CONTENT BROUGHT TO YOU BY: ASF PAYMENT SOLUTIONS
When the identity and credit card numbers of an estimated 143 million people were compromised earlier this year due to a security hack at the credit reporting agency, Equifax, it affected more than one-third of Americans to some extent. Added to the previous credit card breaches at Target and Home Depot, these kinds of security breaches shake consumer confidence. Unfortunately, more security breaches likely will occur.
Software and payment processing companies that are Level 1 service providers are held to the highest levels of compliance through a process called, PCI DSS certification, which means these providers can help protect your gym members’ information.
PCI DSS stands for Payment Card Industry Data Security Standard, which are standards to maintain the PCI DSS certification and remain compliant much like the certifications that personal trainers or group fitness instructors receives. And like trainer or nutrition certifications, they require ongoing training, changes and constant updates.
In 2004, American Express, MasterCard, Visa, Discover and JCB formed the PCI (Payment Card Industry) as a way of policing how businesses process, store or transmit credit/debit card data. Not only do these standards protect the security of your gym or facility’s financial data, but they also protect the credit card information of gym members.
Here are eight ways that health club operators can safely collect, process and store credit card payments and information collected from gym members:
1. Keep your point of service (POS) segment on its own network. This means a separate POS from all devices. Reach out to your internet service provider to make sure this is in place and ask them to configure a host-based firewall on your POS system to secure it from remote access or external hacking attempts.
2. Encourage the use of strong passwords. Over the years, the definition of “strong passwords” has certainly gone through some changes. In fact, many online banking institutions force logins to conform to these security measures by requiring the following parameters that you should as well: minimum of eight characters, one capital letter and a random character such as a dollar sign or ampersand.
3. Keep malware and viruses out of your systems by regularly updating your anti-virus software and always update to the latest versions when prompted.
4. Devices used to accept credit card data should be periodically inspected to detect tampering or substitution. For example, check to ensure the card reader hasn’t been replaced with an unauthorized device. Also, compare the serial number of the device to the serial number in your original order or inventory sheet.
5. Provide training to personnel to be aware of attempted tampering or replacement of devices. For example, train the on-site staff to ensure they recognize when the devices have been tampered with or replaced. Inspect the device to see if it has been opened and ensure the device plugs directly into your computer. As the club owner, restrict access of cardholder data.
6. Maintain an inventory of all systems related to credit card processing. This would include POS workstations, card readers and network devices. Your inventory should include the make, model, serial number and location of each device.
7. Restrict physical access to cardholder data. Ensure your systems are only accessible by authorized staff members and are not accessible by members. If you are storing contracts or other documents with full cardholder data, you need to put physical controls in place to limit access to the area.
8. Ensure your service provider is certified as a Level 1 service provider. If you work with a Level 1 service provider, then they should be able to safely secure all data and process recurring payments on their side including managing all the encryption related to the transmittal and storage of any credit card numbers.
Angela Walker joined the ASF marketing team after a relocation to the Denver area from Silicon Valley after working on the News Feed at Facebook Inc. and eBay. Walker brings more than 14 years of writing experience coupled with a knowledge of the tech industry and social media. When she is not knuckle-deep in tweets or timelines, you can find her in the mountains with her family and her dogs, Martini and JJ.
ASF is a Level 1 service provider. It operates in a secure environment and has had all of its operations, policies and online POS software modules PCI DSS certified. ASF provides a host of online gym management software applications to its clients including POS operations, recurring payments, onsite credit card processing and more. Its Trustwave ASF Certification program is an online process that insures your gym/health club is also protected and PCI compliant.