Payconiq logo
  • Solution
    • Partners
      • Resources
        • News
        • Whitepapers
      • Company
        Contact

        Coordinated Vulnerability Disclosure

        Coordinated Vulnerability Disclosure

        Payconiq highly values the security of our systems and platform, and the effort security researchers put in to improve it.

        Even though we continuously take the utmost care of our systems, it might just happen that you have found a vulnerability or weakness. In order to resolve this swiftly, we kindly request that you follow this guideline to report it to us.

        Only Payconiq owned and administered services are in the scope of this policy. That includes payconiq affiliated web domains like payconiq.com and other payconiq domains, except payconiq.be

        Guideline

        To encourage disclosing your report responsibly, we will not take legal action against you nor ask law enforcement to investigate you, and possibly reward you, provided that you comply with these guidelines:

        • Send the details in an email to [email protected] .
        • Make a good faith effort to prevent privacy violations, destruction of data and interruption/degradation of any of our services.
        • Do not download, read, share or modify any information or data that does not belong to you.
        • Do not share details that relate to the vulnerability with others until fully mitigated.
        • Destroy all remaining private data, resulting from your research, immediately after reporting the vulnerability.
        • Do not use any research attempt that involves breaching or attacking physical security or the use of social engineering, DOS, spam, fishing or any involvement of third parties.
        • Provide details of the vulnerability so that we can reproduce it, including a Proof of Concept (POC), information on the URL, endpoint and IP address, and other necessary information.
        • Allow us to respond and mitigate within a reasonable amount of time.

         

        Note that you will still have to abide by any applicable law and that potential law enforcement consequences are not within our control.

        Our commitment

        We will put effort to

        • respond with 3 business days
        • handle your report and personal details in a confidential manner
        • keep you posted on the progress
        • reward you in cases of serious and unknown vulnerabilities, containing enough information to swiftly reproduce

         

        Note that people who are in any way involved with designing, regulating, auditing, creating or maintaining our services or platform are not eligible for reward.

        Out of scope

        The following is specifically out of scope and not eligible for reward either:

        • reports without clear description of potential exploits
        • vulnerabilities concerning other sites and domains than the ones affiliated with Payconiq
        • CSFR issues on public and non-authenticated web pages
        • The absence of best practice security headers, like HSTS, HttpOnly, CSP, XSS or click-jacking related headers
        • possible old/vulnerable third party/off-the-shelf systems without evidence that they are exploitable and impacting our platform security
        • TLS/SSL related configuration issues
        • payconiq.be and Payconiq by Bancontact mobile app

        Copyright 2022. Payconiq.

        Facebook Twitter Instagram Linkedin

        Quick Links

        • About Us
        • Services
        • News
        • Blogs

        Company

        • Management
        • Our Story
        • Career
        • Partnership

        Support

        • Support Center
        • Transactions
        • Privacy Policy
        • Terms and Conditions

        Copyright 2023. Payconiq International

        Facebook Twitter Instagram Linkedin

        Quick Links

        • Solution
        • Resources
        • Disclaimer
        • Privacy & Security

        Follow Us

        • Facebook
        • Twitter
        • Linkedin
        • Instagram

        Want to stay up to date?

        Follow Us

        • Facebook
        • Twitter
        • Linkedin
        • Instagram

        Quick Links

        • Solutions
        • Partners
        • News
        • Career

        Privacy statement & Cookies |  Disclaimer  |  Copyright 2022