Welcome to Lloyds Bank Responsible Disclosure

By submitting a vulnerability to the Lloyds Bank Responsible Disclosure Program, you agree to the Terms of Service.

Responsible Disclosure policy:

This page is for security researchers interested in reporting security vulnerabilities.

If you have reported an issue that's within program scope, is found to be a valid security issue, and you have followed program guidelines, ResponsibleDisclosure.com will recognise your finding and you will be allowed to disclose the vulnerability after a fix has been issued. Please refer all questions to responsibledisclosure.com.


Typical vulnerabilities accepted:

  • OWASP Top 10 vulnerability categories
  • Infrastructure vulnerabilities
  • Other vulnerabilities with demonstrated impact


Typical out of scope:

  • Theoretical vulnerabilities
  • Informational disclosure of non-sensitive data
  • Low impact session management issues
  • Self XSS (user defined payload)

For a full list of what's in scope please visit the Responsible Disclosure details page.


Responsible Disclosure guidelines:

  • Adhere to all legal terms and conditions outlined at responsibledisclosure.com
  • Work directly with ResponsibleDisclosure.com on vulnerability submissions
  • Provide detailed description of a proof of concept to detail reproduction of vulnerabilities
  • Do not engage in disruptive testing like DoS or any action that could impact the confidentiality, integrity or availability of information and systems
  • Do not engage in social engineering or phishing of customers or employees
  • Do not request compensation for time and materials or vulnerabilities discovered
Get started