Stanchion Payment Solutions 
Responsible Disclosure

The following Responsible Disclosure Guidelines describe the voluntary program through which Stanchion Payment Solutions will engage with parties who identify and report to Stanchion Payment Solutions potential security vulnerabilities.


These Responsible Disclosure Guidelines offer direction for identifying and submitting information regarding potential vulnerabilities to Stanchion Payment Solutions and apply only to disclosure of potential vulnerabilities affecting systems owned or controlled by Stanchion Payment Solutions, not to those affecting any other systems, including those owned or controlled by any Stanchion Payment Solutions clients, business partners, or others.

Submission Form

Identified a potential security vulnerability? Please share your findings through the form.

Reporting Process

Reporting parties must submit their information. All queries will be directed to the responsible IT Security team at Stanchion Payment Solutions.

Reporting Instructions

Your report must include the following information:

  • Contact email address
  • Vulnerability description
  • Vulnerability locations
  • Validation steps
  • Recommended fix
  • Assumed impact
01. Vulnerability Overview 02. Detailed Description
    • Authorization Permissions
    • Brute Force
    • Content Injection
    • Cross-site Request Forgery (CSRF)
    • Cross-site Scripting (XSS)
    • Cryptography
    • Functional/Business Logic
    • Information Disclosure
    • Insufficient Transport Layer Protection/SSL
    • Remote Execution
    • Server/Application Misconfiguration
    • SQL Injection
    • Other
    • Access/Privacy Control Violation
    • Account Enumeration
    • Cookie-related Flaws
    • CSV Injection
    • Default Credentials
    • Directory Structure Enumeration
    • DOM-based XSS
    • Email/Password Recovery Flaw
    • File Inclusion (No execution)
    • Insecure Direct Object Reference
    • Lack of Rate Limiting Protections (i.e. CAPTCHA)
    • Login Authentication Bypass
    • Path Traversal
    • Persistent XSS
    • Reflected XSS
    • Sensitive Directory/File Contents Disclosed
    • Server-Side Request Forgery (SSRF)
    • Spoof HTML Content
    • SSO Authentication Bypass
    • UI redressing/Clickjacking
    • Unvalidated Redirects
    • XML External Entity (XXE)
    • Other
Continue

Thanks for your interest

We will review your form and contact you as soon as possible.

Responsible Disclosure Policies

No Compensation

Stanchion Payment Solutions does not provide compensation in exchange for information pertaining to security vulnerabilities under this Responsible Disclosure Program.

Anonymous Reporting

Stanchion Payment Solutions may choose not to pursue, contact, or otherwise interact with reporters who decline to identify themselves when making the report.

Good Faith Commitment

Stanchion Payment Solutions will deal in good faith with reporting parties who comply with these Responsible Disclosure Guidelines.

Low-Quality Reports

Stanchion Payment Solutions may choose to disregard submissions by parties who submit a high volume of low-quality reports.

Research and Vulnerability Disclosures

  • Protection for Responsible Security Researchers

    For parties who conduct security research and vulnerability disclosure activities in accordance with these Responsible Disclosure Guidelines, (1) Stanchion Payment Solutions will not initiate or recommend any law enforcement or civil lawsuits related to such activities, and (2) in the event of any law enforcement or civil action brought by anyone other than Stanchion Payment Solutions, Stanchion Payment Solutions will take reasonable steps to make known that the activities of the affected parties were conducted pursuant to and in compliance with these Responsible Disclosure Guidelines.

  • Permitted Activities Under Responsible Disclosure

    For parties who conduct security research and vulnerability disclosure activities in accordance with these Responsible Disclosure Guidelines, (1) Stanchion Payment Solutions will not initiate or recommend any law enforcement or civil lawsuits related to such activities, and (2) in the event of any law enforcement or civil action brought by anyone other than Stanchion Payment Solutions, Stanchion Payment Solutions will take reasonable steps to make known that the activities of the affected parties were conducted pursuant to and in compliance with these Responsible Disclosure Guidelines.


  • Prohibition of Unlawful Activities

    Stanchion Payment Solutions does not authorize, permit, or otherwise allow (expressly or impliedly) anyone to engage in any illegal activity. If you engage in any activities that are inconsistent with these Responsible Disclosure Guidelines or any applicable law, you may be subject to criminal and/or civil liabilities.

NOTE: Stanchion Payment Solutions reserves the right, in its sole discretion, to modify the terms of these Responsible Disclosure Guidelines or to terminate any or all of them at any time.