As Secure As Your Membership Policies
There may be associations that conduct background investigations
of prospective members or require some proof of eligibility
before allowing someone to join but I am not familiar with them.
Generally, all that is necessary to join an association is the
willingness to complete and sign a membership application and to
pay the appropriate dues. Cash payments would be somewhat risky
and suspect so presumably nearly all membership applications will
be accompanied by a check or credit card that has some
identification on or associated with it.
For associations that accept online membership applications, all
that is typically needed to become a member and access to the
member only areas of the associations web site is to provide a
valid credit card number and expiration date and a post office
box for an address. For associations that do not care if members
are qualified this may not be any problem; here the only concern
may be that online services cannot be obtained for free and thus
fail to be an incentive for joining the association.
Some associations may provide member communication services that
are semi sensitive in nature. Members may wish that those who
are not qualified to be members, cannot see the member only
communications. For such organizations, I suggest the following:
Some credit card authorization technology today displays the card
holder's name. These associations that accept online member
applications should consider a policy of not automatically
accepting applications where the name on the application does not
match the name provided by the credit card authentication
technology. The association should require a phone number on all
member applications. Where names do not match, the number
should be contacted and the prospective member asked to explain
why the card name is different than the application name before
the application is processed.
Even with such requirements, these associations are still likely to be
accepting memberships based on only a real name and telephone
number. If the person is not eligible to join the association
and is found out, it might be somewhat embarrassing to that
person but they are unlikely to suffer any other adverse
consequences. It is probably not illegal to join an association
under false pretenses even when the association considers it very
important that only qualified individuals join the association
and access its proprietary information.
The point behind this is that an association's web site cannot be
any more secure than its membership policies. Anyone who is
willing to pay the dues and lie can gain admission.
As I discuss in the section "Collaboration Among Members,"
providing electronic communications between members could be
one of the largest benefits of an association as we move towards an
ever more online age. I personally would never place anything
that I considered to be confidential information, into today's
web sites or list servers; others may think the username and
password used to access the member only areas of the web site
provides some meaningful security.
From the association's perspective, it is important that the
association never misrepresent the security that is available for
it's web site and other electronic communications. Members
should be reminded that the system cannot be any more secure than
the level of security associated with joining the association. It
might be useful to require the members to pass through a page
that includes the appropriate security disclaimers before
participating in any collaborative communication. If security is
of particular interest to your members, you may want to go so
far as electronic contracts that make a permanent record of
whatever language the member saw and agreed to as a condition of
participating in the electronic collaboration.
Top of Page -
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is