Mastercard has joined PayPal, Square, Stripe and a handful of banks offering “bug bounties” to volunteers willing to comb some of its websites in search of glitches.
Purchase, N.Y.-based Mastercard last month began to work with Bug Crowd, joining an assortment of major tech companies including Microsoft, Facebook, Twitter and Uber inviting ethical hackers to kick its code around to find security holes.
Mastercard declined to name the amount it pays to those who discover bugs, but tech blogs suggest MasterCard will pay $100 to $3,000 to bounty hunters who find and report bugs.
“If someone reports a bug on one of our sites that’s confirmed, we’ll reward them based on the type and severity of the bug,” said Poonam Verma, Mastercard vice president of corporate security.
Mastercard so far is inviting hackers to investigate its main corporate and regional websites, its Priceless site and also its site for Simplify Commerce, its cloud-based payments platform targeting small-business owners, Verma said.
The decision to work with ethical hackers wasn’t a response to elevated security risks, but a desire to “add another layer” to the company’s existing robust internal security program, according to Verma.
“Hacking is in the news a lot lately but it’s always been part of security, and with this move we just want to be as prepared as we can, and to take more holistic approach to preventing vulnerabilities,” Verma said.
HackerOne, based in San Francisco, was established in 2012 and has raised more than $25 million to date. Other financial services firms offering bug bounties on the site include Rabobank, PrivatBank and Simple.