Coordinated Vulnerability Disclosure - Responsible Disclosure

We want our customers to use our banking services safely. That is why we continuously improve our systems & processes to keep them comfortable & up to date in this respect. Still there are chances that unintentional weakness might exist in a system. Therefore we encourage responsible disclosure of the vulnerabilities that you have come across/or observed in our online services.
You can directly reach our security teams at: Responsible-Disclosure@dhbbank.com.

In Scope

You can report all findings regarding the security of DHB Bank’s online services, as soon as discovered. Potential vulnerabilities might relate to:

  • Remote Code Execution
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL Injection
  • Encryption vulnerabilities
  • Bypassing authentication or unauthorized access to data
Not in Scope
This hotline is specifically for reporting of technical vulnerabilities and not for the following:

How to report a weakness
Weaknesses can be reported by email to Responsible-Disclosure@dhbbank.com. Please use our secure file transfer service to send your report securely & directly to the above mentioned email address so that it is not intercepted by cyber criminals. The report should state concisely & clearly the observed weakness(es).
We will investigate & take appropriate action immediately.

Handling Report
Our security team will investigate the report and will contact you within five working days to discuss the weakness, how vulnerability was discovered and follow-up action.

Privacy
Your personal details will only be used to take action based on your report and communicate back. Personal details will not be shared outside DHB Bank without your explicit permission unless required to do so by law.

To know more about rules of engagement, please click here.