Management and billing software companies are aware of the risks of identity and credit card number theft, and are working diligently to help keep your customers safe. However, these companies also stress the importance of personnel at your facility doing their part. "If the facility or the employees are careless with any information — credit card numbers, bank account information, addresses, etc. — they potentially can expose their members to fraud, or worse, and themselves to a huge liability," says Bruce Painter with ClubRunner Management Software, Jupiter, Fla.
Rachelle J. Shotwell, marketing manager at ASF International, Highlands Ranch, Colo., says, "Personal information security is something that is extremely important in any software product. However, it is also important for clubs to realize that they play a critical role in keeping their member information secure."
Limit access to informationWhat does member information security mean to facility management? Shotwell suggests that there should be limited access to data, such as EFT or credit card account information. "Allowing unrestricted access to this information not only puts members at risk, but also creates potential liability on the part of the club," Shotwell says. Fitness center managers should carefully consider to whom they allow access this information. They should also make sure that each user's password is unique, and update passwords on a regular basis, especially if there is employee turnover. "The staff can help by never allowing customer information to be unsecured. For example, if a member joins and signs an EFT or credit card authorization, there need to be safeguards in place, and they must be followed. Completed contracts should never be left out where there is general access. Old contracts should be destroyed and never just thrown out," says Shotwell.
Painter says that personal information, "in the wrong hands can (and has) led to identity theft, employee 'stalking' of members, credit card fraud, etc. Credit card fraud and identity theft are obvious if someone has access to that information. ... 'Stalking' or similar situations arise when an employee (or even a member), sees someone's address, phone number, etc., at the front desk, and pursues that individual," says Painter. These are dangerous situations that can be prevented with the proper steps.
Software can helpChoosing the right software for your needs can make a big difference in what your employees are allowed to "see," and how the information is protected in the system. Some software doesn't display protected type of information to non-secure areas or employees. Painter says that there can be an option to hide information, and "front access points" only see what is necessary to complete each transaction.
Jeff Runnels from Affiliated Acceptance Corp., Sunrise Beach, Mo., explains the steps software designers go through to make sure they are putting the necessary information into the right hands, without giving away too much. "The software must find the balance between exposing member information and allowing employees to have access to data needed to perform their jobs. This involves analyzing each piece of information to determine its relevance/importance to a particular function," he says.
Security against outside intruders is equally important, and must be one of the key aspects in any management software. With access to the Internet likely at each computer terminal, protection features should be in place. "Members are giving you access to important financial information, and it is [your] responsibility [and the job of your] software program to ensure that this information is protected and cannot be accessed by someone without proper security, or 'lifted' from the computer via a worm or hidden program. There is no fool-proof system, but databases and computers can be protected to avoid many of the traps," says Painter. "We use data encryption on billing files when they are sent over to us. We [also] recommend using virus protection software and limiting Internet access on the server and workstations throughout the facility," Painter says.
Technology is constantly evolving, as are regulations designed to help consumers. Says Runnel, "Identity theft has become an important issue in most businesses. The fact that some employees must have access to sensitive data means that the software must protect data with encryption when possible, authenticate who is viewing the data and log each view/attempt. Payment Card Industry compliance is working its way down, ... and is affecting some of the larger clubs directly and just about every club indirectly," Runnel says.
An ongoing processThe security of members' personal information will continue to be an important part of facility management responsibility, says Shotwell. All information should be password protected, and have the ability to show you who accessed the information should a situation arise. Your members will appreciate your thoroughness when it comes to protecting their personal information, even if they aren't aware of all that you do to keep them safe.
Facility of the Week