Vulnerability Disclosure Policy

The security of our systems is a top priority at Openpay, and we take all the necessary steps and due diligence to keep our products, systems and processes secure. Despite our best efforts, vulnerabilities and errors may still exist in our products and systems. This policy outlines Openpay’s approach to requesting and receiving any reports relating to vulnerabilities found in our products and systems.  

  • Customers, partners and security researchers who would have interacted with our applications and systems, i.e., the Openpay Website App, Merchant Portal, Customer Portal or the Mobile App can submit the vulnerabilities found via itsecurity@openpay.com.au
  • Enough detail should be provided in the email that will allow Openpay to reproduce the vulnerability on our own. 
  • The person submitting the vulnerability to Openpay agrees to keep the matter confidential, and should not take advantage of the vulnerability by getting involved in activities such as clickjacking, social engineering, phishing, initiating denial of service (DoS) attacks or physical attacks in an attempt to modify or delete Openpay’s data.
  • Openpay will respond to your report within 5 business days and keep you informed of our progress as we work to correct the issue.
  • Openpay will not compensate those finding potential or confirmed vulnerabilities, nor will we publish the names or aliases of those who have reported issues.