Company Policy

Privacy Policy

Master Gate For Payment Services Provider and all its subsidiaries (includes all subsidiaries across globe) are committed for protecting and respecting your information that will be provided by you by filling the forms on our site. The Privacy Policy has been prepared to ensure that your privacy is protected and secured. You can be assured that we shall use your personal information only in accordance with this Privacy Policy. Please read and understand carefully that the Master Gate Pay Privacy Policy is to know our views and practices regarding your personal data and on how we use it.

The Information which you have provided at the time of registration on our website and while subscription of our various services this may include but not limited to:

  • Name
  • Designation
  • Contact information including email address.
  • Business information.
  • Demographic information like postcodes, preferences and interests.
  • Any other information related / relevant to our application process.

Why we collect your information?

  1. To personalize user experience:
We may use information to understand how our users as a group use the services and resources provided on Master Gate Pay Website.

  1. To improve customer service:
Your information helps us to respond more effectively to your customer service requests, enquiry and support needs.

  1. To process your application:
We use the information collected to understand the nature and profile of your business and accordingly approve or decline your application.

  1. For marketing purposes:
We may use your information for promotional activities of our new products and features, special offers and for advertising our products and services.

  1. To periodic Communications:
The email/contact number/address provided will be used to send information and updates pertaining to our site and our services. It may also be used to respond to your enquiry, and/or other requests. If the user decides to opt-in to our mailing list, they will receive emails that may include Master Gate Pay news, updates, related product or service information, etc.

Data Storage and access

The data we collect from you is stored in our system servers and will be treated with utmost confidentiality. Your personal information will be used only by Master Gate Pay for all business transactions that require your information to complete the transactions.

Disclosure of your Information

Master Gate Pay may disclose your personal information to any of our subsidiaries.

For the further growth of the Master Gate Pay, we may acquire any business or asset. In such case we may disclose your personal data to the prospective buyer of such business or assets.

Master Gate Pay may transfer information that we collect about you, including personal information across borders and from your country or jurisdiction to other countries or jurisdictions around the world. Note that we may transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.

In case Master Gate Pay or its Subsidiaries are acquired by a third party, in which case information held by it about its customers will be one of the transferred assets. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property or safety of us, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Master Gate Pay may allow a third-party application to access your information in cases where a need arises for verification of your data and other validation purposes. Master Gate Pay ensures that verification processes used by third party application will help to make your account safe from fraud or any money laundering.

Security and Retention:

Master Gate Pay recognizes its responsibility to keep confidential and secure at all times any information that Master Gate Pay receives in connection with a transaction. Master Gate Pay has all the necessary electronic and physical procedures in place to keep your information secure in order to prevent any unauthorized access. When you log into your Master Gate Pay account, all Internet communication is secured using Secure Socket Layer (SSL) technology with 256-bit encryption security. For your own safety, please make sure never to share your Master Gate Pay login details with anyone.

Notwithstanding anything contained in this Policy or elsewhere, to the extent permissible under applicable laws, Master Gate Pay shall not be held responsible for any loss, damage or misuse of your Personal Information/Non-Personal Information/Sensitive Personal Information, if such loss, damage or misuse is attributable to a Force Majeure Event (as defined below).

A Force Majeure Event shall mean any event that is beyond the reasonable control of Master Gate Payand shall include, without limitation, sabotage, fire, flood, explosion, acts of God, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, epidemic, unauthorised access to computer, computer system or computer network, computer crashes, breach of security and encryption (provided beyond reasonable control of Master Gate Pay), power or electricity failure or unavailability of adequate power or electricity.

Internet Cookies

Cookies are text files, used by your computer's browser, that store visitor session data. Cookies, by themselves, do not identify the individual user. Cookies are commonly used on the Internet and do not harm your system.

Cookies are mainly used to measure web traffic, for keeping records and to let you know when you visit a particular site. But cookies never give us access to any other information other than what you choose to share with us.

Cookies also help us in analysing data to be used in improving our website, eventually giving you a better user experience. Users generally have the options to accept or decline cookies. However, please note that you will not get the full benefit of using the website if you choose to decline.

