The Importance of Implementing End-to-End Encryption

E2EE

More than 143 million personal records were exposed in an Equifax data breach in 2017. As data breaches have become a common occurrence, the potential liability associated with them is always top of mind. It’s important to ensure your members’ data is protected from hackers. Not only does a data breach affect members’ personal information, but it also destroys the trust and confidence in their relationship with their health club.

As a fitness club owner, you should be in search of a club management software that provides the highest level of security for your club, which houses your employees’ and members’ personal information. Regardless of how many members or locations you have, a breach can happen to you!

Breachlevelindex.com states only four percent of data breaches were “secure breaches” where encryption was used and the stolen data was rendered useless. To avoid breaches, fitness clubs around the world are implementing end-to-end encryption (E2EE) to ensure their data is always protected.

What exactly is E2EE?

Easily put, end-to-end encryption is a technology that ensures your members’ credit card information is kept safe as it moves from your location to your club management software’s secure network. Technically speaking, it is a method used for securing encrypted data while it is moving from the source to the destination. The objective of this method is to encrypt data at the point of acceptance (swipe or insert) and to decrypt it when it reaches a certifiably secure database or application server. It can solve the problem of revealing data by “net sniffers” if a system server has been compromised. When implemented with trusted algorithms, end-to-end encryption can provide the highest level of data protection.

How does E2EE work?

The moment you swipe or insert a credit card into a payment terminal, the terminal uses a process known as encryption to turn the credit card number into a virtually non-decodable number. At that point, the encrypted number is passed from the payment terminal to your PC, through the Internet, and to club management software’s network. If these systems are breached and the number is read, this process will ensure the data would be of no use by the perpetrator. When the encrypted number reaches the secure network, a “key” is used to decrypt the credit card number and make it accessible by your club management software’s system.

What is PCI compliance and how does it protect your gym?

PCI DSS is the Payment Card Industry Data Security Standard. This is a set of standards that cover technical and operational system components included in cardholder data. To uphold a PCI DSS certification one must:

  • Build and maintain a secure network through firewalls
  • Protect cardholder data by encrypting transmission of data across open networks
  • Maintain an anti-virus software
  • Implement strong access control measures by assigning unique codes/IDs to those with computer access
  • Regularly monitor and test networks
  • Maintain an information security policy for employees and contractors

 

ABC Financial provides club management software and payment processing services that are Level 1 PCI Compliant, with a large focus on E2EE. We also offer PCI Compliance Assistance Services through Trustwave to give you the confidence that your clubs data will be protected in the event of a data breach. It’s just as important to us to protect your data, as it is to you. Visit our website (link to ) to learn more about our club management software and how we can help streamline and protect your business.

1 Comment

  1. Mark Brown

    June 14, 2018 at 10:56 am

    Just wanted to add a bit of information and clarify one point in the article.

    On the card processing ISV (Independent Software Vendors) don’t actually have much do to with the End to End Encryption services as these services come from companies like Ingenico, MagTek, IDTECH.

    They produce the equipment from the front to back end. That is CC readers that are encrypted and send the data to the licensed servers at the processing ISO’s back end. Once the payment is approved the club software simply gets the approval authorization number to store with the sale.

    So what this means, and it deviates from the article writers understanding, is that the encrypted card data (should) NEVER transit the club software or their network. Period.

    If it does transit their network it’s time to look at a different software vendor because the solution you are using should be 100% OUT of PCI scope.

Leave a Reply

Your email address will not be published. Required fields are marked *