How do I disclose a security issue?
Disclose security issues
We welcome reports of issues or possible vulnerabilities as part of our responsible disclosure program. At this point, we don't run a bug bounty program.
If the nature of the security issue is sensitive, please provide the following:
- Send us an email to email@example.com and encrypt this message using our public PGP key.
- Give enough detail to enable us to reproduce the flaw so that it can be remedied as soon as possible. The computer’s IP address or ICT system’s URL and a description of the security flaw is usually sufficient. The more complicated the flaw, the more detail we will require.
- Leave your contact details so that we can contact you later. At least an email address or telephone number.
- Report the flaw as soon as possible after discovering it.
- Do not share any information about the flaw with others until it’s remedied.
- Deal responsibly with the information in your possession. Do nothing beyond what is necessary to demonstrate the security flaw.
Tip: For more information check out our Responsible Disclosure Policy.
Our security team is available to answer merchants' specific questions or concerns. The initial contact must be done via Submitting a request to our Support team or your account manager.
Was this article helpful?
The integration security guide
Follow best practices to reduce security risks.View integration security guide