RunSignUp

< ABOUT

PCI COMPLIANACE

Secure Transaction Processing

PCI Level 1

RunSignUp has achieved the highest level of PCI compliance as evidenced by our Attestation of Compliance. Our volume of transaction processing required us to go through a rigorous certification process, which included onsite reviews and scanning and vulnerability testing with an independent third party Qualified Security Assessor. As part of the certification process we implemented the following advanced security measures:

  • Secure password storage with protections like bcrypt
  • Secure user input fields with SQL prepared statements to prevent XXS attacks and SQL injection as well as CSRF attacks
  • Advanced encryption key management procedures
  • Secure network configurations with multiple levels of firewalls
  • Employee, customer, participant segmentation and access control and login management
  • 100% code review and change logs
  • System hardening including implementation of Center for Internet Security recommendations
  • OSSEC log analysis
  • AntiVirus scanning including ClamAV
  • Constant vulnerability scanning including implementing Nessus
  • Monthly process to install security patches

Payment Facilitator

RunSignUp has taken steps as a company to meet stringent security, banking, VISA and MasterCard processing rules to become an authorized intermediary (Payment Facilitator) between credit card holders (registrants) and race owners. This means that with our Advanced Payment Accounts we never handle your race proceeds. After the credit card transactions are settled for your race, the race proceeds are held in escrow for your benefit with our back end credit card processing company. Funds transfers to you happen accurately and on time by either ACH or check based on the frequency of payment you have requested.


Data Privacy

Data privacy is important to you and to your participants. Whenever we collect or transmit sensitive data, that data is encrypted and transmitted in a secure way. We don't sell or share participant data with anyone other than the owner or Event Director of the event for which a participant has signed up. RunSignUp will not market or sell anything directly to participants who use our site. We only collect credit card information when a participant requests us to and if requested it is stored securely with a third party PCI Level 1 compliant vendor who specializes in credit card storage. View our Privacy Policy for more info.


What should you look for in evaluating data security and transaction processing in a race technology provider?

  • Does the provider have secure, scalable technology?
  • Are they PCI Level 1 compliant with independent auditors?
  • Do they keep your race funds separate from the funds that they use to operate their business?
  • Do they have a privacy policy for how they will collect, store, and share data?
  • Will they use participant data to market or sell unrelated events, subscriptions, or other items to your race participants?
  • Do they have a proven track record in the industry?

PCI Compliance

RunSignUp is a Level 1 PCI-DSS (Date Security Standard) Service Provider. We have undergone a rigorous independent third party assessment to achieve this designation.

E-Mail
From Our Blog:
May 23rd, 2018
Coupon Reports UX Update

We did a nice little update on the coupon reports page: This is what is used to look like:

May 22nd, 2018
Webinar: Leveraging Strava Clubs to Grow Your Events

In March RunSignUp announced Strava as our first National Sponsor. The partnership is designed to open up a revenue stream for local races while linking them to technology that can actually help grow their events. On PT May 30th (2pm ET/11am), Strava will host a partner webinar highlighting: What are Clubs on Strava, and how... Continue Reading →

What Our Customers Say:

“Since we added [donations] into our registrations with RunSignUp, we’ve had a surprising amount of people that have been able to increase the donations we get over all our races, significantly.”

- Shawn Duffey, Gulf Coast Runners