MasterCard is a technology company in the global payments industry. We operate the world’s fastest payments processing network, connecting consumers, financial institutions, merchants, governments and businesses in more than 210 countries and territories. MasterCard products and solutions make everyday commerce activities – such as shopping, travelling, running a business and managing finances – easier, more secure and more efficient for everyone. For nearly half a century, MasterCard has been a leader in safety and security. As payment methods continue to evolve, MasterCard is committed to advancing digital security, which includes rigorous testing for potential vulnerabilities. You can help us make our products and services even safer and earn rewards by reporting potential vulnerabilities.
A Couple Important Requirements for MasterCard:
- When submitting a report to MasterCard, please be sure to include your IP address that you were testing from somewhere in your report. It is greatly helpful to MasterCard.
- Due to GDPR and legal requirements. All testing must be conducted using your @bugcrowdninja.com email ID only. If you fail to use your @Bugcrowdninja.com email ID, you run the risk of getting blocked from accessing MasterCard applications.
Use of automated scanners and tools to find vulnerabilities is strictly not allowed. MasterCard requests that testers do not perform automated/scripted testing of web forms, especially "Contact Us" forms that are designed for customers to contact the Support team.
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
What to expect from Mastercard
- For all P1 & P2 valid findings, we will move them to an accepted state within 7 days
- Pal all P3 & P4 valid findings, we will move them to an accepted state within 20 days
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.