Menú
Crear una cuenta Iniciar sesión
es
    Your Region
    Choose language
  • USA English

BUG BOUNTY PROGRAM POLICY

1. Introduction

PAYEER Limited (hereinafter; our, us, we) values external security researchers and recognizes their importance on improving security of the services offered by us to stay up-to-date with the latest security techniques and technological developments. For this reason, we decided to implement a Bug Bounty Program (hereinafter; the Program), which aims to encourage security experts to share the security issues that they discovered within PAYEER Limited platform. 

2. Reporting

To participate in the program you must report the discovered bugs, exploits, or security issues, as per the instructions given in this section. 

Provide identification information: 

  1. Contact name and the organization you are working for,
  2. Your corporate identification code (if any),
  3. Contact details.

Provide information on security issue: 

  1. Specify which services affected,
  2. Describe clearly the security issue and its potential impact on the users,
  3. Provide technical details and other details necessary to reproduce and validate,
  4. Your recommendations to resolve the issue,
  5. Please attach all necessary evidence (screenshots, videos, etc.).


All reports must be submitted to Support Service on Contacts page.

3. Eligibility

To ensure fair grounds for rewarding the participating security experts, we decided to distribute the rewards based on the following criteria. 

  1. You must agree and adhere to the Bounty Program Rules and other provisions outlaid in this policy. 
  2. You must be at least 18 years old or older (or have reached the age of majority in the jurisdiction that is applicable and not considered as a minor – the older will be taken into consideration). 
  3. You must be residing and participating from a country where there are no local sanctions that outlaws PAYEER Limited’s operations, and there are no international sanctions or other trade restrictions against your country that PAYEER Limited is obliged to comply. 
  4. You must be the first person to report the security issue to be eligible for claiming the bounty. 
  5. The reported security issue or bug must involve PAYEER Limited’s platform or PAYEER Limited’s products and in scope of the Program. 
  6. The security issue must be determined as a valid security issue with significant impact by PAYEER Limited
  7. You must provide additional information as needed by our team. 

4. Rules

You are expected to abide the laws at all times, however, we also require you to adhere the following rules.

  1. Bug Bounty Program is only applicable for public service provided by PAYEER Limited, our private services or services provided by our partners are not covered by this Program.
  2. You must respect the provisions of GDPR and any other regulations that may be applicable to the actions that you will carry out during Bug Hunting. 
  3. You must report every bug, exploits, and security issues discovered, and not use it or share with others. 
  4. You must not intentionally harm the service and the platform, or take actions that will impact the experience or usefulness of our service and platform
  5. You must not attempt any attacks that degrades our services and/or platform, denial service attacks, or non-technical attacks (i.e. attacks on employees and/or users, phishing, social engineering etc.) 
  6. You must not attempt to access, damage, view, modify, or view our data or the data of our users.

5. Targets

Scope. Vulnerabilities are accepted in the following areas:

  • Website;
  • Mobile Application;
  • API. 

6. Rewards

If a vulnerability is found, we will reward you according to the level of criticality of the vulnerability found. Our rates are listed in the table below:

Exploit Score Reward
Critical up to $10,000
High up to $1,000
Medium up to $500
Low up to $100

Vulnerability types:

Low: Minor vulnerabilities that do not directly affect security, but can be exploited in combination with other vulnerabilities.

Medium: Vulnerabilities that can lead to data compromise, but require complex conditions to exploit.

High: Vulnerabilities that can lead to serious consequences, such as data leakage or system disruption.

Critical: Vulnerabilities that can lead to complete control over the system or critical data leakage.

7. Confidentiality

Information discovered related to our technology and information security are confidential and it should not be shared with any third-parties. Any information you receive or collect about PAYEER Limited and its services or any users that is part of the platform must be kept confidential and only used for reporting to participate in PAYEER Limited’s Bug Bounty Program. 

8. Warranties and disclaimers

PAYEER Limited does not make warrants of any kind, please keep in mind that you participate in this program on your own risk. We reserve the right to modify terms and conditions of this policy, and we may cancel this program at any time. 

9. Contacts

All reports must be submitted to Support Service on Contacts page.

Payeer Mobile App Payeer Mobile App
Descargar
la aplicación PAYEER®
Más de 10,000,000 de descargas.
1
0
2
7
1
9
9
4
4.8/5
Payeer Mobile App Payeer Mobile App
APPSTORE GOOGLE PLAY