Are you shopping for a Point of Sale system for your outpatient/ambulatory hospital pharmacy? Learn more about the Top 5 Concerns:
- PCI Compliance & Patient Data Security
- Pharmacy System Integration
- Automation & Operational Efficiency
- Financial and Performance Reporting
- Reliable Architecture
Target Audience: All Emporos Customers
We will take a closer look at Item Master and how to flag special items such as pseudoephedrine and age restricted items in MerchantSoft.
Date: November 17, 2010
Time: 3:00 pm EST
We will list different reasons for electronic signature capture and how to locate a signature in MerchantSoft.
Target Audience: All Customers
Date: Wednesday, October 27, 2010
Time: 3:00pm EDT
Duration: 30 minutes
Although we completed our MerchantSoft PA-DSS (formerly PABP) revalidation back in December, we noticed the PCI Security Standards Council just recently published it. Emporos is committed to security for our pharmacies and their patients, and this certification is just one of the ways we do that.
We will also be pursuing a new validation for MerchantSoft in the coming months.
As you know, your pharmacy business is subject to ever-changing regulatory requirements. Because of increased security risks on today's credit card holders' information, another pending requirement is about to hit your pharmacy: Triple Data Encryption Standard (3DES) for PIN-based debit card transactions. 3DES is a stronger encryption algorithm for your PIN-based payment terminal to increase the security of your customers' debit card data, and it is required to be injected in all payment terminals by July 1, 2010. In order to comply, and assuming you have an older payment terminal not already injected with a 3DES key, you have the following options:
- Discontinue accepting PIN-based debit after July 1st and begin processing debit cards as signature-based credit cards instead. Your credit card processor will disable debit transactions. As a result, you will not be able to offer cash back, and your transaction fee on these types of transactions will probably be higher (credit vs. debit). However, you will not incur any up-front costs.
- Swap-out your payment terminal for a used one with a 3DES key. You will probably incur a small fee, but it will be cheaper than a new unit.
- Upgrade your payment terminal to a new one. Not only will your new device have the 3DES key, it will probably come with a warranty.
While we understand you're probably frustrated with incurring an additional expense in today's tough economic climate, you should understand this is a Visa requirement and a necessary protection for you and your customers.
FREQUENTLY ASKED QUESTIONS
What is 3DES?
Triple Data Encryption Standard (Triple DES, TDES or 3DES) is the American National Standards Institute's (ASNI) sanctioned encryption algorithm standard used by all debit-capable transaction terminals for PIN encryption in the U.S. 3DES is a prime example of the payment industry's advancements in security against fraud, as it was created to be more secure than its predecessor, DES - an encryption algorithm that takes a fixed-length block (16 hex digits) of unencrypted data, and using a 16 hex digit encryption key, converts it to a fixed length block of encrypted data called cipher text.
What is the difference between 3DES and DES?
To combat security breaches with Single DES, 3DES was developed. 3DES uses three independent key parts when performing the encryption algorithm. The 3DES algorithm uses either a 16-byte, "double-length key" (32 hex digit) or a 24-byte, "triple-length key" (48 hex digit) key. The encryption algorithm is run three times with the double or triple length key.
Are merchants required to upgrade to 3DES?
One of the most recent security upgrades mandated by Visa requires that all debit-capable, PINentry transaction devices be replaced and updated to comply with the Triple Data Encryption Standard (Triple DES, TDES or 3DES) by July 1st of 2010. 3DES better protects merchants against security breaches, as the encryption process includes additional number decryption and encryption combinations, making it more complicated for hackers to break.
Does this upgrade only affect Emporos merchants?
Visa is requiring all merchants be compliant by July 1, 2010. Visa is instructing its membership, the acquiring financial institutions and processors, to manage compliance upgrades of vendors, partners and customers. Your credit card processor may also notify you of these changes.
Who will fund the 3DES upgrade?
As this is a Visa mandated upgrade to meet 3DES compliance by July 1, 2010, merchants will be responsible for the costs associated. However, Emporos Support will be able to answer questions regarding a merchant's POS equipment, compatibility and the costs to upgrade.
Will 3DES require purchasing new equipment?
No, but it will require a merchant with a Single DES-capable payment terminal to either discontinue PIN-based debit or upgrade to a used 3DES injected terminal.
(Source: Chase Paymentech)
For more detailed information, see Visa's Cardholder Information Security Program.
That's right, one of the features of the health reform bill is that many OTC medications will no longer be tax-exempt, meaning ineligible for FSA/HRA/HSA card purchases, starting January 1, 2011. As a pharmacist, you'll want to advise your customers of this impending change and suggest they use their Flexible Spending Account (FSA) dollars before December 31 to stock up for the cold/flu season. Some may elect to take this one step further by increasing their prices on these items in the fourth quarter, knowing customers will be motivated to buy.
What type of items will no longer be eligible? General cold/flu/pain medications such as Tylenol and Advil. The only way these items can be purchased with an FSA card is with a doctor's prescription.
What will still be eligible? Non-medical or drug items such as contact lens solution, gauze, bandages.
How will this affect your Emporos point of sale system? We will automatically update your system's Eligible Items List on January 1, 2011, or as soon as the data is provided to us by SIGIS.
For more information about the list of items ineligible and the List update, read SIGIS' press release.
The FTC has mandated that businesses that extend credit to customers must implement an identity theft prevention program under the Red Flag Rule by June 1, 2010, including pharmacies that have A/R accounts (yes, one more mandate on pharmacies). You'll want to read up on what this rule is about and how it affects your pharmacy, especially at the point of purchase. Similar to PCI compliance, the Red Flag Rule is primarily a process and documentation activity - there's no silver bullet you can buy from a vendor to comply (although I'm sure consultants abound willing to help, but I don't think that level of expertise is necessary). There is, however, a "Do-It-Yourself Template for Businesses at Low Risk For Identity Theft" PDF you can use to determine if your pharmacy is at low risk (i.e. if you know most of your customers, if you haven't had identity theft issues in the past, etc.). You will then describe the steps you will take if identity theft is suspected, who is responsible for training your staff, and how that training will be conducted. To learn more, visit the FTC's website on the program.