Medico announced that it would stop allowing clients to pay for their plans with a credit card ON A PAPER application May 1, 2018. This is to protect clients and agents from mishandled credit card information.
Payment Card Industry (PCI) standards require that all stored credit card info is redacted off your client’s applications.
Do you have paper apps in your files where you haven’t used white-out over the credit card info? Then you are in violation. Chances are great that you do not have insurance against PCI fines and penalties. Check your cyber insurance policy. If you are saying, “what cyber insurance policy” then just go shred your files to be safe–before one of your staff members goes looking for credit card info to send to her brother, the crook, and you get fined. Medico will still accept payment by credit card–but only via electronic applications. E-apps have security to protect the card holders. Only the last 4 digits are stored at the carrier, so they are not at risk for a huge fine if they are breached. (Yes, they would still have a HIPPA fine, but not PCI fine in case of breach.) Credit Card info is considered protected health information under HIPPA too, but PCI is STRICTER than HIPPA; therefore the best practice is not to store any credit card info in your agency and get rid of the old data you have in your files already.
Before you spew some angry words about this added burden on us, this law is not new.
Agents often wondered why many insurance companies wouldn’t allow payment by credit card–now you know! The moral of this article is to move to electronic applications. The less protected health information (PHI) you have in your office, the less liability you have in case of a breach. While you may think that hackers only go after the big corporations (Yahoo, TJ Maxx, Anthem, Equifax) they also go after the little guy. One in five small businesses have been targeted!