The IPSC membership portal has been designed with the highest standard of internet security in order to protect the personal information of its members and clubs.
All identifying data for members and clubs are stored in a non-public, encrypted data store, separately from the main membership database.
The IPSC deems the following data fields to be considered as sensitive and access to such for read/write operations are subject to encryption.
All communications to the Membership Portal are secured by a 256-bit Security Certificate. This ensures that all communications between your browser and the Membership Portal are encrypted and not subject to “man in the middle” attacks.
The Website itself is a static site, meaning that there is no server side scripting that could be affected by SQL Injection attacks or buffer overflow attacks.
The Website only knows how to push information to the secure data endpoints, there is no 2-way communications between the secure data endpoints and the Portal. This ensures that information can only go in, no information can go back out of the secure data endpoint.
All member and club applications are transmitted over a secure endpoint that operates on a PUSH ONLY basis. No data is ever retrieved from the secure endpoint to the members portal.
All data fields considered sensitive are split from the main membership application and stored in the secure encrypted database. Access to this information is subject to the security policy above (see Secure Data Storage)
Change of details form does not automatically update the main membership record. This process is similar to filling in a paper copy of the affiliation/membership form to update member and club information and requires an administrative user to review and make the updates to the record, subject to the security policy above (see Secure Data Storage).
Renewals for memberships and clubs are push system, no information is verified from the secure endpoint. In order to mitigate the risk of a member incorrectly entering in another members Membership ID, there is a requirement to enter a validation code in order to validate the Membership ID and the amount being paid as renewal.
This validation code is present on the following renewal advices: