TLDR - What You Need to Know
- Newly released enforcement policies from card networks like Visa and Mastercard have dramatically tightened the compliance requirements for independent practices around how prescription and pharmacy-grade products are paid for.
- Payment processors will need to move to enforce these new guidelines - which could cause a significant disruption in your services, if you are not compliant.
- In-Clinic Medication Sales must be processed using chip-enabled (EMV) terminals. Swiped or keyed card payments for prescription or pharmacy-only products are no longer compliant and can trigger processor shutdowns.
- Online or Card-Not-Present Sales of medications (e.g., phone, invoice, website) now require LegitScript certification or recognized pharmacy accreditation. This includes selling GLP-1s, HRT, peptides, or compounded meds.
- Mastercard registration is mandatory for all online medication sales—no exceptions.
- Note that taking online payment for a medication that is subsequently shipped by the pharmacy is also considered risky and non-compliant with most payment processors.
- To stay compliant, clinics should either:
- Ensure all in-person med sales are processed through an EMV terminals.
- Or, bill only for services and have a pharmacy handle the medication sale directly.
Note - given the changing regulatory landscape, not all payment processors have started enforcing these new regulations! That said, non-compliance with any processor puts your clinic at risk of payment disruptions, account termination, and revenue loss.
If your clinic dispenses or sells medications, whether it’s GLP-1s for weight loss, testosterone for HRT, ketamine for mental health, or IV therapy injectables, it’s critical to pay attention to the shifting rules in the payment processing world.
New enforcement policies from card networks like Visa and Mastercard, along with updated guidelines from major processors, are tightening the compliance standards around how prescription and pharmacy-grade products are paid for.
And here’s the bottom line: How you collect payment for medications, both in person and online, can now directly affect your ability to stay active with your payment processor.
Let’s break down the two most critical compliance issues affecting clinics like yours today:
1. In-Clinic Medication Sales Must Be EMV (Chip) Terminal-Based
If your clinic dispenses or administers medications during a face-to-face visit, card-present transactions using a chip-enabled (EMV) terminal are now considered mandatory by most compliant processors.
This includes:
- Administering semaglutide, tirzepatide, or lipotropic injections for weight loss
- Dispensing bioidentical hormone creams or testosterone injections for hormone replacement therapy (HRT)
- Providing ketamine lozenges or nasal sprays
- Sending patients home with nutraceutical packs or compounded meds
Why it matters:
- Fraud Protection: EMV terminals drastically reduce the risk of payment fraud.
- Policy Alignment: Manually keyed or swiped payments for medication raise red flags, especially when the product is prescription-only or regulated.
- Processor Compliance: Many processors now require clinics to use EMV for any in-person medication sale—or risk being flagged or shut down.
Best Practice: Equip your front desk or checkout area with an EMV-capable terminal and ensure all staff are trained to use it for every in-person medication sale.
2. Selling Medications Online or by Phone? LegitScript May Be Required
If your clinic sells medications via phone, invoice, or your website, those transactions are classified as card-not-present and come with a completely different set of requirements.
To remain compliant with Mastercard and most modern processors, you must either:
- Be accredited as a pharmacy (see exceptions below), or
- Obtain LegitScript certification for your practice or site (note this certification is expensive and is likely out of reach for many providers starting their clinics).
This applies whether you're:
- Taking payments over the phone for refills of compounded thyroid meds
- Offering online reorders of IV supplements or injectables
- Running a membership program that includes monthly medication shipments
- Using e-commerce tools to sell prescription-weight loss medications
Even if you’re not advertising as an “online pharmacy,” the moment you sell prescription or pharmacy-grade products in a card-not-present transaction, these rules apply.
To avoid these rules, you may need to adjust your business model to take payment only for the services and not for the meds directly. More on that below!
Side Note: Accreditation Exceptions for Pharmacies
If your clinic includes a fully licensed pharmacy, you're exempt from LegitScript only if you're accredited through one of the following:
- National Association of Boards of Pharmacy (NABP)
- VIPPS, Vet-VIPPS, or VAWD programs
- LegitScript’s Merchant Certification Program
For non-pharmacy clinics offering compounded medications or in-office administered drugs, LegitScript is typically required for online or phone-based sales. Note: Mastercard registration is always required for medication sales online, regardless of your pharmacy status.
How This May Impact Your Business Model
This recent and sudden shift in payment compliance has real implications for how you structure your services and collect payments.
If your clinic isn’t structured as a pharmacy or LegitScript-certified provider, one compliant and increasingly popular model is to:
- Charge the patient for the clinical service (e.g., injection visit, treatment plan consultation)
- Send the prescription to a partner pharmacy, which then takes direct payment from the patient for the medication
This model protects your payment account, keeps you clear of regulatory pitfalls, and lets you focus on care delivery while your pharmacy partner handles the compliance-heavy sale of the medication.
Example: You charge for a weight loss consult that includes GLP-1 treatment planning. The semaglutide itself is fulfilled and charged separately by a pharmacy.
Alternatively, if you are dispensing medication on-site or bundling it into a treatment plan:
- Ensure your clinic has cards securely stored on file using a PCI-compliant gateway (OptiMantra’s payment processor integrations meet this requirement!)
- Always use EMV for in-person medication payments
- Clearly separate service and medication charges in your billing
- Don’t run card-not-present medication payments unless you’re certified to do so
Storing cards on file reduces no-shows, protects against chargebacks, and ensures smooth recurring billing for packages that include services and medications.
What You Can Do To Protect Your Business Now
- Use chip-enabled (EMV) terminals for all in-clinic payments involving prescription or regulated products - check out Fiserv’s terminals (which can be rented or purchased)!
- Avoid card-not-present medication sales unless you’re LegitScript certified or pharmacy-accredited
- Evaluate your business model: Are you bundling meds into services and selling online without certification? Adjust your structure accordingly.
- Implement card-on-file workflows to manage recurring payments and reduce risk
- Talk to your processor: Make sure your business model, product list, and merchant category code (MCC) are fully transparent and accepted under their policies
Final Thoughts
As functional, integrative, and psychiatric care models evolve, so do the regulatory and operational demands. If you’re dispensing medications—whether for weight loss, HRT, mental health, or IV therapy—how you get paid matters more than ever.
Build a model that’s sustainable, compliant, and protects your business from unnecessary payment risk.
Need help navigating these new requirements? We support growing clinics in structuring compliant workflows and selecting payment partners that understand your model - we work closely with both Fiserv and Stripe which can help you get set up on payments. Our Payment Specialists are happy to answer any questions!
