Responsible Disclosure

Our Policy

Paymentsense is committed to ensuring the security and safety of our customers and partners. We aim to foster an open partnership with the security community and recognise the role that security researchers play in online security.

Please read this policy in full before you test and/or report a vulnerability. We pledge not to initiate legal action against researchers for penetrating or attempting to penetrate our systems as long as they adhere to this policy.

Scope

Paymentsense Vulnerability Disclosure Program covers the following: 

• Paymentsense.com website
• Paymentsense mobile applications 
• Paymentsense owned API’s and gateways

Not in scope

The following is not in scope:

• Paymentsensegateway.com 
• Any third party hosted SaaS 

How to report

To report a potential vulnerability please send an email to security@paymentsense.com.

Please ensure to include how you found the bug, the impact, and any potential remediation advice

Paymentsense does not permit the following types of security research:

• Accessing our data or information
• Exploiting vulnerabilities or impacting our production services
• Social engineering any Paymentsense employee, contractor or customer
• Denial-of-Service, brute force or credential stuffing attacks
• Anything involving physical security
• Violation of any laws or regulations
• Requiring financial compensation in order to disclose vulnerabilities

Our promise

• We will do our best to respond to you within 2 working days
• We will keep you up to date throughout the process of triage and remediation
• We will notify you when the vulnerability has been remediated
• If the vulnerability is valid, we will credit you by name on our websites responsible disclosure page