When you registered on our website information about your computer, including where available is your IP address, operating system and browser type for system administration will be recorded. We may collect same information on email or by any other mode of communication. This is statistical data about our users’ browsing actions and patterns and does not identify any individual. This is required for the for more accurate reporting and improvement in the services.

Third Party Websites

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. Master Gate Pay does not control the content or links that appear on these sites and are not responsible for the practices employed by those websites.

Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies. Master Gate Pay does not guarantee protection and privacy of information that you may provide to such websites.

Updating your Information

If your personal or professional information (such as your name, address, or telephone number) needs change, you must update your details by contacting Master Gate Pay on our contact us page.

To avoid inconvenience to all, Master Gate Pay strongly advises keeping all information up to date and correct. Master Gate Pay will be exempt from any responsibility in the rare event where losses may arise from not updating your information.

Jurisdiction:

This Privacy Policy is governed by and shall be construed in accordance with the laws of United Arab Emirates and any disputes arising out of or in connection with this Agreement shall be subject to jurisdiction of the Courts of Dubai, United Arab Emirates

Indemnity:

You shall indemnify and hold harmless Companies, its officers, directors, contractors or agents and any third parties relying on the information provided by you for any losses, including all claims, damages, liabilities, deficiencies, assessments, interest, awards, settlements, penalties,

fines, costs or expenses, suffered, incurred, sustained by, or imposed on Master Gate Pay, as a result of, arising out of, with respect to, in connection with or by reason of a breach or non-performance of any of the terms, conditions, representations, warranties or covenants contained in this Privacy Policy by You.

Other Websites and Services

We are not responsible for the practices employed by any websites or services linked to or from our Service, including the information or content contained mention there. Please remember that when you use a link to go from our Service to another website or service, our Privacy Policy does not apply to those third-party websites or services.

You’re browsing and interaction on any third-party website or service, including those that have a link on our website, are subject to that third party’s own rules and policies. Further, you agree that we are not responsible and do not have control over any third-parties website/Services that you authorize to access your User Content. If you are using a third-party website or service and you allow them to access your User Content you do so at your own risk.

Customer Rights:

We acknowledge and agree the individual’s right to access their Personal Data. We shall allow an individual access to their Personal Data further we allow the individual the occasion to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual is in question or where the rights of persons other than the individual would be violated. Individuals may contact our Privacy Officer via email to request access. Contact information can be found below.

Grievance redressal:

Please write your concerns to: For Master Gate Pay:

  • Contact on: Email: support@mastergatepay.com

For Master Gate Pay:

  • Email: support@mastergatepay.com
  • Address: Office No. 2 Sh.Hamdan Al Maktoum Building, Bur Dubai, Dubai, UAE.
  • Working hours: 9 a.m. to 7 p.m.

Master Gate Pay reserves the right to amend this policy at any point in time on its discretion and accordingly update this page. Please check this page periodically to make sure you are happy with the changes.

Policy w.e.f. 01st January 2021

Risk Management

Risk Management Process

Online shopping is clearly an excellent opportunity for any merchant to grow the business and increase revenue.

However, the threat of online fraud and identity thefts can create damaging leaks to your revenue and has the potential to adversely affect your reputation beyond repair. As an e-Commerce entity your interface with your customer is virtual and therefore reputation and trust are of utmost pertinence in the online business space. Hence, preventing online fraud is a vital task for every successful e-Merchant and it is the foundation of building your reputation online.

The platform has been developed with the combination of best practices, leading technology and human intelligence, Master Gate Pay has developed a 'Fraud & Risk Management Tool’ that makes online transactions safer for our merchants. It is an unparalleled Empirical Fraud Detection engine that provides an unprecedented level of risk detection that can help to improve transaction success rates and reduces both expenses and potential chargeback loss.

HERE IS A QUICK SUMMARY OF THE PROCESS

Once the data is collected from your(merchant’s) customer, every single field is assessed and monitored by our experts and every transaction is mapped against a comprehensive negative database. This helps us trap fraudsters by looking for a match among certain parameters against prior fraud cases and illegal fraudulent activities registered in our system and warn you in time.

Each transaction that passes through the Master Gate Pay payment facility is assessed and verified using over 50 parameters. Comprehensive checks and the robust system which helps minimize your risk.

