You have found the security flaw? Notify us!
It is important for us at Swedbank that our customers can feel safe and secure when managing their monetary affairs with
our electronic channels. Therefore, we seek to ensure the highest security level in IT systems. Despite this, an error may
slip by. If you have found a security flaw, we would like to hear more about it to be able to correct the problem as soon as
How do you report?
Send an email to us at firstname.lastname@example.org. We
prefer that you use our public PGP key
to protect the information you send over. Make sure to have included the following information:
- Detailed description of the vulnerability containing such info as URL and type of vulnerability;
- The necessary information that we need in order to reproduce the problem;
- If applicable, a screenshot of the vulnerability you have found;
- Contact information, name and surname, email, phone number, and your public PGP key (if you have one).
This personal data submitted by you will be processed by Swedbank in order to inform you about the analysis of IT security
flaws noticed by you and their correction, and, if necessary, to contact you regarding the revision of the information
submitted by you. More information about Swedbank’s data processing procedure is available in the Swedbank Principles of
Processing Personal Data at
What can you report?
You can report security flaws that you have found in any of our services. Examples of security flaws are cross-site
scripting, flaws in encryption or flaws with security implications in logic controls. The reporting service is not
designated for other logical errors, errors in texts, questions about our services, questions about the security of our
services or similar.
What can you expect from Swedbank?
We will confirm that we have received your description, continuously keep you updated while we process the issue, and
inform you when the issue is fixed. Claims for compensation as a condition for sending in a vulnerability are not accepted.
What is required from you?
It is important for both us and our clients that you follow good practice, i.e. that:
- You do not use the vulnerability to access or attempt to access information that does not belong to you;
- You do not use the vulnerability to remove or modify information;
- You do not affect the availability of our services;
- You give us an opportunity to fix the reported vulnerability before going public with it.
Can you file a report anonymously?
Yes, but then we cannot respond back and keep you updated on the status.
Key ID: 0x0AD6CCAF
Control code: 2D14 4030 6D4B 68C3 F286 3AC6 333B E8E4 0AD6 CCAF