Disclaimer

BinckBank forms part of BinckBank NV, established on the Barbara Strozzilaan 310, Amsterdam (1083 HN), Netherlands and registered with the Chamber of Commerce in Amsterdam under number 33162223. BinckBank NV is authorized by De Nederlandsche Bank, PO Box 98, 1000 AB Amsterdam and is registered with the Authority for the Financial Markets, PO Box 11723, 1001 GS Amsterdam. BinckBank’s VAT number is NL007606552B01. 

The information contained in this website (hereinafter referred to as the “website”) has been compiled by BinckBank NV (a Public Limited Company established in accordance with Dutch law, having its registered office in Amsterdam at Barbara Strozzilaan 310, hereinafter referred to as "BinckBank"). BinckBank has a licence as defined in article 2:11 of the Dutch Financial Supervision Act (Wft) and is registered as such with the Dutch Central Bank (DNB) and the Netherlands Authority for the Financial Markets (AFM). By virtue of this licence, BinckBank is authorised to offer and perform investment services and related banking services in relation to listed and unlisted financial instruments. BinckBank does not provide any personal (investment) advice as part of its services. As a member of Euronext N.V. (hereinafter referred to as “Euronext”), BinckBank may effect transactions in financial instruments, in the role of Broker, on the exchanges held by Euronext.

The rates, opinions, news, data and other information on this website (hereinafter referred to as “Information”) are subject to constant change and originate in part from third parties. BinckBank takes the utmost care in compiling the Information, but makes no guarantee that the Information is complete and/or accurate. Furthermore, BinckBank accepts no liability whatsoever for direct or indirect losses arising from the use of the Information, except in the case of wilful misconduct or gross negligence on the part of BinckBank. 

The Information on this website does not represent any offer or invitation from BinckBank to the visitor to this website to trade in financial instruments in any way or to make use of the services of BinckBank. BinckBank reminds visitors to this website of the fact that the Internet is not always a fully reliable service for the transmission of and access to Information and that interruptions, delays and errors may occur at any time. BinckBank accepts no liability for direct or indirect losses relating to a (temporary) inability to gain access to or to use this website or for any delay or error in sending or receiving messages, including announcements and instructions, via this website. 

The rights to this website and the Information belong to BinckBank or its suppliers and are protected under copyright and other intellectual property rights. Except for personal and non-commercial use, the Information and/or other parts of this website may not be reproduced, stored in a retrieval system, or transmitted in any form or by any means, whether electronic, mechanical, photocopying, recording or otherwise, without prior written permission from BinckBank. In particular, the posting of Information in full or in part to newsgroups, mailing lists, electronic bulletin boards, chat boxes or comparable discussion forums by the visitor without prior written permission from BinckBank is expressly prohibited. 
For information on the protection and processing of personal data, please consult the BinckBank Privacy Statement. These terms of use are governed by Dutch law. All disputes arising from or connected with these terms of use, the website and/or the Information will be submitted to the competent court in Amsterdam. 

BinckBank Security

The information on this page is intended for security researchers interested in reporting security vulnerabilities to BinckBank. If you are a customer of BinckBank and have questions concerning fraud, phishing or malware, please contact our customer service at info@binckbank.com

At BinckBank, the security of our systems and protection of your information are our top priorities. Our specialists work day and night to optimise our systems and processes. Despite the effort we put into the security of our systems, vulnerabilities can still be present.

If you are a security researcher and have discovered a vulnerability in our systems you could help us by reporting these vulnerabilities to us, so that we can improve reliability of our systems together. Please send us your report (in English or Dutch) via e-mail to: responsible-disclosure@binck.nl. Priority will be granted to encrypted reports. Reports can be send anonymously.
Our security team will investigate your finding/findings and attempt to respond within two working days. 

