Do you ever wonder what treasures lie inside the magnetic stripes on the back of credit cards? The temptation to learn more about these hidden treasures is what has opened a cottage industry for would-be credit card thieves. They are ready to pry open even the smallest crack in the security door that allegedly protects all credit card owners. Unfortunately, many victims of credit card fraud don’t even know that thieves are helping themselves to unauthorized purchases by simply bypassing lax security measures of Internet merchants as well as brick-and-mortar retailers.

Sadly, some of those brick-and-mortar businesses hang out HVAC shingles and seemingly conduct business in an honest and secure environment. Too bad they aren’t aware of their own shortcomings when it comes to protecting their customer’s valuable private information. Ignorance of proper security measures can bring down a business just as fast as a swipe from Hurricane Katrina. One swipe of a credit card can start a chain reaction that ultimately deprives a victim of his or her identity - and a business of any profit margin it may have counted on.

All because a customer’s credit card information inside that magnetic stripe was not secured.


If you look at the story at the top of page one in this issue, you’ll read about new security measures being enforced by credit card giants Visa and MasterCard, designed to ratchet up the layer of protection for credit card users and to punish businesses who don’t take security threats seriously. I have to admit that I was pretty naïve about the need for tighter security until I met Paul Donihue of Advanced Merchant Services. Donihue told me things that all HVAC contractors should know and hopefully the message will come across loud and clear.

Basically the problem - or how to avoid the problem - involves encryption of a customer’s credit card number once it has been used to complete a sale. Many accounting software programs automatically encrypt a credit card number, making it appear to the naked eye to be a bunch of x’s followed by four digits. But some programs don’t encrypt and therein lies the problem.

Hackers looking for credit card numbers have a much easier time stealing someone’s private numbers, and consequently their identity, if there are no barriers to finding that information. If it is out there, someone will find it. Believe me. Think of all the customer records you have in unlocked file cabinets or unsecured files in your computer database. Think of how easily someone with bad intentions can get that information and use it against your customers. If your customers lose, you lose. Simple as that.

And also think about the people who you empower to input that secure data. Can they be trusted? What kind of pasts do they have? Have you run a background check on the people you trust your sensitive documents to? If I’m sounding a little paranoid, you are probably right. But I’d rather err on the cautious side.

I was almost the victim of credit card fraud last fall. I checked my credit card statement and found that an airline ticket for a flight within India had been charged to my credit card. It turned out to have been an error in the card number used to charge the ticket and the airline told me that once the person would have tried to get a boarding pass, the error would have been caught. I was lucky then and still consider myself lucky that someone hasn’t tried to or successfully stolen my identity.


One incident where a customer’s credit card information is stolen while in your company’s “secure” possession could cost your business up to $100,000. A catastrophic security breach could push the fines into the millions and would surely bring down even the most profitable of all HVAC contractors.

You buy insurance to protect your business and your possessions against theft and natural disasters. You buy car insurance to protect your fleet of vehicles. You buy an alarm system to protect your physical property when you aren’t there. You offer insurance to your employees, maybe even pay for part or all of it.

You do all of the right things - but do you also protect the future of your business by taking the proper steps to secure your customer’s information? If you don’t take those steps, no insurance in the world will provide a big enough net when your business comes crashing down.

Publication date:02/12/2007