Responsible vulnerability disclosure

Found a security flaw? Let us know!

At ExpressCredit, your safety is our priority. We design, build, and operate our systems with security at the core, yet no defence is perfect. If you discover a vulnerability, please report it so we can fix it promptly. If you have found a security flaw, we would like to hear more about so that we can correct the problem as soon as possible.

How to report

Email us to: security@expresscredit.co.zm and include:

• Description – a clear summary of the issue, including the affected URL or component and the type of vulnerability;

• Reproduction steps – the exact steps or proof‑of‑concept code we need to reproduce the problem;

• Evidence – any supporting material such as screenshots, logs, or documentation.

What to report

Any security weakness in our products or services - for example:

• Cross‑site scripting (XSS);

• Encryption weaknesses;

• Logic flaws with security impact.

What you can expect from us

• We will acknowledge your report;

• We will keep you informed while we investigate;

• We will let you know as soon as the issue is resolved;

• Please note that we do not offer monetary rewards or accept compensation demands as a condition of disclosure.

Your responsibilities

To protect ExpressCredit and our customers, please:

• Do not access, modify, or delete data beyond what is necessary to demonstrate the issue;

• Do not disrupt our services (e.g., via denial‑of‑service attacks);

• Do not test our employees through social engineering or other non‑technical means.

Allow us a reasonable time to remediate before publicly disclosing the vulnerability.

Thank you for helping us keep ExpressCredit secure.