Responsible Disclosure

We take the security of our clients’ data very seriously, and strongly encourage anyone who thinks they have discovered a potential security vulnerability in any of our services to disclose it to us responsibly.

We appreciate the assistance of security researchers and are happy to work with them to validate and respond to vulnerabilities that are reported to us in a responsible manner. However, we do not tolerate any of the following, which will be reported to the appropriate authorities and may incur legal action:

• Any attempt to access or modify other people’s data.
• Any attempt to execute a denial of service attack.
• Any attempt to interrupt or degrade the service we offer our customers.
• Any testing against third-party websites, applications or services that integrate with our services.
• Knowingly sending, uploading, transmitting, or linking to any malware, virus or similar harmful software.
• Any testing that involves violation of any applicable law.

Reporting potential vulnerabilities

As we’re part of the Visa team, please read the guidelines here (usa.visa.com).

Donation to charity

If we feel that the vulnerability is significant we will show our appreciation by making a donation on your behalf to your choice of these charities:

• International Federation of Red Cross and Red Crescent Societies
• Médecins sans Frontières (Doctors Without Borders)
• Water Aid
• World Wildlife Fund
• Save the Children
• Survival International
• Sightsavers