RunSignUp

< ABOUT

PCI COMPLIANACE

Secure Transaction Processing

PCI Level 1

RunSignUp has achieved the highest level of PCI compliance as evidenced by our Attestation of Compliance. Our volume of transaction processing required us to go through a rigorous certification process, which included onsite reviews and scanning and vulnerability testing with an independent third party Qualified Security Assessor. As part of the certification process we implemented the following advanced security measures:

  • Secure password storage with protections like bcrypt
  • Secure user input fields with SQL prepared statements to prevent XXS attacks and SQL injection as well as CSRF attacks
  • Advanced encryption key management procedures
  • Secure network configurations with multiple levels of firewalls
  • Employee, customer, participant segmentation and access control and login management
  • 100% code review and change logs
  • System hardening including implementation of Center for Internet Security recommendations
  • OSSEC log analysis
  • AntiVirus scanning including ClamAV
  • Constant vulnerability scanning including implementing Nessus
  • Monthly process to install security patches

Payment Facilitator

RunSignUp has taken steps as a company to meet stringent security, banking, VISA and MasterCard processing rules to become an authorized intermediary (Payment Facilitator) between credit card holders (registrants) and race owners. This means that with our Advanced Payment Accounts we never handle your race proceeds. After the credit card transactions are settled for your race, the race proceeds are held in escrow for your benefit with our back end credit card processing company. Funds transfers to you happen accurately and on time by either ACH or check based on the frequency of payment you have requested.


Data Privacy

Data privacy is important to you and to your participants. Whenever we collect or transmit sensitive data, that data is encrypted and transmitted in a secure way. We don't sell or share participant data with anyone other than the owner or Event Director of the event for which a participant has signed up. RunSignUp will not market or sell anything directly to participants who use our site. We only collect credit card information when a participant requests us to and if requested it is stored securely with a third party PCI Level 1 compliant vendor who specializes in credit card storage. View our Privacy Policy for more info.


What should you look for in evaluating data security and transaction processing in a race technology provider?

  • Does the provider have secure, scalable technology?
  • Are they PCI Level 1 compliant with independent auditors?
  • Do they keep your race funds separate from the funds that they use to operate their business?
  • Do they have a privacy policy for how they will collect, store, and share data?
  • Will they use participant data to market or sell unrelated events, subscriptions, or other items to your race participants?
  • Do they have a proven track record in the industry?

PCI Compliance

RunSignUp is a Level 1 PCI-DSS (Date Security Standard) Service Provider. We have undergone a rigorous independent third party assessment to achieve this designation.

E-Mail
From Our Blog:
Sep 21st, 2017
The Risks of Declining Registrations

There was a recent article on Bloomberg News suggesting that the next financial crisis could start in Silicon Valley and “Fintech”. Fintech is a broad term, but touches all races who use online registration with the movement of over $1 Billion per year thru the 100 or so race registration systems. Here are some of … Continue reading "The Risks of Declining Registrations"

Sep 21st, 2017
Child Privacy

To protect the data the races who use as as their online registration platform, we have made some updates to your race, event and club websites to better protect the online privacy of children, particularly those under the age of 13. Our updates are designed with the Children’s Online Privacy Protection Rule (“COPPA”) in mind and … Continue reading "Child Privacy"

What Our Customers Say:

“Bryan is tremendous at follow-ups, as I have found everybody is at RunSignUp. When you need an answer to a question, you get answers to questions, and that just doesn’t happen with most online companies.”

- Terry Lewis, RS Racing Systems