After the assessment transactions are flagged as High Risk if any suspicious activity is noted and where the transaction is marked high risk, you will need to provide additional data as specified by our risk team to process the transaction. And even you have the power and an intelligent choice to process the flagged transaction at your own discretion.

A SNAPSHOT OF SOME PARAMETER CHECKS WE PERFORM:
Address Verification System (AVS)

It identifies the person claiming to own the credit card. The system crosschecks the billing details of the credit card provided by the user against the address at the issuing bank of the credit card.

CVV Matching

It verifies whether the person making the transaction is in possession of the credit card by validating the three-digit code on the back of the card.

Negative and Positive Databases

Checks against Negative Database is done to identify those who have done fraud or chargebacks in the past. Checks against Positive Database are also done to recognize trusted customers who have made genuine online payments in the past. These processes help weed- out bad transactions and to speed up retention of good and genuine customers.

Geo-IP Address Verification

It flags transactions coming from a suspicious computer configuration or categorically high-risk regions.

Bin Checks

It validates the card-issuing bank by checking the BIN (Bank Identification Number) on the Credit Card.

Velocity Checking

It screens multiple payments that come from the same IP address by checking for repeated transaction attempts from the same computer or network.

Components of our fraud transaction monitoring

We have an effective monitoring system that comprises of the following components:

  • Monitoring past transactions: Our team periodically reviews MIS reports and/or alerts, as well as the establishment of proper review procedures to ensure that customer transactions are monitored on a risk-sensitive basis. Periodic transaction- monitoring reports covers should at the minimum covers unusually large or frequent transactions.
  • Identification of suspicious transactions: To determine whether a transaction or activity is unusual or suspicious (fraudulent), an effective transaction-monitoring system is in place that includes procedures to not only evaluate the current transactions of customers, but also the pattern of transactions and transaction flow. The current transaction is compared with past transaction patterns and the customer’s risk profile.
  • Management of suspicious transactions: Our monitoring system identifies suspicious transactions identified and then these transactions are carefully examined and investigated, the follow-up action taken tracked and proper audit trails maintained for inspection by auditors and the regulator. It is therefore important that proper policies and procedures on transaction monitoring are developed and maintained by banks and financial institutions. The procedures should clearly set out the responsibilities of individual departments, e.g., the Business, Compliance, Fraud, Risk and Audit departments, engaged in transaction monitoring.
  • Review of processes and system parameters: Regardless of whether an automated system is used, effective monitoring requires regular review and updating of the parameters or criteria used to generate monitoring reports or issue alerts. We at Master Gate Pay emphasize on Regular enhancements in our system and processes with respect to the overall fraud and risk management of transactions which also considers changes in business operations and new fraud typologies. Any enhancements/changes in the system is properly documented and approved by the management.
  • Management commitment: We at Master Gate Pay give the utmost importance to transaction monitoring and management. Prerequisite for establishing and maintaining an effective transaction-monitoring system is the support and commitment of an organization’s senior management. Our management is highly committed towards continual enhancement of our fraud and risk management systems. No transaction-monitoring system can be effective in the absence of adequate resources to maintain and operate the system.

DISPUTE

Dispute is a disagreement against a transaction raised by the cardholder (end-user) and reported to their card issuing bank.

A Dispute is a provision by banks and card networks such as Visa & MasterCard to protect buyers from unauthorized or fraudulent payments. Once the cardholder files a complaint, the bank reports the same to Payment Gateway and initiates an investigative procedure.

Reasons of Dispute: There could be several reasons of Dispute against a transaction. A list of the most common reasons of Dispute is listed below.

  • A customer has not received goods or a service.
  • The received goods or service are not as described.
  • The customer needs more details, such as a copy of the transaction or a receipt.
  • I have neither incurred nor authorised the above transactions

Generally, Disputes can be associated with unsatisfactory customer service/product or poor service delivery experience. Disputes can also be filed if the customer suspects fraudulent activity on their card.

Higher Disputes Ratio : It is best to avoid any kind of Dispute, as banks and card networks can label your business as a fraudulent/high risk business, hampering your image. A customer has a right to file a Disputes for the transaction made, which means your sales are reversible for that amount. A high number of Disputes can lead to the banks holding remittances for the business as well. The worst-case scenario could be a ban of online payment services imposed upon the business.

