Responsible Disclosure
Last updated: 05 August 2019
Responsible Disclosure
We take the security of our clients’ data very seriously, and strongly encourage anyone who thinks they have discovered a potential security vulnerability in any of our services to disclose it to us responsibly.
We appreciate the assistance of security researchers and are happy to work with them to validate and respond to vulnerabilities that are reported to us in a responsible manner. However, we do not tolerate any of the following, which will be reported to the appropriate authorities and may incur legal action:
- Any attempt to access or modify other people’s data.
- Any attempt to execute a denial of service attack.
- Any attempt to interrupt or degrade the service we offer our customers.
- Any testing against third-party websites, applications or services that integrate with our services.
- Knowingly sending, uploading, transmitting, or linking to any malware, virus or similar harmful software.
- Any testing that involves violation of any applicable law.
Reporting potential vulnerabilities
Please share the details of any suspected vulnerability with us by sending email to our security team at [email protected]. You should include as much information as possible in your report, including how we can reproduce the issue.
Our commitment
For all researchers following this Responsible Disclosure Policy, we commit to:
- Acknowledge receipt of your email in a timely fashion.
- Provide an estimated time-frame for addressing the vulnerability.
- Notify you when the vulnerability is fixed.
Compensation
We do not offer compensation to individuals or organizations for identifying potential or confirmed security vulnerabilities, and requests for monetary compensation will be treated as a breach of this Responsible Disclosure Policy.
Donation to charity
Although we do not offer monetary compensation, if we feel that the vulnerability is significant we will show our appreciation by making a donation on your behalf to your choice of these charities:
- International Federation of Red Cross and Red Crescent Societies
- Médecins sans Frontières (Doctors Without Borders)
- Water Aid
- World Wildlife Fund
- Save the Children
- Survival International
- Sightsavers
Hall of Fame
Currencycloud would like to acknowledge and thank the following people for helping us to improve our security:
| Reporter | Date | Contact |
| Pritam Mukherjee | 26 April 2020 | https://www.linkedin.com/in/pritam-mukherjee-urvil-b75ab9b9/ |
| Pethuraj M | 31 July 2019 | https://www.pethuraj.in/ |
| Rayen Messaoudi | 8 May 2019 | https://www.linkedin.com/in/rayenmessaoudi/ |
|
Prabhjot Dunglay |
18 April 2019 | https://www.linkedin.com/prabhjotdunglay |
|
B.Dhiyaneshwaran |
29 January 2019 | www.linkedin.com/in/dhiyaneshwaran-b-27947a131/ |
|
Sameer Phad (@sameerphad72) |
15 January 2019 | twitter.com/sameerphad72 |
| 15 June 2018 | CodeCanCare | |
|
Jolan Saluria |
21 May 2017 | – |
|
Abhishek Sidharth |
21 May 2017 | – |
|
Sreedeep Alavil |
4 May 2017 | |
| Ketankumar Godhani | 22 April 2017 |
Latest Releases
Understanding the impact of new EU transparency rules
With so much focus on COVID-19, you could be forgiven for missing an important change to the payments landscape in Europe. On 19 April, the latest stage of the EU’s Cross Border Payments Regulation (CBPR2) came into force. Read more: How can challenger bank card...
The platform economy: what can we learn from Thomas Cook?
Many lessons can be learned from the recent collapse of Thomas Cook, the world’s oldest travel company, and the benefits of leveraging the platform economy. Not least of these is the company’s failure to adapt to changing customer expectations - notably a shift from...
Keeping secure requires robust measures, but there is a solution
Cyber-security and data protection are rapidly growing concerns for any business that feels unprepared to deal with the consequences of a hack. Whilst stringent measures are often put in place by companies, keeping ahead of the security game is key to staying...