Every year around this time we report on our successful annual audit demonstrating compliance to the Payment Card Industry Data Security Standard (PCI DSS).  This year is no exception, another successful audit under our belt!   If you require our PCI Attestation of Compliance document for your records, please contact RunSignup and we can provide it […]

23 Releases and Updating 40 servers – All in a Days Work

This is Bob. We will be releasing several year end blogs over the coming weeks. A couple of them will be an overview of the features we released and another for our 2021 product roadmap. But I thought yesterday was worth mentioning. Each morning, I get an email that sends me to a page to […]

More Reasons to Stop Using Widgets

We have posted in the past that we will not be supporting widgets. This is due to modern browsers stopping support. Safari stopped supporting session tracking several months ago, and Chrome will stop in July. As we discussed a year and a half ago, widgets are not a good long term strategy for putting functionality on […]

PCI Audit Complete

We have been issued a new Attestation of Compliance for PCI. This is our yearly report issued by an independent auditor that does an annual (and quarterly) multi-dimensional audit of our system and processes to ensure we meet the highest levels of compliance with the credit card industry standards. RunSignup spends considerable effort, and we […]

New Version of Safari Breaks Widgets

Any customer using widgets, even Partner Websites, should switch to a simple button and link to the appropriate RunSignup site directly. Unfortunately, Apple has released a new version of Safari that prevents session tracking. This is a necessary feature on complex web applications such as a registration. “ITP will now block all third-party requests from […]

How Secure is Your Race Website?

I was talking with someone today about whether races feel an obligation to keep their customer data safe. The conversation was triggered when I was talking to a small registration company owner and found they had many security vulnerabilities like their site being susceptible to SQL Injection, Cross Site Scripting, and lack of a security […]

Multi-Factor Authentication

We have released the capability to do Multi-Factor Authentication (MFA, or sometimes called 2-Step Verification) on RunSignUp. This is optional for all users (required for RunSignUp employees). MFA is currently gaining popularity as an additional layer of security. The basic idea is that in addition to your password, you use another device (typically your phone […]

Updated Payment Account Requirements

As part of our ongoing efforts to improve our financial and security processes, we are instituting additional controls on new payment accounts. This involves collecting additional information on owners and requiring information be entered by individuals with significant control over the entity. As we have discussed, we are part of the banking network, and require […]

Dashboard Graphs Secure Access

The front Dashboard will become much more powerful in the coming weeks with over a dozen different graphical reports being added. To prepare for this, we have added specific access management for just the Dashboard. To invite others to get access to dashboard graphs, click on the lock in the upper right corner: This will […]

RunSignUp Demonstrates Continued Commitment to Secure Data and Transaction Processing with new Leadership Role

The Electronic Transactions Association (ETA) announced today the launch of a new Payment Facilitator Committee, with Kevin Harris (RunSignUp Chief Finance and Operations Officer) taking the role of Vice-Chair. ETA Press Release: http://www.electran.org/publication/transactiontrends/eta-announces-new-payments-facilitator-committee/ As noted in the release, the committee “will serve as a resource within ETA as the established, valued experts on payment facilitators, enabling deeper […]

Security Updates – Dirty COW

We have installed the patches for the “Dirty COW“, the privilege escalation vulnerability in the Linux Kernel. They even have a logo for it. The AWS patches are here. If you use other systems that run on Linux, you should check to make sure these changes are made: https://alas.aws.amazon.com/ALAS-2016-757.html https://alas.aws.amazon.com/ALAS-2016-758.html

Security Patch

We updated our site with this security patch – https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/. Other webmasters may want to run the free Qualys SSL scanning tool to check their grades – https://www.ssllabs.com/ssltest/index.html. Users can also check out their most common websites as well (proud to say RunSignUp beat the bank I use :-))

Secure Information Option

We have added the ability to collect Social Security Number, Drivers License and Passport as highly secure options to race registration. This was done at the request of a race held on a military base, but may be useful for other purposes as well (such as border crossing races that might require Passport numbers). The […]

Security Update – MySQL Database Upgrade

Our cloud provider, Amazon AWS, provided an automated update to our MySQL database service last night. This was to provide a fix to the security report issued by Oracle on Oct. 16. We are happy to report that our highly available configuration allowed our failover database server to be upgraded, and then take the load […]

Security Patch for vulnerability in bash “Shellshock” Updated

We have updated our public facing servers with the patch for this new security vulnerability that was found and reported on yesterday. Here are is a link to learn more if you are interested, or to check to make sure your own servers have installed this: http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html Note there are likely more patches coming from the […]

Find A Runner – Easier Access to Logging On

Races can enable “Find a Runner” capabilities on their races.  This can be set up to do a public facing list like shown on the right, or be a search with either first and last name, or first, last and date of birth depending on how secretive you need to be for your race (our […]

Sharing Access to Your Race

As a race director, you have a lot of people that you need to share information with.  And the solution is NOT to give your username and password to everyone! RunSignUp provides a simple “Information Sharing” section for your race.  You add any number of people to several different types of access: Edit Participants Full […]

Disabling Password Requirement

RunSignUp by default requires runners to enter a password.  We find this to be very helpful to runners long term since they do not have to type in information repeatedly for each race they join.  It also enables features like refunds, event-event transfers and bib exchange in a secure manner. However, some races want to […]

Participant Display Customization

We have been  giving race directors the ability to add specific people to view different amounts of participant information.  We just released an expanded capability that allows race directors to pick each field they want to share with the public, other participants and with Team Captains. This will determine how participants are displayed in the […]