RunSignUp

< ABOUT

PCI COMPLIANACE

Secure Transaction Processing

PCI Level 1

RunSignUp has achieved the highest level of PCI compliance as evidenced by our Attestation of Compliance. Our volume of transaction processing required us to go through a rigorous certification process, which included onsite reviews and scanning and vulnerability testing with an independent third party Qualified Security Assessor. As part of the certification process we implemented the following advanced security measures:

  • Secure password storage with protections like bcrypt
  • Secure user input fields with SQL prepared statements to prevent XXS attacks and SQL injection as well as CSRF attacks
  • Advanced encryption key management procedures
  • Secure network configurations with multiple levels of firewalls
  • Employee, customer, participant segmentation and access control and login management
  • 100% code review and change logs
  • System hardening including implementation of Center for Internet Security recommendations
  • OSSEC log analysis
  • AntiVirus scanning including ClamAV
  • Constant vulnerability scanning including implementing Nessus
  • Monthly process to install security patches

Payment Facilitator

RunSignUp has taken steps as a company to meet stringent security, banking, VISA and MasterCard processing rules to become an authorized intermediary (Payment Facilitator) between credit card holders (registrants) and race owners. This means that with our Advanced Payment Accounts we never handle your race proceeds. After the credit card transactions are settled for your race, the race proceeds are held in escrow for your benefit with our back end credit card processing company. Funds transfers to you happen accurately and on time by either ACH or check based on the frequency of payment you have requested.


Data Privacy

Data privacy is important to you and to your participants. Whenever we collect or transmit sensitive data, that data is encrypted and transmitted in a secure way. We don't sell or share participant data with anyone other than the owner or Event Director of the event for which a participant has signed up. RunSignUp will not market or sell anything directly to participants who use our site. We only collect credit card information when a participant requests us to and if requested it is stored securely with a third party PCI Level 1 compliant vendor who specializes in credit card storage. View our Privacy Policy for more info.


What should you look for in evaluating data security and transaction processing in a race technology provider?

  • Does the provider have secure, scalable technology?
  • Are they PCI Level 1 compliant with independent auditors?
  • Do they keep your race funds separate from the funds that they use to operate their business?
  • Do they have a privacy policy for how they will collect, store, and share data?
  • Will they use participant data to market or sell unrelated events, subscriptions, or other items to your race participants?
  • Do they have a proven track record in the industry?

PCI Compliance

RunSignUp is a Level 1 PCI-DSS (Date Security Standard) Service Provider. We have undergone a rigorous independent third party assessment to achieve this designation.

E-Mail
From Our Blog:
Nov 14th, 2018
Monthly Server Updates

As we’ve discussed before, part of being PCI Level 1 Compliant is doing monthly updates to our infrastructure. This involves upgrades and updates and patches to the operating systems and other core pieces like NGINX and Apache servers. This month we also did an upgrade to the latest version of the Aurora Database on Amazon.... Continue Reading →

Nov 14th, 2018
Big Mess Up

Soooo, we messed up.  A large marathon used our email system to send out pre-race information emails. One of the cool features of our CRM-driven email is that you can put “tags” into an email and they populate from the database automatically.  Pretty cool. Except when there is a miscommunication and two of the tags... Continue Reading →

What Our Customers Say:

“I love that everything in RunSignUp can be used on the fly. I was able to, while I’m boarding a plane, create a coupon code, deploy that coupon code, and know that it is going to work seamlessly.”

- Michelle and James Bettis, 3W Races