Responsible Disclosure Program

We take the security of our systems seriously, and we value the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of Medfin and our customers.

If you believe you have found a security vulnerability with any of our services, we would like you to let us know right away via our Responsible Disclosure Program.

Neither NAB, nor Medfin as a subsidiary of NAB, condones any malicious or illegal behaviour in the identification and reporting of security vulnerabilities.

Our Responsible Disclosure Program is managed by Bugcrowd. To  see  the terms of the program, and to report a security vulnerability, please refer to

Please note all disclosures must be made via Bugcrowd, not directly to Medfin.

For more information about how NAB supports you and your business with online security visit