Paymentsense is committed to ensuring the security and safety of our customers and partners. We aim to foster an open partnership with the security community and recognise the role that security researchers play in online security.
Please read this policy in full before you test and/or report a vulnerability. We pledge not to initiate legal action against researchers for penetrating or attempting to penetrate our systems as long as they adhere to this policy.
Paymentsense Vulnerability Disclosure Program covers the following:
- Paymentsense.com website
- Paymentsense mobile applications
- Paymentsense owned API’s and gateways
Not in scope
The following is not in scope:
- Any third party hosted SaaS
How to report
To report a potential vulnerability please send an email to firstname.lastname@example.org.
Please ensure to include how you found the bug, the impact, and any potential remediation advice
Paymentsense does not permit the following types of security research:
- Accessing our data or information
- Exploiting vulnerabilities or impacting our production services
- Social engineering any Paymentsense employee, contractor or customer
- Denial-of-Service, brute force or credential stuffing attacks
- Anything involving physical security
- Violation of any laws or regulations
- Requiring financial compensation in order to disclose vulnerabilities
- We will do our best to respond to you within 2 working days
- We will keep you up to date throughout the process of triage and remediation
- We will notify you when the vulnerability has been remediated
- If the vulnerability is valid, we will credit you by name on our websites responsible disclosure page