Dispute Resolution Process:

Disputes should be considered high priority issues due to the involvement of risk teams of both the customer’s bank as well as our partner banks.

Notification about the dispute : We will notify you by email/telephone about the dispute, mentioning the payment ID and the reason of Dispute, if provided by the bank..

Review the Dispute

To represent the Dispute, review the Dispute and explain to us the chain of events that took place.

  • In case the goods/services have not been provided, review the issue and let us know if the customer is willing to accept the goods/services.
  • In case the goods/services have been provided, share the proof of deliveries, invoices, any other authorised proof of product/service delivery.
  • In case of a duplicate payment made, let us know so we can ask the bank to refund the amount back to the cardholder.

Share documents

Share all documents as per the requirement of the bank with us. We will represent the dispute on your behalf.

Chargeback Management:

Chargeback is a process that allows the customer to reverse all kind of transactions when there is a problem with the goods or services they've purchased using any of these options.

Master Gate Pay has automated process of chargeback management where Master Gate Pay mark chargeback in system and automated email flow to merchant to submit documents. Merchant can upload the documents on merchant portal as per acquiring bank TAT.

Master Gate Pay Operation’s team will verify the document and send it to acquiring bank for Verification. Acquiring banks verify the document and accordingly send it to schemes. Visa/Master/issuing bank to investigate the chargeback and update the status to acquiring bank as per TAT. Master Gate Pay put payment on hold till update from acquiring bank comes. Depending on Acquiring bank revert, Master Gate Pay reverse the amount to customer or make the payment to merchant. Master Gate Pay follows CTS ratio as per acquiring bank.

Reason for Chargeback

Chargebacks are common practice and sometimes unavoidable. There are multiple reasons why a buyer would request a chargeback, but most fall under these explanations.

Fraudulent transactions

This happens when the credit card is used without the authorization of the credit card holder. Merchant is fully responsible to remedy this chargeback reason. For example: the credit card is stolen and used to make purchases at the merchant’s online store.

Service dispute

Disputes can occur when buyers feel that a service was not rendered, or an item was not as described. In these cases, buyers will often request a chargeback. Merchant is fully responsible to remedy this chargeback reason. Example: an item purchased in a merchant’s online store does not match the description.

Process of chargeback

In case of any Chargeback reported by the acquiring bank an immediate query is raised with the merchant to obtain documents for representation of the case such documents will include Service Rendered Proof Service, Invoice Receipt, and Delivery Receipt of the Product.

Disclaimer

Master Gate Pay has taken care to ensure that all content, software, functions, materials, and information made available on, provided in connection with or accessible through on this website is accurate, this website and the services accessible on or via this website are provided "as is" and “as available” basis and your use of and reliance on the information on this website and the online services is entirely at your own risk. Master Gate Pay makes no representation or warranty of any kind whatsoever for the website, software, advice & opinions, post, any tools, statements, information, content or online services will be error-free or viruses or any other harmful component will meet any particular criteria of accuracy, completeness, reliability, performance or quality. Master Gate Pay does not warrant or represent regarding any content provided through this website and disclaims its liabilities in respect thereof. We reserve the right, in our sole discretion, to correct any errors or omissions in any portion of this website. While Master Gate Pay takes all reasonable precautions to prevent this, we do not warrant that the website or any software available for download via the website is free of viruses or destructive code. To the fullest extent permissible by law, Master Gate Pay expressly disclaims all (express and implied) warranties, including, without limitation, warranties of merchantability, title, and fitness for a particular purpose, noninfringement, compatibility, security and accuracy, damages for loss of profits, business interruption, loss of programs or information in respect of this website and the services accessible on this website.

Customer Greivences Policy

In today’s competitive era and constantly evolving business, we at Master Gate Pay take pride in keeping our customers at the centre of all our strategies and initiatives and are committed to deliver best in class customer services to all our existing and new customers at all times.

As a service organization we promote "Excellence in Delivery" and hence feedback from our valued customers forms an integral part of all decisions taken by the organization. The feedback provided by our customers is treated as an asset to the organization, evaluated and customized to improve our products and services.

