June 23, 2010
Some CDA members have received questionable information regarding PCI (Payment Card Industry) credit card processing compliance from various sources. PCI compliance concerns the security of credit card information. For example, if you currently use a terminal to swipe credit cards, the terminal must be updated so both the merchant and customer copy of the receipt are truncated to show only the last four digits of the credit card number (not the entire card number).
If you accept credit cards in your practice, you should have received notification from your credit card processor in October 2009 requiring you to log on to a compliance Website and complete a questionnaire. Upon proper completion, you should have received notification of being “PCI Compliant.” If your practice completed the questionnaire and is PCI Compliant, no further action is necessary.
If you are unsure if your practice is in compliance, contact your credit card processor for assistance.
Think Twice about Solicitations
A company called Merchant Services is faxing dental practices offering to help them complete the PCI self assessment questionnaire. They indicate “special group rates for Dental Society Members.” Please know that this company has no affiliation with the Colorado Dental Association and that this is simply a solicitation for credit card processing.
This company also indicates that they need to come into your office to certify PCI compliance, or they may claim your terminal is no longer PCI compliant (note: if Merchant Services is not your processor, they would have no idea whether or not you are compliant).
If you have questions about PCI or how to become PCI compliant, please call your credit card processor. To become compliant, if you have not already done so, you can download the proper form from the PCI Security Standards Council at: https://www.pcisecuritystandards.org/saq. If you own a terminal, simply print the questionnaire labeled AOC SAQ B v1.2 (available at the same link).
PCI Compliance and CareCredit
CareCredit recently sent a notice to its members explaining that if they use CareCredit for processing BOTH credit card and CareCredit transactions, they will need to pay a $79 PCI fee and complete their certification by 7/1/2010 OR provide them with proof that PCI certification has been completed. However, please note, if you only use CareCredit for processing CareCredit transactions (and you use a different provider for processing MasterCard/Visa/Discover/American Express transactions), no action is required with CareCredit.