By Zena Tsarfin for Merchant Advocate

Any business that accepts credit cards needs to take precautions to protect their customers’ personal data, but that is even more important for medical and dental practices which store precious health information. Healthcare is by far the largest sector targeted by cyberthieves; according to IBM’s cost of a data breach report, the average total cost of a breach in the healthcare industry was $10.1 million in 2022.

To keep healthcare security standards current as technology evolves, two organizations have rolled out related legislation.  The U.S. Health Department issued the Health Insurance Portability and Accountability Act (better known as HIPAA), and the PCI Security Standards Council introduced Payment Card Industry Data Security Standards, or PCI DSS.

Though HIPAA compliance covers medical records and personal data, it does not cover credit card payment information—that’s where PCI DSS comes in. PCI and HIPAA both require that a business secures certain types of patient information. While the specific data they pertain to varies, there is some overlap between HIPAA and PCI in implementation. Essentially, both require policies, procedures, training, and annual assessments to uncover issues that require remediation. Patient health information and payment information represent the most sought-after data of cybercriminals.

Given the risk, medical and dental practices must remain vigilant and PCI compliance should never be ignored. Not only will the fines negatively affect your bottom line, but not becoming compliant could bankrupt your practice and ruin your reputation should there be a breach.

If a business suffers a breach while non-compliant with Payment Card Industry Data Security Standards, the business is responsible for all costs of reissuing credit cards. The practice must pay for all fraudulent credit card charges, which will likely include six to twelve months of personal credit monitoring for every affected patient. You may also be required to hire a Payment Card Industry Forensic Investigator. And all of that is on top of the fines themselves—which range from $50 to $90 per affected customer.

That’s why it is so important to be proactive and find out if your practice is compliant. Our best advice for medical professionals and office managers: Review your three most recent, consecutive statements. Most processors charge for non-PCI compliance monthly, but some charge quarterly, which is why you’ll need to check THREE consecutive statements. If you are compliant, you will probably only see one charge for PCI since processors levy a fee to access their PCI portals. If, given the high financial liability, you would prefer an outside expert ensures compliance, consider reaching out to an independent third party like Merchant Advocate.

Finally, PCI noncompliance fees and other hidden and junk fees can be siphoning as much as 5% of your total net revenue, directly from your bottom line. Instead, it is recommended that you find an independent, third party to conduct an audit to see if you are overpaying or noncompliant. Statements are complicated by design—Merchant Advocate can help you save money without switching processors and has saved clients more than $250 million in credit card processing fees. Contact us to receive a free analysis of your merchant account with just one, no-commitment phone call. Visit MerchantAdvocate.com/contactus for more information.

By Merchant Advocate

Are You Being Overcharged?

If you have that sinking feeling that you are paying more for merchant services than you should be, you are not alone. More than 72% of businesses are being overcharged. And if you are familiar with the statements provided by processors, you might have a guess as to how they are getting away with this unfair practice.

Hundreds of different card types, mysterious coding, inconsistent fees—statements are intentionally written in a language that only an expert can understand. And while this makes them nearly impossible to decipher on your own (let alone find the fees hiding within their pages), we will discuss some key terms and information to look for. Let’s dive in!

Navigating Your Statements

Every processor configures statements differently (further adding to confusion), but your business name and merchant ID number(s)—also known as MIDs—should be at the top.

Also front and center is the summary, which provides a quick overview of the past 30 days’ activity and can include chargebacks (when a customer requests a refund directly from the credit card company) and reversals (the amount that was initially resolved against the merchant but was ultimately found in favor); adjustments; and fees charged.

The next section you’ll likely encounter is the pages-long “Deposit Details,” which breaks down each batch transaction, line-by-line for the previous 30 days. But as seen in this example, multiple batches were created each day, which as noted here, can number in the hundreds, and can take up huge swaths of paper.

After that, we come to the “Processing Detail Qualified” section, sometimes referred to as “Fees.” This section contains the most confusing jargon as it unfurls, denoting interchange fees (these go to card-issuing banks), assessments, the merchant’s pricing model, and all other various fees, each broken down by card type, ending with the fees’ grand total. Below is an example of what this looks like—this section takes up almost four pages alone on this resort’s statement and contains multitudes of confusing codes.

Finally, there is typically a section called something like “Important Information About Your Account.” As implied, this section is essential, and should not be overlooked since it contains news regarding rate fluctuations and new policies that your processing company may be implementing—aka new ways to charge you more money. Appallingly, your original processing agreement included language allowing processors to raise rates and add new fees for any reason, at any time. The only way to combat these increased costs is to go head-to-head with your processor, which can take significant time, resources, and an understanding of merchant statements that most businesses do not possess.

What Happens Next?

But what do you do if you see an increase? Or if you, understandably, don’t have the time to pour over pages of statements monthly, let alone keep up with the multitude of changes and new fees assessed by processors looking to drive up their profits?

That’s where the auditing experts at Merchant Advocate come in: not only do our trained analysts make an initial meticulous review of your statements to identify overcharges, inflated rates, and hidden fees—they keep checking your statements month after month to ensure there are no surprises.

Merchant Advocate has saved clients more than $250 million in excess fees, without switching processors. Contact us to receive a free analysis of your merchant account with just one, no-commitment phone call.