Coordinated Vulnerability Disclosure

At Payconiq, we prioritize system security and strive to minimize vulnerabilities. If you detect any weaknesses, we welcome your reports to maintain our secure environment and if you have discovered a new vulnerability, we will be happy to reward you for the effort accordingly.

Collaboration

Feel free to share any detected weaknesses to help us promptly implement suitable measures. We look forward to collaborating with you in order to better secure our systems and protect users.

Not an invitation to actively scan

Under our Coordinated Vulnerability Disclosure Program, unauthorized system scanning is not encouraged. We actively monitor our network, so scans are likely to be detected by our team.

Judicial prosecution

During your investigation, be aware that certain actions may be prohibited by law. By adhering to the conditions outlined in this agreement, we will refrain from taking legal action against you. Nevertheless, law enforcement or any local authority pursuant to applicable law shall reserve the right to further investigate or open proceedings if they deem appropriate.

Our request to you

Kindly send your vulnerability findings to [email protected]

  • Make a good faith effort to prevent privacy violations, destruction of data and interruption/degradation of any of our services.
  • Do not download, read, share or modify any information or data that does not belong to you.
  • Do not share details that relate to the vulnerability with others until fully mitigated.
  • Destroy all remaining private data, resulting from your research, immediately after reporting the vulnerability.
  • Do not use any research attempt that involves breaching or attacking physical security or the use of social engineering, DOS, spam, phishing or any involvement of third parties.
  • Provide details of the vulnerability so that we can reproduce it, including a Proof of Concept (POC), information on the URL, endpoint and IP address, and other necessary information.
  • Allow us to respond and mitigate within a reasonable amount of time.

What we promise

  • We will respond within 3 business days.
  • We will handle your report and personal details with utmost confidentiality.
  • We will keep you informed of the progress towards resolving the problem.
  • We will reward you in cases of serious and unknown vulnerabilities, containing enough information to swiftly reproduce.
  • If you wish, we will mention your name as a vulnerability discoverer in the weakness report.


Note that people who are in any way involved with designing, regulating, auditing, creating or maintaining our services or platform are not eligible for reward.

Out of scope

The following is specifically out of scope and not eligible for reward either:

  • reports without clear description of potential exploits
  • vulnerabilities concerning other sites and domains than the ones affiliated with Payconiq
  • CSFR issues on public and non-authenticated web pages
  • the absence of best practice security headers, like HSTS, HttpOnly, CSP, XSS or click-jacking related headers
  • possible old/vulnerable third party/off-the-shelf systems without evidence that they are exploitable and impacting our platform security
  • TLS/SSL related configuration issues
  • payconiq.be and Payconiq by Bancontact mobile app

Copyright 2022. Payconiq.

Facebook Twitter Instagram Linkedin

Quick Links

  • About Us
  • Services
  • News
  • Blogs

Company

  • Management
  • Our Story
  • Career
  • Partnership

Support

Copyright 2025. Payconiq International

Facebook Twitter Instagram Linkedin

Quick Links

Want to stay up to date?

Follow Us

Quick Links

Privacy statement & Cookies |  Disclaimer  |  Copyright 2022