The Dangers of Sending Your Credit Card Data
It's 10pm... Do you know where your credit card data is? It's time to think twice about the way you, and your patients, use credit cards to pay bills. We've put together this guide to help you understand and examine the level of risk associated with various payment transmission methods. Keep your credit card information safe by avoid high risk sending methods and continually monitoring low risk ones!
Unsecured Email - This high risk method of sending your sensitive payment information is bad news. General email was not created to ensure data security and can be easily hacked. The door is open for these hackers at four different points of exposure: your computer, the email server, the recipient's email server, and the recipient's computer. Because this method is so risky, PCI security standards prohibit businesses from receiving credit card info via email. If your practice does receive an email containing a patient's information, it must be completely wiped from your servers.
Fax - Another method that was more popular in the past but is still occasionally used. This medium risk level method is deemed secure as long as both the sending and receiving fax machines are connected via phone line. When faxing sensitive credit card information make sure to confirm with the recipient in the moment that they received the fax and any confirmation prints as well. Like unsecured email, if your practice receives an eFax containing patient credit card data, it must be wiped from all servers.
Mail - Though this medium level risk old school method is somewhat unnecessary, we occasionally get a form or bill that requires a payment in this way. The U.S. Postal service has strict laws in place about mail theft, however, leaving this information in your mailboxes opens the doors for identity thieves. Your information could even be at risk once it is delivered at it's destination. PCI security standards also require credit card information that is sent by mail to have a tracking number so you and your patients know where it is at all times.
Secure Websites - A secure website will display "https" in the URL and will often show an image of a lock next it. These sites are of lower risk to credit card data breaches - as long as the vendor providing the payment portal is PA-DSS compliant. Make sure your computer is updated with the latest malware protection so that you can avoid hackers using spyware even while you are on a secured website. You will also want to make sure to work with a vendor who uses the latest encryption methods to secure your patient's information.