From facial recognition software to personal identification numbers, countless protections are in place to safeguard our private financial data. In the dental office, data encryption, anti-virus software and firewalls are the go-to preventative measures, not to mention the classic lock-and-key methods for securing hardware and other items of value.
Unfortunately, smart thieves can find, and have found, ways to outwit many of the most advanced security systems. In one case reported to The Dentists Insurance Company’s Risk Management Advice Line, a thief broke into a dental office and made off with the credit card terminal, resulting in $11,000 in charges from the dentist’s account.
The dentist became aware of the theft after finding his glass office door broken. Upon reviewing the video footage, he witnessed the suspect, who was wearing a bandana, enter the office and take the credit card terminal. The entire incident took less than 60 seconds. The dentist reported the incident to his bank.
The bank initially refunded the money, but then the dentist received a letter from the bank stating that the bank wanted the money back. Apparently, the criminal used the terminal to post credits from the dentist’s merchant account to prepaid credit cards. The credits were small, ranging from $300 to $400 each, totaling $11,000. The prepaid credit card company also demanded repayment. Luckily, the dentist had reported the machine as stolen and the charges were made after it was taken from his office.
Credit card processors will typically refund fraudulent charges to a victim’s account as long as the victim reports the crime immediately and follows the protocols laid out in their contracts. This usually requires the merchant to report the loss to the bank and police as soon as they are made aware of it.
Basic security measures, such as video cameras, motion sensors and alarms, can thwart most criminals. To keep your credit card terminals safe, TDIC recommends taking the following additional precautions:
- Lock the terminal away in a locked cabinet or drawer at the end of each day.
- Take the terminal home with you at the end of each day.
- Password protect your terminal, particularly for any refund functions.
- Upgrade your terminal to a self-disabling device, which requires the initial setup to be conducted if the terminal loses power. This also requires the issuing bank to be contacted in order to have your merchant number reassigned to the unit.
Dental practices may also want to consider alternative methods of accepting credit card payments. For example, mobile card readers, such as Square, plug directly into your smartphone or tablet and transfer data via an app. Virtual card readers operate similarly, connecting to a computer and processing transactions through a web-based platform.
While credit cards remain the gold standard in merchant payments, peer-to-peer payments are grabbing a stronghold as well. These payment methods, which include companies such as Venmo, PayPal and Zelle, allow users to transfer funds directly from bank accounts or credit cards to merchants.
On-demand payments are certainly becoming the norm, as transactions can be made within seconds from any smartphone. While accepting such payments is convenient for patients, there are some considerations for dental offices, including fees and processing times. In addition, not all of them offer the same level of fraud protection and conflict resolution services offered by credit card companies.
One of the biggest concerns for dental practices with regard to peer-to-peer payments is privacy. Depending on the provider, transactions can be open to the public; in fact, some, including Venmo, allow users to connect with “friends” and allow transactions to be viewable to everyone in the network. Privacy settings can override this function, but it is up to the user to change their settings. And while financial data is encrypted on most peer-to-peer apps and servers, user identity isn’t, which can open the door to liability claims stemming from potential HIPAA violations.
Every dental practice owner wants to make the payment process as fast and convenient as possible. But with convenience often comes risk. Taking a few steps to ensure the security of financial data can help mitigate those risks. Using security technology, following basic security best practices and offering alternative payment methods can protect your patients and your practice from fraud and theft.
TDIC’s Risk Management Advice Line is a benefit of CDA membership. Schedule a consultation with an experienced risk management analyst or call 800.733.0633.
Reprinted with permission from the February issue of the CDA Journal.