Security

Security Policy

Responsible disclosure and fraud escalation channels.

OasisPay operates payment infrastructure for merchants, customers, payouts, webhooks, API keys, and compliance workflows. We welcome good-faith reports that help protect merchants and customer funds.

Report a Security Issue

Use the right channel so the issue reaches the correct team quickly.

Security vulnerabilities: [email protected]
Fraud, suspicious payments, or account abuse: [email protected]
Platform abuse or harmful content: [email protected]

What to Include

Include a clear description, affected URL or endpoint, steps to reproduce, impact, timestamps, and your contact details. Do not include full payment card data, secrets, private keys, or unnecessary personal information.

Safe Testing

Please avoid destructive testing, denial-of-service attempts, social engineering, spam, unauthorized access to merchant data, or actions that could interrupt live payment processing. Reports involving real merchant funds should be sent immediately and not exploited further.

Response

We review security reports as quickly as possible and may request additional details. Critical payment, payout, API key, or account takeover risks are prioritized for urgent review.