chases, has become top of mind based on all of
the recent retail security issues.
Once your new member is ready to make their
initial payment they do a quick card swipe and
the security is off and running! Keep in mind
if your CMS vendor is PCI compliant, this simple step should kick-off a chain reaction of special security measures. This swipe causes the
CMS to kick off an encryption process so the
club employee never sees the member’s financial data. The real card number will then be
replaced with a “token” (miscellaneous letters
and numbers) that is then stored in the database which will live in a PCI compliant data
center. This ensures that the actual credit card
number is never stored anywhere at the club
level, giving you and the member peace of
mind. In this scenario, a real-time POS interface completes the environment, offering unprecedented security and accuracy, adding to
the efficiency with which business is transacted.
For optimal overall security, your CMS vendor
should live by the “Secure Zone” model ensuring that the EFT and POS payment gateways
have a dedicated secure line directly into the
ACH and credit card networks. This secure
line should live in a PCI certified data center,
thus eliminating the club’s risk of data compromise. Meaning, if your vendor subscribes to
this model, it gives you the benefit of complete
data security from the initiation of the sales
transaction until payment processing is complete.
A good example of this would be a CMS vendor that uses an ASP or SaaS model for their
solution. This model provides a Thin Client
on the club’s workstation that connects via a
secure web service to the PCI compliant data
center where the application and client’s data-
36
base is hosted. The benefit of this model is that
it allows the club to outsource the hosting of
the software application and all their data, giving them comfort that all their member data is
safe and secure.
Lastly, (as if you have not read enough techie
mumbo-jumbo) make sure your vendor provides a true back-up plan where your data is
synced and backed-up in real-time. In addition, there needs to be a disaster recovery site
in place that allows your database to fail over at
any time in case of an emergency.
By now you are probably seeing a trend that
your CMS partner should offer a dedicated
pipe between their software, the credit card
gateway and the sponsor bank. This allows for
added security of highly sensitive credit card
data and in the case of an emergency, they
should also provide redundant processing facilities along with primary and fail-over connectivity.
Most importantly, this means they take on all
the liability and risk of ensuring your data always stays secure, leaving you more time to
focus on the more important aspects of your
day-to-day business – your members and your
bottom-line!
Kristan Prokopec is the
Marketing Manager and
brand visionary for Jonas
Fitness Inc., a division of Jonas Software, a provider of
enterprise management software and billing solutions to a variety of industries, including fitness, sports and leisure,
golf and private clubs, attractions, food service,
construction and more. Jonas
Software has more than 25,000 customers in
more than 15 countries around the globe.