OwnBank - Philippine Digitalized Bank, Carrying On 60+ Years of Trust and Innovation

Terms and Conditions

Vulnerability Disclosure Policy

Introduction

This policy provides clear guidance for security researchers on the standards to follow when conducting vulnerability discovery activities, as well as how we prefer to receive security vulnerability reports. It defines the systems and types of research covered, the method of submitting vulnerability reports, and the expected waiting period before public disclosure. We encourage you to contact us to report any potential vulnerabilities found in our systems.

We encourage and welcome good-faith security research. If you conduct research within the bounds of the law, act in good faith, and comply with this policy, we will regard your actions as authorized and appreciate your efforts to help us improve our security. For good-faith research conducted in accordance with this policy, we will not take legal action or report you to law enforcement. We will maintain active communication with you to fix potential issues, and we will respect and protect your identity. We will not disclose your personal information unless you give explicit permission. This authorization applies only to systems and services operated or explicitly authorized by our company.

Guidelines

Do not damage systems or steal data. Use vulnerabilities only as necessary to verify their existence. Stop testing immediately if sensitive data is encountered.

Respect others: Do not violate employee or customer privacy; avoid non-technical attacks such as social engineering; do not disrupt production systems.Work with us through the coordinated disclosure process.Notify us as soon as possible regarding any identified issues.· Allow reasonable time for us to resolve issues before public disclosure.

Testing Method

Unauthorized Testing Methods:

DoS/DDoS or any test that may harm systems or data
Physical testing, social engineering, or other non-technical testing

Testing Scope

This policy applies to:

APP System

*Subdomains under *.ownbank.com.ph

Mobile APP

Ownbank Android App (Google Play)

https://play.google.com/store/apps/details?id=com.finance.ownbank

Other domains or third-party resources are out of scope. Contact security@ownbank.com if unsure.

Vulnerability Report

The submitted information will be used solely for defensive purposes—to mitigate or fix cybersecurity vulnerabilities. We will not share your name or contact information without your explicit permission.

We accept vulnerability reports submitted via email at security@ownbank.com.ph, and we will acknowledge receipt within 5 business days.

Suggested Report Details

· Describe where the vulnerability is and what it could impact

· Steps to reproduce (PoC or screenshots recommended)

Inquiries

For any policy-related inquiries, email security@ownbank.com.