Responsible Security Vulnerability Disclosure PolicyUpdated on August 18, 2020
Information security is taken very seriously at EBANX, which is why we are committed to adhering to the industry's best practices and regularly undergoing the scrutiny of both internal and external audits to ensure we are capable of protecting ourselves, our merchants, partners, and customers from any associated risk.
EBANX also acknowledges the positive impact that responsible security research can have on our services and the important role that the external security community plays in it.
If, despite our best efforts, you believe to have found a security issue within our APIs, systems, plugins, SDKs, platforms and/or applications, please provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC), and any other information you deem necessary to reproduce or to access the impact of the vulnerability.
In addition, we explicitly ask researchers to refrain from:
Anything that could possibly degrade the availability of our services (e.g. denial of service attacks)
Impersonation and other social engineering attacks (including phishing) to our employees, merchants, partners and/or customers.
Physical security attacks
Data privacy violations
Modification of any data
Publicly disclosing an issue before we get a chance to address it within a reasonable amount of time
We currently do not have a bug bounty or vulnerability reward program.
We will attempt to reply to you within 1-2 business days. By following the guidelines above, we commit to not taking legal action against you or seeking the involvement of law enforcement.