Venue Security Corporation takes consumer privacy very seriously. While other products use simple password protection that can be easily compromised, Club Watch uses a combination of biometric authentication, unique hardware detection, strong encryption, and password-based access control technologies to provide the highest level of security possible.
Biometric Security: Just as the Club Watch Community Connection holds patrons accountable for their actions, the fingerprint-based biometric authentication system in Club Watch ensures that venues using Club Watch are held accountable for their actions. By requiring venue users to logon to their Club Watch accounts with their fingerprint, patrons and venue management can rest easy knowing that only authorized users can access the tools and information within Club Watch. This means that any potential misuse of Club Watch would be instantly traced back to the person responsible and swift action would be taken to suspend or terminate the offending user's account.
Strong Encryption: Club Watch uses two very secure and respected data encryption technologies: (1) a 1,024-bit Diffie-Hellman key agreement algorithm and (2) a 448-bit Blowfish symmetric cipher to provide data encryption. This provides a level of encryption to protect patron data that is significantly more secure than the typical 128-bit encryption used in today’s Web browsers for banking transactions over the Internet.
Restricted Access to Community Alerts: Access to community alerts is further restricted by requiring the venue operators to have the actual ID cards in their hands, which requires the patron to be present and to give the venue operator consent to swipe his/her ID card. Swiping a physical card or manually entering an ID/DL number is the only way a venue operator can see any of the community alerts within the global Club Watch Community database. This is an important feature of the system because it protects consumer privacy by only allowing the venue operator to view community alerts in the presence of the patron who is the subject of the alert. This means it is impossible for a venue operator, patron, or any other person to randomly type in somebody’s name out of curiosity to see whether a particular friend or foe has been reported to the Club Watch Community.
Payment Card Industry (PCI) Compliance
The PCI Data Security Standard (PCI DSS) forbids storing any of the following:
- Unencrypted credit card numbers
- CVV or CVV2
- Pin blocks
- PIN numbers
- Track 1 or 2 data, which contains CC account number/name combinations
At this time, Club Watch is not designed to process credit cards or store any of the forbidden data above. As a result, it is impossible for Club Watch to violate the PCI regulations imposed by American Express, Discover, MasterCard, and Visa.
However, Club Watch was originally designed to be a component of the US-VISIT immigration and border management system. As a result, Venue Security Corporation has already developed the Club Watch system architecture to meet or exceed the FIPS-200 United States Government/military federal information processing standard, which is much more stringent than the PCI DSS. As a result, Club Watch inherently meets or exceeds the following principles and technical requirements defined by the PCI DSS.
- Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
- Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
- Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
- Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
- Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Preventing Abuse by Venue Operators
Club Watch has an extensive array of built-in security measures to ensure that venue operators do not abuse their patrons’ personal information and to ensure they use Club Watch responsibly.
Restricted Access Permissions: Club Watch enables venue operators to create as many Club Watch user accounts as they need for their venues with various levels of functionality. Each user account has independent permissions, which can be easily configured based on the authority, responsibilities, and tasks that each user must perform.
Patrons' Home Address is Never Revealed: Club Watch ensures that bouncers and other venue staff never see a patron's personal home address. This protects the patrons from anybody who might want to use that information for malicious purposes.
Rapid Response: Between Club Watch’s extensive permissions sub-system, biometric fingerprint logon authentication, fingerprint-based digital report signing, and a complete audit trail of every action that users perform throughout the entire Club Watch Community of venues, Venue Security Corporation can quickly trace any potential abuses of our Club Watch Network right to the venue and person who committed the abuse. At that point, we can instantly disable the offending venue’s Club Watch account while we investigate the issue or terminate the venue’s Club Watch account, no matter where they are located in the world.
