Four Tips for Protecting Customer Credit Card Information in Your Fitness Business
Data breaches involving credit card numbers and other financial information unfortunately have become common for consumers. According to a Gemalto report, there were 1,540 data breaches worldwide in 2014, which compromised more than one billion data records. These breaches can affect businesses across the board, including those in the fitness industry.
Customer credit card information can be obtained through large hacking operations or on a much smaller scale. Sometimes, it can be a small mishap that gives way to a large security invasion. It only takes one person to jeopardize a company’s security, so businesses should be prepared to protect their information.
Protecting your members and their information should be top priority for a fitness business. Smart business practices and innovative security measures can help guard your members and your business from credit card breaches. Here are four tips fitness businesses can use to protect their customers’ credit card information:
- Prevent Equipment Tampering
A common way credit card information is accessed is through the processing terminal itself. Thieves can tamper with the machine and essentially swipe all of the information that has been transmitted through it. Gym and studio owners should have strict policies limiting who can access the machines, including employees and third-party vendors, to help prevent tampering.
Gym owners should keep detailed inventory of the equipment they have in the facility, including the make, model and serial number for each point-of-sale device, even if it is not in use. These records could be checked with the equipment on a daily or weekly basis to ensure the machines have not been switched, altered or damaged in any way.
Business owners and their employees should regularly inspect the equipment to see if it has been changed in any way, including missing screws, broken seals or new labels. This may seem minor, but it could be an indication that it has been altered. They also should check to see if the terminal has been moved from its original location. Mounting the terminals to specific locations, like at the front desk or in an office, could help prevent theft and tampering.
If a gym employee or manager suspects a device has been changed, they should act quickly. Gym owners should contact their merchant processing vendor immediately and begin the necessary steps to ensure all customer data is protected in the future. Additionally, if the gym or facility has cameras that record the front desk or areas near where the point-of-sale device is positioned, this could be used to determine when and how the breach occurred.
- Refrain from Storing Too Much Information
Another way to protect a member’s credit card information is to avoid keeping it after a purchase or transaction. This is tricky for gym owners because fitness businesses sometimes keep credit card information on file to quickly process monthly dues. Storing the information makes the monthly payments easy for the member and the business, but it could be a risky practice for all parties involved.
When a gym keeps a member’s credit card information, there are more chances it could be seen by people who should not have access to it. This includes employees, third-party companies and even hackers who get into your data. When a business accepts a payment over the phone, in person or online, the purchase should be processed and any credit card information relating to the transaction should be eradicated. This applies to both hardcopy and electronic card information.
It is important to establish a policy that determines when storing credit card information is necessary, how long it should be stored and what type of information should be included. In fact, processing regulations specifically forbid the storage of a card’s security code or any data contained in the magnetic strip on the back of a credit card. Implementing a policy and adhering to that is critical to protecting your members and yourself.
- Ensure Stored Data is Secured
If your policy does include storing customer credit card information, you should be sure it is done properly. Most businesses, including those in the fitness industry, store credit card numbers electronically. This especially in situations where they process recurring transactions, like monthly membership dues. Different measures can be taken to ensure electronic credit card data is not tampered with or accessed.
Encryption techniques can help business owners and managers protect electronic credit card data. If the electronic storage is encrypted using a robust encryption algorithm it will be unreadable to system intruders. This means even if the information is accessed, it will basically be useless. This can provide some level of security if the storage is compromised. Additionally, many service providers offer secure private network or cloud-based storage.
If the credit card information is stored on paper, businesses should be sure that the documents are always locked in a secure place, such as a safe or file drawer, when not in use. For gyms, this could mean putting the information in a locked, back office away from public view. Also, portions of the documents could be redacted, including expiration dates or security codes. This is an added safety measure that could prevent the information from being misused.
Businesses also should perform extensive background checks on any employee who could have access to the sensitive data. You want to be sure the people you employ are respectable and will handle private data professionally. Employees also should be trained throughout their employment to ensure they are aware of phishing and other techniques used to obtain data. Confidentiality and security standards should be clear to employees, and you should be adamant about keeping their training current.
- Protect Online Payment Portals
Fitness businesses also can accept online payments for goods and membership fees, but they must ensure the payment portals are secure. These e-commerce platforms essentially function as your online storefront where customers enter their private credit card information. As a business owner, you must protect the information to the same degree you would if the card was used in store.
Businesses operating online can be required to verify that they have taken a number of steps to protect customers who use credit cards on their websites. One protection could be data encryption, which essentially scrambles the information and makes it unreadable to an outside source. This can deter a hacker who may have gained access to the company’s computer system because the information cannot be deciphered.
Data breaches are nightmares for businesses and their customers. No one wants to have their information stolen, and no business wants to be held responsible for it. Although not all data breaches can be prevented, there are steps gym owners can take to help to protect their members’ credit card information. Being aware of how thieves get the information and being proactive on preventing access to it can effectively minimize the threat of credit card fraud happening to your business and members.
About the Author
Sarah Blanchard is a payments industry writer whose primary focus is in providing unique payment processing solutions for high risk businesses and credit repair credit card processing. Follow Sarah on Facebook and Google+.