Gå vidare till innehållet Gå vidare till chatten
Bedrägeriförsök på gång i Aktias namn – ge aldrig ut dina uppgifter per telefon, e-post eller sms Falska meddelanden har skickats ut i Aktias namn. Meddelandet handlar om misstänkt aktivitet på kontot och mottagaren ombeds göra en betalning. Läs mer
Aktia Responsible Disclosure

Aktia Responsible Disclosure

This page includes information for security researchers who are interested in participating in Aktia’s Vulnerability Disclosure Program.

Kortfattat på svenska / Briefly in Swedish

Aktia Vulnerability Disclosure Program är ett program inriktat till informationssäkerhets forskare. Programmets syfte är att hitta sårbarheter i Aktias system. På den här sidan hittar du mer information om programmet och hur man deltar i den.

Letar du efter hur man sköter sina bankärende tryggt gå til adressen https://www.aktia.fi/sv/turvallisuus
Ifall du vill vill anmäla ett nätfiskemeddelande, skicka e-post till adressen [email protected].
Övriga försök till datasäkerhetsbrott kan du anmäla till [email protected].

Our goals for the program are to ensure safe digital transactions with our end users, to ensure that security is aligned with our SLDC, and to continually evolve our team's vulnerability management processes. To achieve these, we first need to identify our vulnerabilities. This is where you can help us.

When working with Aktia according to our policy, you can expect us to

  • offer Safe Harbor for your security research that is related to this policy
  • work with you to understand and validate your report, including an initial response to the submission as soon as possible (usually within 48 business hours)
  • prioritize security and work to remediate discovered vulnerabilities in a timely manner.

Vulnerability Disclosure Guidelines

There are some guidelines that need to be followed to ensure good-faith security research. 

  • Respect the rules. Operate within the rules set forth by the Security Team or speak up if in strong disagreement with the rules.
  • Respect privacy. Make a good faith effort not to access or destroy another user's data.
  • Be patient. Make a good faith effort to clarify and support your reports upon request.
  • Do no harm. Act for the common good by promptly reporting all found vulnerabilities. Never willfully exploit others without their permission.

Note that you are not allowed to publicly discuss or publish any vulnerability before it has been fixed and you have received explicit permission from us to do so.

Safe harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct, and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

How to contact us

Please provide detailed reports with reproducible steps.

Whenever possible, include a custom HTTP header to requests to help us find related log entries. Name the header “X-Security-testing” and add e.g. your made up username as value.

 

Thank you for helping keep Aktia and our users safe!

 

 

Our services may not be tested without permission or by illegal means (Chapter 38 of the Criminal Code, §5-§8). Among other things, actions that endanger our customers' data or the continuity of our services are counted as illegal means. Possible misuse cases are always investigated.