Home

Services

Sports

About Us

Contact Us

LSS has been with us every step of the way from development to deployment. The support from LSS has been nothing short of SPECTACULAR.

Ray Ward

VP, Eastern New York Youth Soccer Assoc.

Data Security

SportsSignup and our partners commit to the highest level of security available. This statement covers the following topics, and what SportsSignup and our partners are doing to ensure the security of your information and the availability of our application(s):

• Web Site Security
• State-of-the-Art Data Center
• Application Security
• Database Security
• Application Availability

 

Web Site Security

It is important and expected that the link between the end user’s Browser and our Web Site (web server) is secure – that the information remains private and integral. Our application uses Secure Sockets Layer, SSL, the standard security technology for creating an encrypted link between a web server and a browser. SSL is an industry standard that uses 128 bit key encryption, and is used by millions of websites in the protection of their online transactions with their customers.

In order to be able to generate an SSL link, a web server requires an SSL Certificate (X.509). Our certificate is provided by Comodo Group (comodogroup.com).

The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session - the Padlock:

( As seen by users of Internet Explorer 6.0 )

Clicking on the Padlock displays our SSL Certificate and details. When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user.

Transaction Security

When registrants use the SportsSignup system to make payment via credit card, the payment information is entered on a secure web page, using SSL encryption (see Web Security section) and processed via the Customer’s merchant account. Only the last 4 digits of the credit card number are stored in the SportsSignup system. The Customer name (e.g. "Springfield Soccer League”) will appear on the registrant’s credit card statement.

For Customer’s electing to have SportsSignup process credit cards on their behalf, payment information is entered on a secure web page, using SSL encryption (see Web Security section) and processed by Authorize.Net, a leader in secure payment processing. Only the last 4 digits of the credit card number are stored in the SportsSignup system. A charge from www.SportsSignup.com will appear on the Registrant’s credit card statement.

The SportsSignup system is PCI Complaint. SportsSignup is enrolled in Trustwave's Trusted Commerce program to validate compliance with the Payment Card Industry Data Security Standard (PCI DSS) mandated by all the major credit card associations including: American Express, Diners Club, Discover, JCB, MasterCard Worldwide, Visa, Inc. and Visa Europe.

Trustwave's Trusted CommerceSM designation indicates that SportsSignup protects credit card and order information in accordance with payment card industry best practices.

State-of-the-Art Data Center

SportsSignup's application are operated on servers hosted and managed by Logical Net Corporation, a major data hosting provider in operation since 1994.

 

Logical Net's Data Center provides the physical environment necessary to keep our applications running 24 hours a day, 7 days a week. The state-of-the-art facility houses equipment optimized for Internet-based applications, which have demanding availability requirements.

The Logical Net Data Center has fully redundant T-3 links to the Internet. The links are provided by Time Warner and Verizon. The Internet bandwidth providers are Sprint and AT&T.  The core network uses redundant Cisco 7700 series routers and redundant Cisco switches. The data center is controlled and protected with redundant 22-Ton Liebert cooling units, redundant FM200 automatic fire suppression systems, a room-sized UPS, and a generator which starts automatically if power is interrupted. The servers have RAID 1 disks (mirrors).

Application Security

To ensure application security and data protection, the following is in place:

• Cisco routers with advanced port blocking
• All ports except 80 and 443 blocked to the public
• Maintenance access to server only via VPN
• Intrusion Detection
• 24-hour network and server monitoring
• Security auditing
• All usernames/passwords are changed from their default values
• All applicable Patches and updates are run after testing and approval

Database Security

Data is stored in Microsoft’s SQL Server database. There are several keys to managing a secure database that Logical Net performs:

• Advanced SQL Server Security Configuration
• Installing SQL Server Patches
• No default database passwords
• Run on a dedicated machine with no external visibility

Application Availability

Logical Net has invested in many areas to ensure very high availability (up time). Logical Net has maintained 99.99% uptime with 24x7x365 monitoring. The key to such high availability is redundant systems, such that if one fails, another is available to keep the system going while the repair is made.

 

Home    Contact Us    Privacy Policy   Site Map   Our Blog   About Us