Okay

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.

Policies

Vulnerability Disclosure

Electrum is committed to ensuring the safety and security of our clients and employees. We aim to foster an environment of trust and an open partnership with the security community. We recognise the importance of vulnerability disclosures and whistleblowers in continuing to ensure safety and security for all of our clients, employees and company.

We have developed a Responsible Disclosure Policy to both reflect our values and to uphold our legal responsibility to good-faith security researchers that are providing us with their expertise and whistleblowers who add an extra layer of security to our infrastructure. All content on this page has been extracted from this policy.

Electrum defines a security vulnerability as an unintended security weakness or flaw in Electrum’s systems, applications, or services that could be exploited to compromise the confidentiality, integrity, or availability of data or systems.

Scope

The scope of this policy applies to Electrum’s publicly accessible systems, applications, services and payments technology platform. The following techniques are explicitly out of scope for this policy:

  • All forms of social engineering
  • Physical and in-person attacks
  • Any activity that could disrupt the availability or integrity of Electrum’s service or the service that Electrum provides to our clients, such as denial-of-service attacks.

Safe Harbour

Electrum will not engage in legal action against security researchers or individuals who:

  • Act in good faith and within the defined scope and bounds of this policy.
  • Avoid privacy violations, service disruptions, and destruction of data.
  • Provide sufficient details for us to reproduce and validate the issue.
  • Test on products without affecting customers, or receive permission/consent from customers before engaging in vulnerability testing against their devices/software, etc.
  • Adhere to the laws of their location and the location of Electrum.
  • Refrain from disclosing vulnerability details to the public before a mutually agreed-upon timeframe expires.

Submit a Vulnerability

To submit a vulnerability report to Electrum’s Product Security Team, you can either:

  • email your report to vulnerability@electrum.co.za ; or
  • use the submission form below.

Further information regarding preference, prioritisation, and acceptance criteria can be found in Electrum Responsible Disclosure Policy.

By submitting a vulnerability disclosure report, you acknowledge that you have read and accept the scope, terms and limitations of Electrum's Responsible Disclosure Policy.

Company

Trust

About Us

Press Releases

Jobs and Opportunities

Interview Process

Clearing House Payments

PayShap

Real-Time Clearing

EFT Debit & Credit

Account Verification Services

Value-Added Services

Prepaid Airtime and Data

Prepaid Electricity

Bill Payments

LOTTO

Betting

Travel and Event Ticketing

Digital Vouchers

Cash Vouchers

Solutions

Clearing House Payments Modernisation

Turnkey Clearing House Payments

Enterprise Payments Channel

PayShap-ready QR Code Issuing

PayShap for Retailers

Value-Added Services Marketplaces

Resources

Implementation Guides

Technology Updates

Reports, whitepapers & flyers

Blog

Developer Portal

Contact us

16A Newmarket St, Foreshore,
Cape Town, South Africa

hello@electrum.co.za

+27 21 448 6422 (office)

+27 21 447 1227 (support)

© Electrum Payments

Terms of usePrivacy Policy | Vulnerability DisclosurePAIA manual