We do everything we can to keep (online) banking safe for our clients. In addition, clients can take measures to avoid becoming a victim of scammers. For tips, please refer to the information on the Van Lanschot website (in Dutch). Read, for example, how to recognise fake mail and fake phone calls. Are you a victim of fraud or at risk of becoming one? Read how to report it.
We attach great importance to ensuring that clients are able to conduct their banking business safely. Therefore, we open ourselves up to experts to support us in this by reporting found possible vulnerabilities to us. This can be done via:
Vulnerability reporting centre (vanlanschot.nl)
Or read more below.
Every day, specialists at Van Lanschot Kempen work hard to improve our systems and processes to ensure that client data are protected against misuse, and to safeguard the availability of our services. However, we have to face the fact that vulnerabilities may occur even in our systems. We would be very grateful if we could enlist your help to detect such vulnerabilities.
Anyone who discovers a possible weak spot in the Van Lanschot Kempen systems can report a vulnerability.
The responsible disclosure programme covers only the following domains (and all underlying subdomains):
You can report problems related to the security of services that Van Lanschot Kempen offers online. Examples of vulnerabilities that can be reported include:
Exclusions
Have you discovered a vulnerability?
A team of security experts will investigate your report and will provide an initial response within two working days. In the meantime, please keep the issue confidential, discuss it with our experts, and give them time to resolve the problem. We will inform you of our assessment of your report, and we will let you know whether and when we will apply a solution.
As a token of our gratitude for your assistance, we offer a reward for every report of a vulnerability that we are actually able to resolve or that leads to a change in our services. Van Lanschot Kempen will determine, at its discretion, whether your report qualifies for a reward and what would be commensurate. In the event that your report qualifies, we will need your personal particulars in order to effect payment.
Please note: You are free to make an anonymous report. It is important to note, however, that in this event, we will not be able to make arrangements with you regarding the follow-up of your report, any possible reward, or whether or not charges will be pressed. (Please refer to ‘What are the rules?’)
While investigating the vulnerability you have discovered, you may have inadvertently committed a criminal offence. If you act in good faith, with integrity, and in careful compliance with the rules as stated below, the bank will have no reason to press charges. It is, therefore, important that you abide by the following rules when investigating a possible vulnerability:
If you would like to be informed on the follow-up of your report, you can choose to provide us with your contact details (name, email address, possibly your telephone number). We will not disclose your identity to any third party without your prior consent, nor will we use your personal details for any purpose other than to process your report appropriately, unless a legal obligation mandates disclosure of that information. We will protect your personal data in compliance with the guidelines as described in the Personal Data Protection Act (WBP).
All matters related to internet security and privacy are governed by Dutch law. We can only accept reports that are drawn up in Dutch or English.