It is important for us at Swedbank that our customers can feel safe and secure when doing business with us. We have therefore a structured approach to security in all of our development and management of systems and constantly strive to achieve the highest possible security and quality. Despite this, an error may slip by. If you have found a security flaw, we would like to hear more about it to be able to correct the problem as soon as possible.
How do you report?
Send an email to us at firstname.lastname@example.org. We prefer that you use our public PGP key to protect the information you send over. Make sure to have included the following information.
- Detailed description of the vulnerability containing such info as URL and type of vulnerability.
- The necessary information that we need in order to reproduce the problem.
- If applicable, a screenshot of the vulnerability you have found.
- Contact information, name, email, phone number, and your public PGP key (if you have one).
What can you report?
You can report security flaws that you have found in any of our services. Examples of security flaws are cross-site scripting, flaws in encryption or flaws with security implications in logic controls. The reporting service is not for other logical errors, errors in texts, questions about our services, questions about the security of our services or similar.
What can you expect of Swedbank?
We will confirm that we have received your description, continuously keep you updated while we process the issue, and inform you when the issue is fixed.
Claims for compensation as a condition for sending in a vulnerability is not accepted.
What is required of you?
It is important for both us and our clients' security that you follow good practice, i.e. that:
- You do not use the vulnerability to access or attempt to access information that does not belong to you
- You do not use the vulnerability to remove or modify information
- You do not affect the availability of our services through denial of service attacks
- You give us an opportunity to fix the reported vulnerability before going public with it.
Can you file a report anonymously?
Yes, but then we cannot respond back and keep you updated on the status
Key ID: 0x0AD6CCAF
Fingerprint: 2D14 4030 6D4B 68C3 F286 3AC6 333B E8E4 0AD6 CCAF