If you have found a security flaw, please report it to us!
At Ziklo Bank we take security very seriously and we strive to maintain the highest level of security in all our operations. It’s important that our customers and partners feel safe when doing business with us.
We have structured ways of working with security, however sometimes we might have missed something important. If you think you have found a security issue in one of our services, please report it to us so that we can mitigate the problem as soon as possible.
How to report an issue
Send an email to responsible-disclosure@ziklo.com. We ask that you provide at least the following information:
- Detailed description of the vulnerability including URL and type of vulnerability
- A screenshot of the vulnerability if applicable
- Any information we may need to reproduce the problem
- Contact information, name, email, and phone number
You can report an issue anonymously but then we won’t be able to keep you informed about the progress, or when a fix is ready.
What issues can you report?
You can report any issues you found related to e.g. cross site scripting, flaws in encryption or security problems in logic. We will not answer any questions related to our security or services via this channel.
What information will you as a reporter receive from Ziklo?
We will continuously keep you updated while we process the issue, and we will inform you once we have a fix.
We will not accept claims of compensation as a condition for submitting a report.
What Ziklo expects from you
We expect that you as a reporter adhere to good practices regarding responsible disclosure i.e.:
- You do not use the vulnerability to attempt to gain access to any information
- You do not use the vulnerability to remove or modify any information
- You do not use the vulnerability to affect our services e.g. by DoS-attacks
- You allow us to have the opportunity to remediate the vulnerability before you disclose information about it publicly