This Responsible Disclosure scheme is not intended for reporting complaints. The scheme is also not intended for:
After receiving your report, you will receive an automatic confirmation of receipt from us. You will be notified of the next steps within 3 business days.
Is it a serious security issue? Then you will receive an appropriate reward from us as a thank you for reporting it. Determining what the reward is, is based on the risk and impact of the security problem, and can vary from a t-shirt to a maximum of 250 euros in gift vouchers. Please note: this must be an unknown and serious security problem.
Your contact details are only used to communicate about the report. We do not share these with others, unless law, regulation or judicial authorities require us to do so. If we regard your action as a criminal offence (i.e. you do not act in good faith), we will report it to the police.
If you have reported anonymously, we will not be able to transfer your reward and keep you informed.
You can report a discovered vulnerability in our services via email@example.com.
Please don't make the issue public and only share it via firstname.lastname@example.org. This is how we keep our customers' data safe. It would be great if you give us the time to solve the problem.
When investigating the vulnerability found, do not damage the applications. You may not share data with anyone other than Pay. employees. Furthermore, the service should never be intentionally interrupted by your research.
When researching our systems, you could potentially be doing something that is not allowed by law. If you act in good faith, carefully and in accordance with the rules below, we will not file a report.
Pay. may decide to not reward a report if it concerns a vulnerability with a low or accepted risk. Below are some examples of such vulnerabilities:
Let us know! Keeping our data secure is extremely important to us. That is why we constantly work on keeping our services safe and maintain the highest standards of security. However, should something go wrong, we would like to be informed.
You can report vulnerabilities in our services. Examples: