We want everyone to feel safe when using BankID. Structured safety work is a matter of course in our work. Even so, errors can find their way into a program. If you have found a security flaw, we would be grateful if you report it, so that we can correct the problem as soon as possible.
Have you found a security flaw?
What you can report
You can report security flaws that you have found in any of our services. The reporting service is not for other logical errors, errors in texts, questions about our services or questions about the security of our services or the like.
We will confirm that we have received your description, continuously keep you updated while we process the issue and inform you when the issue is fixed. Claims for compensation as a condition for informing about a security flaw are not accepted.
To submit a report
Send us an e-mail at responsible-disclosure@bankid.com Please use our public PGP key to protect the information you send over. Submit the report together with the following:
Detailed description of the problem, with e.g. URL, type of flaw, etc.
The necessary information for us to reproduce the problem.
A screenshot, if possible for the security flaw you found.
Contact information such as name, e-mail, phone number and any public PGP key.
Fingerprint: 74AD 1332 0BA3 69DC A622 CBD8 5633 21BB 9B4F 0656
Important things to keep in mind
For us and the safety of our customers, it is important that you:
do not exploit the security flaw to reach, or attempt to reach information that does not belong to you.
do not exploit the security flaw to remove or modify information.
do not affect the availability of our services through, for example, denial of service attacks.
give us an opportunity to address the reported security flaw before you make it public.
Would you like to submit an anonymous report?
It is possible to submit an anonymous report. However, we will not be able to respond to you and keep you up to date on the status of your report.