How do I disclose a security issue?

Disclose security issues

We welcome reports of issues or possible vulnerabilities as part of our responsible disclosure program. At this point, we don't run a bug bounty program.

If the nature of the security issue is sensitive, please provide the following:

  • Send us an email to and encrypt this message using our public PGP key.
  • Give enough detail to enable us to reproduce the flaw so that it can be remedied as soon as possible. The computer’s IP address or ICT system’s URL and a description of the security flaw is usually sufficient. The more complicated the flaw, the more detail we will require.
  • Leave your contact details so that we can contact you later. At least an email address or telephone number.
  • Report the flaw as soon as possible after discovering it.
  • Do not share any information about the flaw with others until it’s remedied.
  • Deal responsibly with the information in your possession. Do nothing beyond what is necessary to demonstrate the security flaw.

Tip: For more information check out our Responsible Disclosure Policy.

Contact security

Our security team is available to answer merchants' specific questions or concerns. The initial contact must be done via Submitting a request to our Support team or your account manager.

The integration security guide

Follow best practices to reduce security risks.

View integration security guide
The illustration of support agent wearing a headset.

Do you need additional help?

Contact our support team

Send us the details of your issue by adding images or screenshots.

Submit a request