This policy document aims at communicating the various mechanisms available for our customers to reach out to us, our service guarantee and timelines by which we will try and ensure resolution to our customer concerns.

Our Principles

  • Customers remain the Key focus for all initiatives and strategies developed at Master Gate Pay.
  • "Delighted" customers are a necessity for business growth and survival. very.
  • Our Customers and their Feedback is treated as the most valuable asset for the organization, forming the foundation for development and innovation.
  • We endeavour to simplify our customers life through our innovations and product offerings.
  • Constantly evolve and invest in our grievance redressing systems for a seamless service delivery.

Our Promise

  • All grievances will be dealt with, timely and courteously.
  • We promise to resolve any or all issues faced by our customers effectively and within the communicated time frame.
  • All Service Level Agreements and turnaround time for each third party transaction would be published on our website.

We Value your Feedback

All customers have the right to share their feedback or complaint in case they find our services are not meeting their expectations or are dissatisfied with any interaction with any of our staff members.

The Customers can send in their Queries, Requests or Complaints in the following ways:

These mechanisms are dedicated for redressing our customer complaints, providing online resolution wherever possible, and capturing valuable feedback regarding our services.

On receiving customer feedback, our executives would reach out to the customers and ensure that all grievances are redressed within a predefined Service Level Agreement as communicated below.

If the complaint is not resolved within the given timelines or the response is unsatisfactory the customer can choose to escalate the concern to our level 2 escalation officer, with relevant details such as Complaint Reference Number provided at the time of raising the initial complaint. The escalation methodology is mentioned in this policy under the Escalation Section.

For the purpose of this Grievance Policy, (i) an end-customer who will be purchasing of goods /services from the merchants by making payment via different payment instrument is defined as a (“Customer”); (ii) a merchant (“Merchant”) shall be a user of Master Gate Pay Services for accepting various payment instruments from the Customers for completion of their payment obligation.

Grievance Redressal

Master Gate Pay has formulated an escalation matrix to assure that the Customer grievances are routed and addressed in a proper and reasonable manner. The Customer is requested to read and understand the below escalation matrix to ensure a timely redressal of their grievances.

Level 1 –

Customer can visit Master Gate Pay Support page (http://www.mastergatepay.com/contact-us)- Support and refer to specific query/issue related to their grievance. The Customer can fill up forms available for specific issue to report their grievance. Master Gate Pay shall respond to the grievance filed by the Customer within 24 hrs.

If the Customer is not satisfied with the response provided, the Customer can go for next level of escalations.

TYPE OF QUERIES and TAT

Type of Issue Details Email Id TAT
1 Txn issue & status Txn issues at technical level reported by merchant , issues.Transaction status of the transaction support@mastergatepay.com 24 hrs
2 Refund/status issues Refund status of the transactions support@mastergatepay.com 24 hrs
3 Payout/Settlement related issue Payout status for merchants, customer txns support@mastergatepay.com 24 hrs
4 Payment options Payment Options working or not support@mastergatepay.com 24 hrs
5 Merchant communications Schedule/Unscheduled downtimes -bank /Portals /txns support@mastergatepay.com 24 hrs

Level 2 –

In case the Customer wishes to further escalate the grievance, the Customer can get the grievances registered by e-mailing: support@mastergatepay.com. Master Gate Pay shall attempt to respond within 3 days from the date of the on which grievance was filed. The Customer may request for update on grievance in case if any grievance requires more than the specified time period and the Customer shall be kept updated on the status of the grievance. If the Customer is not satisfied with the response provided, the Customer can go for next level of escalations.

Level 3 –

In case the Customer still has any grievance, the Customer shall escalate such grievance to the Nodal Officer.

E-MAIL: support@mastergatepay.com

Dispute Resolution

Complaint regarding Customer Order :

Case 1

In case the Customer does not receive the services/products even after the stipulated time period or if the products received are different, defective or damaged, then the Customer should visit the Merchant website and refer to the terms & conditions, shipping policy, refund/exchange/ return/cancellation policy and contact the Merchant to resolve the issue.

The Customer can initiate communication directly with the Merchant to resolve issues pertaining to a specific order through Merchant’s Website under the contact us (email or call support) option. The Customer can share the details of the transaction such as date of transaction, amount of transaction, Order ID shared by the Merchant, description of the problem with the Merchant.