PGP key
If you want to encrypt your message, please use our PGP key.
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFow44EBEAD1vf3De5gOgczr1IZTYQwmRCi+u9HjnVDBC2lnvRJqlnY0VSz6
lM/c0ryvlF+4wnevtM/0wWLQFupeWdaXbCX350JlAYYOHUyKoMPnZffBOaxVPthn
9pRRZfL2pX95hk+KugwS6YpzIErWfDfpPTLM3IayirO7HgBjL4wSO40B+cY2KgIr
R8AyEyjaFtQnVhEyUapflO2wL05LRoXqTfGp66UbDAhD0cp8D0YclwjIn92pEmon
jIRCCymr/LB1fQ7JBv7KQ7dEi8Yu6/bb3ilQh840z52gTHnW9ZupvaSe9pFh3ip+
9vRbH38gqCJNNBLPF60CcrcdFZYaDZDqSleRcKBn7n6j0xFJ/JJBGR/2jm55Xxav
m6PP+eZCcuMlXKgWVxc9TWKKxsYVjgbh+jKlQZzLIGaQCCGYXShtUCtDJSCXTuoz
fYF63RjU0RBUhSozqNdHI6G0szyMgtqYIFH8Y+ygB+4MgODUyHJUf52egYJOHtNy
rZuvvD1NBiPl8LhTXs05NTz3HalRNTIKogMjQ1FJeRbZZoe1uKTG4dJS2T+qrZaT
9JS1zbeb6xVv5isliQxlKob1q3YwFyq8K+q3r6VjIyQ4HUGq61B9ZNfHRJZZVhOJ
UkzfFmxeDbAIxHFXJ7hhAOziZttKA/tv5nFlkhyqtc7TLyltg0OJ6u3IXwARAQAB
tFdCaW5ja0JhbmsgUmVzcG9uc2libGUgRGlzY2xvc3VyZSAoQmluY2tCYW5rIFNl
Y3VyaXR5KSA8UmVzcG9uc2libGUtRGlzY2xvc3VyZUBiaW5jay5ubD6JAj4EEwEC
ACgFAlow44ECGwMFCQHhM4AGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELJs
ojNgV1LOqlYP/1wttA+O2XGHuL6Tk9duig+MDuRorXejlyYy970+rBEmg8+xfsmf
4jNLt7u5aaD1n9Rp6HuBMmZF8OHqvdnmVtAojpbkdqqD3EKDEigKA54XY+xKV2uN
M8ibLw3AWFNZ1+eSK73mdO0t+TyWTFB+1UYCjE39X6mQc/yUPYYucgjosoIesSgr
YOPZfWTxjkpHCF5oj97SD0Ch2qqn5C5+2nTQY7a1YK/nUXymgXr0rAVvAQqDn5++
YqgOV3mWnlob0cXkCTIRvevO/SHsQ7UtSF6Xw5Y7Awr0e1dZ7daz9aoXcFeb8B3R
Q2REYXUHjEJHiposGJCpcl4GBFXeS4yVlf9WIkIYhhhhtCPlsmiU4B/ijIbISwW9
1IZXLihTQbqguNs6hSl+SWVnK3MHJcyrSuBjXuYRGkQcd0nQ1ZPQuFYuQnjvY5VF
+QehBSl9c6t0N3Fp2UCj1Ca61J/xnyVBC9sCsS/zz8MhbaWKA3dTZAiV03uP4XZB
YOq2NX/nUJgcaAsSj3gAZd7nifkCV7GDHQmbbcxkGunoggaRJLlFG6OhJZk1VjEc
+NU8niD35CxcZ+8rG8kw5r9fR/S+M6aNBVo3vEa7gF3RfqdJ2/iBPJIX0zRhN8R8
mJKZbBP82eecIuXnzUB6uSzZ1eT3NBkk1jMNsxYwH5j/KlLphiNi7j0quQINBFow
44EBEADWZh5dK+4Hn2p/YKMxLyIdeFyjqAEz17H/Xx73dP+IEZi97IFkGubtskOz
yifJm8CJqlRy0rcBa26DH8/vkezsvF/3QxaL7VgssONe2oQIDBg7LI8muIPOmqAQ
9TKKbebKAKORR3nCaDCjDhsuRvsVd684YEa7UpLiquO2gJzICb3TdI+o+dg6Xj5V
dpmSnV63/nQH505Pgh17ikkx3Jlwbd0DQ+c9vpOrv1lZvITPMlzs9g7875u7IVDi
sahbnwaP1uU+3v4M6Xwrxj7qyyvNTzTsrQg81GFQM38AtxVyixpYVr3YbZI8ZnuP
QZF7XWqG24uHrXRcDUC3pRCANOSfeEXP6a5zqzYK8AqxVt5ZnwL6Z6Fqpw1RE9a8
eAzAPqFGdz8/mlJUdVpu9RJwEq0kO3KEpotpfBlb5XSRbtNgoHTpXYicVrsRmrKg
bzerw609Yn6msi9AVxO0Stx/ivrs6B75UKbUN86Fl1PzTDVSbvz9Z1VqwOVdbrVE
0eFXVakapJXJP7AYjdBJ8Raxg3AqPCQuhs59FHJF/Q3tFheEppWVUEdGIyc4/h45
b/kz434jXz9VopZkrf+zMyCpxoU/PpES3Sw9MHah/+Ts8fYE3R+aEj6A4XrDCAM9
YSAeNTDdm03vq4qDykJD9obwzAdJufzfBlReTlLycRjscrj6kwARAQABiQIlBBgB
AgAPBQJaMOOBAhsMBQkB4TOAAAoJELJsojNgV1LO6LcP/jaMP7JnCX4fMmYSfwv7
tDUtG63ChMgdi/mK1rwuT/mA2PsrJNO1VGzRmM0nsquCqovP8QQJ8/B0wf1DWp9B
Q+xqOVE+J3imQhct6V1yPlab85KhxE2dVBv13V9s7PpZptq+Xrqoan514Ivs0Hre
bWID1N1R1oZMEaBQeKlb885qQ/ZdrNZlZ5wCIay0dsWbQiOyTpoprlCdeu1d6I8q
mR41X0CYT1FUFJ5koofRevJIPvqsAKDBWnYTDc1xVEv47xwH0CWlr15TiOY4/8a9
rKiGv1Hbjmu7bNRmvAss+6V9ePj26EhadBkzwUoUrb/CcAgd9L+FWvxJrjGzK0nw
yvK1fdhTvW6q026g0qjbK7wSSlxZoxP+5AtObKIPpNWCCODrtvCioEJcxnQvLUsU
E6pqEvbRaoZ9B0iAPDdu1Gd/A95Wr9O6sNxFn8cARQiSI5xe+u5jxOvs1kXC59A3
VeZmwLZXKPkdzOGVOkuX2nQKu5luu4ltbwO4+mLQuxkC96MZMUwcJRoK391v3psk
8fXsQfg8r29MfSmok68p/SzWLmzb2Tf2DSNh9vLP4FiDoU4/9NXjuV1LsdyCxN3f
JOlKVgRICWrKeG4pVSNnuoYVEs/W2YoGNUUeljWkenYQPDu0g9Pp7x+X2cxanUK1
7C3pTsmd2THdD+zOUhqM4kwQ
=1rsy
-----END PGP PUBLIC KEY BLOCK-----

