The recent and ongoing Target credit card debacle shouts out a loud and clear warning to anyone who operates a business that involves credit card transactions: Protect your customers’ data! When 40 million or so Target shoppers had their credit and debit card data stolen because of problems with the store’s security procedures, the company was sued in multiple lawsuits, its shares fell precipitously, and it was left struggling to placate customers with apologies and discounts. The legal and financial threads will take months — or longer — to untangle, and the store will have to fight to win back its reputation.
For health clubs, sports facilities, and fitness centers, protecting data is especially crucial, because business depends so heavily on relationships with customers. The key to successful protection is the Payment Card Industry (PCI) Data Security Standard, which provides an actionable framework for developing a strong security process — including prevention, detection, and appropriate reaction to breaches.
Here’s what you need to do to become compliant with PCI Data Security Standards:
- Use a firewall to build and maintain a secure network. Also, consider changing all system default passwords to create unique employee user IDs.
- Encrypt all credit card numbers. This one is a no-brainer.
- Install industry-standard antivirus and malware security programs. These will perform scans and provide feedback, confirming that your systems are protected and letting you know when a concern arises.
- Restrict employee access — on the network and physically — to cardholder data. You want to make sure only specific employees have permission to access it.
- PCI compliance audits are your friends. Participate in them regularly in order to monitor and test systems that process and store cardholder data.
- You have an information security policy, right? If not, what are you waiting for. Establish — and maintain — one immediately.
When data is compromised, so much is lost. The last thing you need is to have customers lose faith in your club or facility, to feel insecure about your ability to protect them. If a security breach occurs, they will wonder if their faith is misplaced. A store like Target probably can survive such a blow — it’s big enough, and offers enough conveniences, that customers will begin to trust it again eventually. But with a fitness center or sports facility, the stakes are higher because of the personal and emotional investments your customers make when they trust you to help them shape healthier selves, to provide a refuge from the more stressful parts of their lives. If your systems are breached they’re going to feel the pain more keenly than customers in other industries.
So take the necessary steps — and then let your clientele know you’ve done so. If you communicate with them about the security measures you’ve taken, they’ll be reassured, and a reassured customer is likely a retained one.