How do I report a security issue?
Maintaining a secure platform for our merchants
In an ever-changing landscape, engineering for ambition comes with risks. It’s inevitable that Adyen as a business will face different threat actors and potential disruptions. However, Adyen is prepared to deal with such situations thanks to our operational resilience and incident response readiness.
Maintaining availability of the Adyen platform and a secure environment for merchants and data is Adyen’s highest priority. To achieve the dual mandate of protecting (cardholder) data and preserving stability and reliability of services, Adyen implements an incident response framework that consists of a set of processes, technology and experts. It specifies actions, escalations, mitigation, resolution, and notification of any potential incidents impacting confidentiality, integrity, or availability of Adyen services.
If an incident is detected our highest priority is to resolve or mitigate any negative effects. We ensure that the appropriate teams, those who have the best toolset/knowledge, are involved as soon as possible.
Report security issue
We welcome reports of issues or possible vulnerabilities as part of our responsible disclosure program. At this point, we don't run a bug bounty program.
If the nature of the security issue is sensitive, please provide the following:
- Send us an email to email@example.com and encrypt this message using our public PGP key.
- Give enough detail to enable us to reproduce the flaw so that it can be remedied as soon as possible. The computer’s IP address or ICT system’s URL and a description of the security flaw is usually sufficient. The more complicated the flaw, the more detail we will require.
- Leave your contact details so that we can contact you later. At least an email address or telephone number.
- Report the flaw as soon as possible after discovering it.
- Do not share any information about the flaw with others until it’s remedied.
- Deal responsibly with the information in your possession. Do nothing beyond what is necessary to demonstrate the security flaw.
Tip: For more information check out our Responsible Disclosure Policy.
Adyen’s security team is available to answer merchants' specific questions or concerns. The initial contact must be done via our Support team or your account manager.
The integration security guide
Follow best practices to reduce security risks.View integration security guide