Banner

Blog

Article

Payment tokenization: What it is and what it does for health care

Store patients’ payment data for future use securely and with less risk

Heather Randall: ©Trustcommerce

Heather Randall: ©Trustcommerce

Security has become an increasingly high priority for consumers when engaging in digital transactions across health care and other industries.

For example, a recent consumer survey revealed that security is highly important for 83% of consumers, and 53% of consumers report that consistent experiences across different platforms have a very big or extremely big impact on their trust in financial institutions, according to PYMNTS.com.

Due in part to patients’ concerns about financial security, payment card tokenization technology has taken on increasing importance for providers. Tokenization is a process of replacing sensitive information, such as card account numbers, with unique, random characters called a token. This allows providers to store patients’ payment data for future use securely, while helping decrease payment card industry data security standard exposure.

For providers, payment tokenization offers a safe, convenient way of enabling patients to pay with a stored card by saving a patient’s financial account information in a secure manner for future and repeat use across various engagement channels, such as over the phone, or during online checkout, for instance. Providers should implement a comprehensive token management strategy to ensure they can follow tokens throughout their environments to offer a seamless experience to their patients. For instance, enabling tokens to be shared across clinics can offer patients a smooth experience, but requires that tokens are shared and managed across the organization.

Further, tokens work synergistically with Account Updater services. An Account Updater periodically sends card information stored within a token to the issuing banks to check validity, and, if card information has changed, update the card details stored securely within the token. This is a significant benefit to merchants as it enables them to reduce authorization declines without introducing friction in the patient experience by asking them to update their card information on file at each point of interaction.

Why use tokens?
Tokenization has become widely adopted in recent years and the total number of tokenized payment transactions is expected to rise from 680 billion globally in 2022 to 1 trillion by 2026. With this service, patients gain the ability to pay balances using a “card-on-file” option securely without needing to present their physical card to the provider, read off their card number over the phone, or re-enter their credit card online.

Tokenization simplifies the payment process, enabling a seamless experience for consumers who no longer need to provide sensitive data for every transaction. As a result, the user experience is streamlined and friction throughout the experience is reduced, allowing providers to offer both enhanced security and convenience for patient payments.

Additionally, many leading payment platforms offer an account updater service, which enables merchants to ensure the cards they are storing are up-to-date, reducing declines, improving payment collections, and making sure that their systems are not cluttered with stale payment methods.

Benefits of payment tokenization
Virtually all businesses that accept credit and debit card payments can benefit from tokenization. Some of the major advantages of tokenization include:

  1. Better security: While tokens represent payment data, and facilitate the secure processing of transactions, they themselves are not payment instruments and cannot be used to complete payments to other merchants. Because of this they reduce the likelihood of sensitive payment data being accessed by bad actors.
  2. Support for emerging payment technologies: Tokenization can be applied to new and emerging payment methods, such as digital wallets like Apple Pay and Google Pay, enabling patients who have embraced the technology to use their preferred payment approach.
  3. Streamlined data management: Providers and other merchants can store and reuse tokens for future transactions, eliminating the need to repeatedly collect sensitive financial information, providing a smoother check-in and check-out experience.
  4. Enhanced PCI DSS compliance: Tokenization supports compliance with industry standards like the Payment Card Industry Data Security Standard (PCI DSS) by minimizing the storage and processing of patient financial data.

Best practices

Tokens, like the physical cards themselves, may expire and ongoing management will be needed to keep your user experience streamlined. Providers should keep the following best practices in mind when implementing tokenization:

  • Always ensure that you have the cardholder’s consent before storing a card for future use
  • Clearly disclose to cardholders the circumstances in which the card may be charged
  • Ensure that cardholders are informed prior to a charge being applied
  • Review tokens that are expired and remove them from your system
  • Use a token updater service to keep cards on file up-to-date
  • Review the workflows for your users to make sure it’s easy for them to update and manage their own tokens
  • Train your staff to look at the expiration date of tokens and ask cardholders if there is an alternate payment method if expiration is imminent
  • Provide a clear, easily accessible means for cardholders to request removal of stored cards

Keep in mind a few pitfalls can occur if you aren’t managing payment tokens and keeping them up to date.

  • Recurring payments, from payment plans or subscriptions, may fail.This can result in payment delays and extra work with staff having to reach out to cardholders to collect payment.
  • Have work queues or reports available to review failed transactions to follow up and secure an updated payment method.
  • Patients and accounts with multiple stored payment methods that aren’t working may result in a confusing patient experience.
  • Only maintain what you need. It isn’t advisable to store sensitive information (even if expired) that isn’t being used. This will also help reduce your security risk.

As health care becomes increasingly retail-like, patients will expect – and even demand - that their providers deliver the secure, seamless, and convenient digital payment experiences they have grown accustomed to in other industries. Payment tokenization technology plays a prominent role in enabling providers to fulfill this growing patient expectation.

Heather Randall, PhD, is the Chief Compliance Officer for TrustCommerce, a Sphere Company.

Related Videos
Jay W. Lee, MD, MPH, FAAFP headshot | © American Association of Family Practitioners