Case 2

In case the Customer do not get a satisfactory response or Merchant does not respond to Customer’s emails & phone calls within 7 working days from the date of transaction made by the Customer, then the Customer can contact Master Gate Pay to mediate and amicably resolve the issue. The Customer may provide Master Gate Pay with the following details :

  • Date of transaction
  • Amount of transaction
  • Transaction ID
  • Order ID
  • Description of the problem
  • Details of email communication with the Merchant

Once a complaint is raised, the Master Gate Pay Risk Team would respond to the issue as per the timeline specified in escalation matrix under Customer Grievance Policy.

In the event, the Customer is not satisfied with Merchant’s response then the Customer can raise a chargeback with its issuing bank as a second option. These chargebacks will be raised with Master Gate Pay by the Customer’s issuing bank and Master Gate Pay shall assist to amicably resolve the issue.

Case 3

Cancellation/Refunds/ Returns :

In cases of queries related to the cancellation of Orders/Refunds/Returns the Customer should directly contact the Merchant and follow instructions as specified in the return/refund/ cancellation policy on the Merchant Website. Please note that since Master Gate Pay is a payment platform, Master Gate Pay only facilitate online payments for Merchants. Master Gate Pay do not handle shipping or order dispatch.

In cases of failed transaction, order not generated at the time of transaction on Merchant’s Website or refund is initiated, then the Customer should get the credit in its bank account within 5-7 business days. In case the Customer has not received the amount, the Customer has to contact the Merchant for further details, as the refunds are initiated from Merchant's end.

In case the Merchant declines to process the refund to the Customer for cases where services/products were not delivered by the Merchant, the Customer may contact Master Gate Pay for resolution on the same.

Case 4

Reporting potential fraud or unauthorized transactions or fraudulent Merchant :

The Customer can immediately write to the Nodal Officer with respect to the transaction that was not authorized by the Customer or reporting about the fraudulent Merchant with a subject line “Reporting Fraud”. The Customer also has an option to raise a chargeback for such unauthorized transaction.

Note: The abovementioned cases are more specifically available over Master Gate Pay Support Page -www.mastergatepay.com/contact-us

Chargeback is the return of funds to a customer, initiated by the issuing bank of the payment mode used by a consumer. Chargeback is a dispute against a particular transaction raised by the cardholder (end-user) and reported to their card issuing bank. A chargeback is a provision by banks and card networks such as Visa & MasterCard to protect Customers from unauthorized or fraudulent payments. Once the cardholder files a complaint, the bank reports the same to Master Gate Pay and initiates an investigative procedure.

Responsible Disclosure Policy

Master Gate Pay has great concern for the security of its platform, application, and services which we are offering to our customers. If you are a security researcher and have discovered a security vulnerability in one of our services, we appreciate your help in disclosing it to us in a responsible manner. We will validate and fix vulnerabilities in accordance with our policies. Master Gate Pay reserves all its legal rights in the event of any noncompliance to the applicable laws and regulations.

REPORTING :

If you discover a vulnerability, we would like to know about it, so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.

Please provide following information with your report:

E-mail your findings to support@mastergatepay.com. The researcher should report us the detail step and description to reproduce the vulnerability (This includes screenshot, scripts, video, simple text instruction)

Encrypt and share your findings to prevent this critical information from falling into the wrong hands, the encryption and sharing mechanism will be provided once the email contents are validated.

The encryption will involve a PGP key to encrypt the contents and a file hash has to be provided to verify the shared data integrity. The data will be shared only on our official email address mentioned above

Your email Id.

