Are the passwords for your members and customers in your database hidden from staff view (e.g., hashed out or showing a blank field)? Or can you staff see the password that your member has set up for him or herself?
Customer passwords should be hidden from staff for one simple reason: As humans, most of keep only one or a handful of passwords for ALL of our online accounts. Think about it: How many online accounts do you have, and how many use the very same password?
If you know your members’ password to your system, then chances are you know their password to a lot of other sites, too! That’s not a position you want your staff to be in.
So if your system isn’t already hiding passwords from staff, fix that, pronto!