If you attended the Technology Summit at the IHRSA show in March, you may have been a little freaked out. Speakers Michael Scott Scudder, owner of MSS FitBiz, and John Whitworth, business development manager of Ambiron Trust Wave, told facility owners that, if they weren’t PCI Compliant by the end of March, they could be fined up to $100,000 by the Payment Card Industry (PCI). Yikes! Amid the doomsday talk and technical jargon, something Scudder said jumped out at me: Being fined that much could ruin a club’s entire business.
The basic idea is that credit card companies formed a group and created some standards in order to pass along the cost of fraudulent charges to you. They created the PCI Data Security Standard (DSS), which every company that uses credit cards must comply with. If you don’t, and a customer or employee uses someone else’s card number illegally, you get fined. Also, PCI could keep you from using credit cards at all, which would basically wipe out your business. To give you an idea of just how big this is, credit card usage (including debit cards) in membership transactions went from 35 percent in 2002 to 65 percent in 2007, according to Scudder.
To be compliant, fitness centers must better control how they get credit card information and store it. Do you have member card numbers in some filing cabinet that isn’t locked? That is a finable mistake. Many more rules exist, and they can be found at www.pcisecuritystandards.org.
Being non-compliant should scare you. It scares me, and I don’t even OWN a club. However, is it time for fitness centers to hit the panic button and scramble to find experts to help them avert a financial crisis? I think sensible clubs can calmly contact their bank and software company and make the necessary changes without losing any sleep. No freaking out required.
Is your facility PCI compliant? Do you even know what that is?
No comments:
Post a Comment