We have just completed our annual PCI DSS certification. An independent auditor has issued a new Attestation of Compliance for PCI DSS. The Payment Card Industry has strict security requirements for the storage and processing of payment card data. We meet or exceed those requirements and apply them across our entire platform (not just the subsystems that process payments).
Our considerable efforts regarding security start with our strong position that the data we collect and manage on our customer’s behalf is just that: our customer’s data. While we provide so many services at no charge (such as free email, free websites, and free domains), we never ask you to trade your data for the right to use these services. We never sell our customer’s data nor do we direct ads or market to participants of your events. Data privacy is core to our business model.
Our processes include ongoing and rigorous analysis of our architecture, design, and operation. We subject our systems to external and internal penetration testing, network segmentation testing, and web application vulnerability tests. We monitor our systems daily for any potential signs of fraud, system misuse, or unauthorized penetration. We have built an extensive library of fraud prevention rules, as well as intrusion detection rules that can block unauthorized system attacks as soon as they are detected. Our security experts monitor several sources to identify potential security vulnerabilities (such as the recent Log4J vulnerability) and quickly react to ensure our software is always updated with the latest security patches and countermeasures. All staff are trained in security practices and developers are trained in secure coding practices.
Rest assured, we are always looking out for the wellbeing of our customer’s data and the GiveSignup | RunSignup platform.