BinckBank forms part of BinckBank NV, established on the Barbara Strozzilaan 310, Amsterdam (1083 HN), Netherlands and registered with the Chamber of Commerce in Amsterdam under number 33162223. BinckBank NV is authorized by De Nederlandsche Bank, PO Box 98, 1000 AB Amsterdam and is registered with the Authority for the Financial Markets, PO Box 11723, 1001 GS Amsterdam. BinckBank’s VAT number is NL007606552B01. 

The information contained in this website (hereinafter referred to as the “website”) has been compiled by BinckBank NV (a Public Limited Company established in accordance with Dutch law, having its registered office in Amsterdam at Barbara Strozzilaan 310, hereinafter referred to as "BinckBank"). BinckBank has a licence as defined in article 2:11 of the Dutch Financial Supervision Act (Wft) and is registered as such with the Dutch Central Bank (DNB) and the Netherlands Authority for the Financial Markets (AFM). By virtue of this licence, BinckBank is authorised to offer and perform investment services and related banking services in relation to listed and unlisted financial instruments. BinckBank does not provide any personal (investment) advice as part of its services. As a member of Euronext N.V. (hereinafter referred to as “Euronext”), BinckBank may effect transactions in financial instruments, in the role of Broker, on the exchanges held by Euronext.

The rates, opinions, news, data and other information on this website (hereinafter referred to as “Information”) are subject to constant change and originate in part from third parties. BinckBank takes the utmost care in compiling the Information, but makes no guarantee that the Information is complete and/or accurate. Furthermore, BinckBank accepts no liability whatsoever for direct or indirect losses arising from the use of the Information, except in the case of wilful misconduct or gross negligence on the part of BinckBank. 

The Information on this website does not represent any offer or invitation from BinckBank to the visitor to this website to trade in financial instruments in any way or to make use of the services of BinckBank. BinckBank reminds visitors to this website of the fact that the Internet is not always a fully reliable service for the transmission of and access to Information and that interruptions, delays and errors may occur at any time. BinckBank accepts no liability for direct or indirect losses relating to a (temporary) inability to gain access to or to use this website or for any delay or error in sending or receiving messages, including announcements and instructions, via this website. 

The rights to this website and the Information belong to BinckBank or its suppliers and are protected under copyright and other intellectual property rights. Except for personal and non-commercial use, the Information and/or other parts of this website may not be reproduced, stored in a retrieval system, or transmitted in any form or by any means, whether electronic, mechanical, photocopying, recording or otherwise, without prior written permission from BinckBank. In particular, the posting of Information in full or in part to newsgroups, mailing lists, electronic bulletin boards, chat boxes or comparable discussion forums by the visitor without prior written permission from BinckBank is expressly prohibited. 
For information on the protection and processing of personal data, please consult the BinckBank Privacy Statement. These terms of use are governed by Dutch law. All disputes arising from or connected with these terms of use, the website and/or the Information will be submitted to the competent court in Amsterdam. 

BinckBank Security

The information on this page is intended for security researchers interested in reporting security vulnerabilities to BinckBank. If you are a customer of BinckBank and have questions concerning fraud, phishing or malware, please contact our customer service at info@binckbank.com

At BinckBank, the security of our systems and protection of your information are our top priorities. Our specialists work day and night to optimise our systems and processes. Despite the effort we put into the security of our systems, vulnerabilities can still be present.

If you are a security researcher and have discovered a vulnerability in our systems you could help us by reporting these vulnerabilities to us, so that we can improve reliability of our systems together. Please send us your report (in English or Dutch) via e-mail to: responsible-disclosure@binck.nl. Priority will be granted to encrypted reports. Reports can be send anonymously.
Our security team will investigate your finding/findings and attempt to respond within two working days. 

PGP key
If you want to encrypt your message, please use our PGP key.


Responsible Disclosure Guidelines
We will investigate legitimate reports and make every effort to quickly fix the vulnerability. We will not take legal action against you or ask law investigation to investigate you if you comply with the following Responsible Disclosure Guidelines:
• Provide details of the vulnerability, including the steps you took to discover the vulnerability, as well as information or a Proof of Concept in order to reproduce the issue;
• Make sure that during your and our investigation of your reported vulnerability, you do not cause any damage to our systems;
• Do not utilise social engineering in order to gain access to our IT systems;
• Never let your investigation disrupt the services of BinckBank and other services;
• Never publicise any bank or customer data that you may have found during your investigation;
• Do not put a backdoor in the system, not even for the purpose of showing the vulnerability. Inserting a backdoor will cause even more damage to the safety of our systems;
• Do not make any changes to or delete data from the system. If your finding requires you to copy the data from the system, do not copy more data than necessary. If one record is sufficient, do not copy more;
• Do not make any changes to the system;
• Do not attempt to penetrate the system any further than required for the purpose of your investigation. Should you have successfully penetrated the system, do not share this gained access with any others;
• Do not utilise any brute-force techniques (e.g. repeatedly entering passwords) in order to gain access to the system;
• Give BinckBank reasonable time to resolve the issue before making any information public.

Vulnerability categories we encourage
We are primarily interested in hearing about the following vulnerability categories:
• Remote Code execution vulnerabilities;
• Cross Site scripting vulnerabilities;
• SQL injection vulnerabilities;
• Encryption weaknesses;
• Vulnerabilities that bypass authentication mechanisms; 
• Vulnerabilities that give unauthorised access to information.

Out of scope vulnerability categories
The following type of vulnerabilities are out of scope of our responsible disclosure program:
• Our policies on presence or absence of SPF/DKIM/DMARC records;
• Server or third party application version revealed and possibly outdated without Proof of Concept on the exploitation of it;
• Reports of insecure SSL/TLS ciphers and other misconfigurations;
• Generic vulnerabilities related to software or protocols not under control of BinckBank;
• Distributed Denial of Service Attacks;
Spam or Social Engineering techniques;
Reports of regular scans like Port scanners or (free) vulnerability scanners.

Your privacy
We will only use your personal information to get in contact with you and to undertake actions regarding your reported vulnerability. We will not distribute your personal information to third parties without your permission, unless we are required to do so by law, or if an external organisation takes over the investigation of your reported vulnerability. In that case, we will make sure that the relevant authority treats your personal information confidentially.