you, hopefully it’s a bit easier to pick a solution that fits your pharmacy. RMS has all of these options available with a variety of card processors, and the list of integrations just keeps growing.
If you need more information on EMV and credit card security, check out our dedicated credit card security page.