EBANX Compliance and Legal Hub

EBANX Terms & Conditions

Responsible Security Vulnerability Disclosure Policy

Updated on August 18, 2020.

Information security is taken very seriously at EBANX, which is why we are committed to adhering to the industry's best practices and regularly undergoing the scrutiny of both internal and external audits to ensure we are capable of protecting ourselves, our merchants, partners, and customers from any associated risk.

EBANX also acknowledges the positive impact that responsible security research can have on our services and the important role that the external security community plays in it.

If, despite our best efforts, you believe to have found a security issue within our APIs, systems, plugins, SDKs, platforms and/or applications, please provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC), and any other information you deem necessary to reproduce or to access the impact of the vulnerability.

In addition, we explicitly ask researchers to refrain from:

  • Anything that could possibly degrade the availability of our services (e.g. denial of service attacks)

  • Spamming

  • Impersonation and other social engineering attacks (including phishing) to our employees, merchants, partners and/or customers.

  • Physical security attacks

  • Data privacy violations

  • Modification of any data

  • Publicly disclosing an issue before we get a chance to address it within a reasonable amount of time

Reporting

Please send your report to security@ebanx.com. You can also optionally encrypt your message with our PGP key, available here.

We currently do not have a bug bounty or vulnerability reward program.

We will attempt to reply to you within 1-2 business days. By following the guidelines above, we commit to not taking legal action against you or seeking the involvement of law enforcement.