RULES FOR FINDING SECURITY VULNERABILITIES

  • Take responsibility and act with extreme care and caution.n
  • When investigating the matter, only use methods or techniques that are compliant with law and necessary in order to find or demonstrate the weaknesses. Without limiting the generality of the foregoing.
  • Do not take an advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
  • Not allow to reveal the bug/vulnerability on online or physical platform or anywhere else until it has been resolved and prior written approval from Master Gate Pay.
  • Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties, and
  • Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation.
  • You represent and warrant that you have the right, title and interest to disclose any vulnerability found and to submit any information, including documents, codes, among others, in connection therewith. You agree that, once you inform a vulnerability, you grant Master Gate Pay, its subsidiaries and /or affiliates an irrevocable, worldwide, royalty-free, transferable, sublicensable right to use in any way Master Gate Pay deems appropriate for any purpose includes but not limited to reproduction, modification, distribution, adaptation among other uses, the information related with the vulnerabilities. Further, you hereby waive all other claims of any nature, including express contract, implied-in-fact contract, or quasi-contract, arising out of any disclosure accepted by Master Gate Pay.

The following are excluded from the Responsible Disclosure Policy (note that this list is not exhaustive):

  • Taking any action that will negatively affect Master Gate Pay, its subsidiaries or agents.
  • Retaining any personally identifiable information discovered, in any medium. Any personally identifiable information discovered must be permanently destroyed or deleted from your device and storage.
  • Disclosing any personally identifiable information discovered to any third party.
  • Destruction or corruption of data, information or infrastructure, including any attempt to do so.
  • Discovery dependent on social engineering techniques of any kind (any verbal or written interaction with anyone affiliated with or working for Master Gate Pay).
  • Any exploitation actions, including accessing or attempting to access Master Gate Pay data or information, beyond what is required for the initial Proof of Vulnerability. This means your actions to obtain and validate the Proof of Vulnerability must stop immediately after initial access to the data or a system.
  • Attacks on third-party services.
  • Denial of Service attacks or Distributed Denial of Services attacks.
  • Any attempt to gain physical access to Master Gate Pay property or data centers or planting ransomware, malware, spam, crypto miners, zero day vulnerabilities etc.
  • Use of assets that you do not own or are not authorised or licensed to use when discovering a vulnerability.
  • Violation of any laws or agreements in the course of discovering or reporting any vulnerability.

Out of scope vulnerabilities

  • Vulnerabilities identified with automated tools (including web scanners) that do not include proof-of-concept code or a demonstrated exploit.
  • Third-party applications, websites or services that integrate with or link Master Gate Pay.
  • Discovery of any in-use service (vulnerable third-party code, for example) whose running version includes known vulnerabilities without demonstrating an existing security impact.
  • Known issues

Examples of vulnerabilities include, inter alia:

  • Authentication flaws
  • Circumventing of platform and/or privacy permissions
  • Privilege escalations
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Server-Side request forgery (XSRF)
  • Injection Attacks (SQL, XML, Json, etc)
  • Business logic Bypass
  • Arbitrary redirect
  • Server-side code execution (RCE)

In any event, please refrain from the following:

  • Do not use weaknesses you discover for purposes other than your own investigation.
  • Do not use social engineering to gain access to a system.
  • Do not install any back doors not even to demonstrate the vulnerability of a system.
  • Back doors will weaken the systems security.
  • Do not alter or delete any information in the system. If you need to copy information for your investigation never copy more than you need. If one record is sufficient, do not go any further.
  • Do not alter the system in any way.
  • Do not share access or details of any vulnerable system with others.
  • Do not use brute force techniques, such as repeatedly entering passwords, to gain access to systems.

Also refrain from

  • Accessing, Downloading, or Modifying data residing in an account that does not belong to you or attempt to do any of the foregoing
  • Executing or attempting to execute any Denial of Service attack
  • Posting, transmitting, uploading, linking to, sending, or storing any malicious software;
  • Testing in a manner that would result in the sending unsolicited or unauthorized junk mail, spam, pyramid schemes, or other forms of duplicative or unsolicited messages;
  • Testing in a manner that would degrade the operation of any Master Gate Pay properties; or testing third-party applications, websites, or services that integrate with or link to Master Gate Pay properties.
  • Issues with out-dated or unpatched browsers
  • Lack of the Secure flag on non-sensitive cookies
  • Lack of the HTTP Only flag on non-sensitive cookies
  • Security vulnerabilities in third-party websites and applications that integrate with issues
  • Vulnerabilities requiring a potential victim to install nonstandard software or otherwise take steps to become susceptible to attack
  • Social engineering of vulnerabilities requiring very unlikely user interactionsk
  • Findings primarily from social engineering (e.g., phishing, vishing)
  • Findings from physical testing such as office access (e.g., open doors, tailgating)
  • UI/UX bugs and spelling mistakes
  • Spamming
  • Disclosure of known public files or directories, (e.g. robots.txt)
  • Click-jacking and issues only exploitable through click-jacking
  • CSRF on forms that are available to anonymous users (e.g. the contact form)
  • Logout Cross-Site Request Forgery (logout CSRF)
  • Presence of application or web browser autocomplete or save password functionality
  • SSL Attacks such as BEAST, BREACH, Renegotiation attack
  • SSL Forward secrecy not enabled
  • SSL Insecure cipher suites
  • The Anti-MIME-Sniffing header X-Content-Type-Options
  • Missing HTTP security headers