Responsible Disclosure Guidelines
We will investigate legitimate reports and make every effort to quickly fix the vulnerability. We will not take legal action against you or ask law investigation to investigate you if you comply with the following Responsible Disclosure Guidelines:
• Provide details of the vulnerability, including the steps you took to discover the vulnerability, as well as information or a Proof of Concept in order to reproduce the issue;
• Make sure that during your and our investigation of your reported vulnerability, you do not cause any damage to our systems;
• Do not utilise social engineering in order to gain access to our IT systems;
• Never let your investigation disrupt the services of BinckBank and other services;
• Never publicise any bank or customer data that you may have found during your investigation;
• Do not put a backdoor in the system, not even for the purpose of showing the vulnerability. Inserting a backdoor will cause even more damage to the safety of our systems;
• Do not make any changes to or delete data from the system. If your finding requires you to copy the data from the system, do not copy more data than necessary. If one record is sufficient, do not copy more;
• Do not make any changes to the system;
• Do not attempt to penetrate the system any further than required for the purpose of your investigation. Should you have successfully penetrated the system, do not share this gained access with any others;
• Do not utilise any brute-force techniques (e.g. repeatedly entering passwords) in order to gain access to the system;
• Give BinckBank reasonable time to resolve the issue before making any information public.

Vulnerability categories we encourage
We are primarily interested in hearing about the following vulnerability categories:
• Remote Code execution vulnerabilities;
• Cross Site scripting vulnerabilities;
• SQL injection vulnerabilities;
• Encryption weaknesses;
• Vulnerabilities that bypass authentication mechanisms; 
• Vulnerabilities that give unauthorised access to information.

Out of scope vulnerability categories
The following type of vulnerabilities are out of scope of our responsible disclosure program:
• Our policies on presence or absence of SPF/DKIM/DMARC records;
• Server or third party application version revealed and possibly outdated without Proof of Concept on the exploitation of it;
• Reports of insecure SSL/TLS ciphers and other misconfigurations;
• Generic vulnerabilities related to software or protocols not under control of BinckBank;
• Distributed Denial of Service Attacks;
Spam or Social Engineering techniques;
Reports of regular scans like Port scanners or (free) vulnerability scanners.

Your privacy
We will only use your personal information to get in contact with you and to undertake actions regarding your reported vulnerability. We will not distribute your personal information to third parties without your permission, unless we are required to do so by law, or if an external organisation takes over the investigation of your reported vulnerability. In that case, we will make sure that the relevant authority treats your personal information confidentially.