POINTS TO KEEP IN MIND:

  • Do not put any customer or Master Gate Pay data at risk, degrade any of our systems performance.
  • If your actions are intrusive or an attack on our system, we may act against the same including reporting them to law enforcement agencies.
  • Master Gate Pay reserves its right to initiate legal action against any person and/or report to relevant authorities of such person who conduct any Tests or investigations which are prohibitive or not in compliance with law or not as per this Policy.
  • Keep information about any vulnerabilities you've discovered confidential between yourself and Master Gate Pay. We agree not to pursue legal action against individuals or companies who submit vulnerability reports through our requested channel and who comply with the requirements of this policy unless we are compelled to do so by a regulatory authority, other third party, or applicable laws.

INDEMNIFICATION

The Researcher shall fully indemnify, hold harmless and defend (collectively “indemnify” and “indemnification”) Master Gate Pay, its subsidiaries and affiliates, its directors, officers, employees, agents, and stockholders (collectively, “Indemnified Parties”) from and against all claims, demands, actions, suits, damages, liabilities, losses, settlements, judgments, costs and expenses (including but not limited to reasonable attorney’s fees and costs), whether or not involving a third party claim, which arise out of or relate to:

Any breach of any representation or warranty contained in this Responsible Disclosure Policy made by the researcher;

Any breach or violation of the terms of this Responsible Disclosure Policy or any obligation/duty of researcher referred therein or under applicable law;
Any misuse of data, including personal data;
Any breach of the confidentiality or any waiver granted;
Any attempt to contact Master Gate Pay’s clients, users or third parties to disclose the existence of the vulnerability which found including but not limited to any reference or message in social media making reference to the finding;
If any attempt to bring direct or indirectly claims, demands, actions judgments, lawsuits against Master Gate Pay or any other Indemnified Party, in each case whether or not caused by the negligence of Master Gate Pay or any other Indemnified Party and whether or not the relevant claim has merit.

We do not publicly announce the vulnerability found under this program, failing which shall be liable for legal penalty. We appreciate to get in touch with us and give us the time to examine the issue. The safety of our customers’ information and assets is our top priority. Therefore, we encourage anyone, who have discovered a vulnerability in our systems to act instantly and help us improve and strengthen the safety of our sites and systems.

OUR RECOGNITION

We currently do not provide any compensation or gifts for reporting vulnerabilities. However, we are glad to express our gratitude for genuine and ethical disclosures, we would be glad to publicly acknowledge your responsible disclosure. We also try to make the confidential issue public after the vulnerability is announced. Further, Demand for monetary compensation will not be complied under this Responsible Disclosure Policy.

If you identify a valid security vulnerability in compliance with this Responsible Disclosure Policy, Master Gate Pay shall –

  • Acknowledge receipt of your vulnerability report
  • Work with you to understand and validate the issue
  • Address the risk as deemed appropriate by Master Gate Pay team
  • Work together to prevent cyber-crime.

Master Gate Pay will review the submission to determine if the finding is valid and has not been previously reported. Publicly disclosing the submission details of any identified or alleged vulnerability without express written consent from Master Gate Pay will deem the submission as noncompliant with this Responsible Disclosure Policy

Master Gate Pay reserves all of its rights, especially regarding vulnerability discoveries that are not in compliance with this Responsible Disclosure policy. This Responsible Disclosure policy is dated 1st January 2021 and will be periodically reviewed and updated; please bookmark this page and check it for the latest version of the policy before taking any action.