Choose your settings

Choose your language

Report a potential vulnerability

Find out how to report a potential IT vulnerability if you discover one on our site.

Our site’s security

We’re highly committed to protecting your information and ensuring our services are always available to you.  That’s why we do everything we can to make sure our site is secure. Despite our best efforts, some vulnerabilities may still be present.

We understand the significant role that community members with advanced security knowledge can play. If you come across a vulnerability, report it to us. We’ll examine your findings and make any required corrections within 30  days of confirmation of receipt.

How to report a potential vulnerability

If you discover a potential vulnerability on our site or in our applications, you need to report it to us.

  1. Gather all the information about the potential vulnerability
  2. Send it to us at divulgation-responsable@desjardins.com

To encrypt your communications with us, you can use our public PGP key.

Public PGP key

-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBGeaS7ABEADHEAOSpUsZuyoa2wgng28XlUOfQAYw3L1o+MO9t5dzJNqAF7A9 egSCd3kosMRjMxt4Mtj6J0nwixIW2Zh15a+b4o6RhSJPgvMiQNBqJXWdddigKtya 9/23Mu96fbG7DUF9I7W/8PZH3NKUODgj2FI2d8qHKIG+bQdXPohQZ1Xp/avZPL/Z iKwNjISW0dUolWbLblOThCpmtGVvhxsfADQCYsQYq1lcHHPvCRiRWzlf5fhRiByj ufZ8l6TgV0e7USMlQ8xn82k73nh4gYsHVRPkx6xY5PsApm0YNm6NbIpSClICapcZ tSDEf64rV1uCcJM0Xflc3/IvyVd9kXyz1qeyrw7RQXUWnX5RbfG9RRQ3o/QBwFNb SOGpLI8nrWFYlSB34Ysfqcudl273DfThkIaACPuVz5y7rzJbWvYgd+crjID7SREh dw39TzC7FHxFgbJf3mhojeENlYlbIngDWTqxIVnLHvBzQHOA9qkdx2WZ5DdFTNfL ipj8iQFhUx/Q4R8blsLQlXw3HNuIr/iyJ+Sx+1katy4MWREM3mGBm7Ul3aWWhALD 8qjAxt+pMe93dNmC4JflUTSMgIAl9BhUhx8k6l7VWIBrMO7RkeRqkR/GYNsxKsno D2qP0Np9CXGMor6RPdUtDJmhq/3rrdRiGT+3TDQKOpdAwCZXW+QxeGHe4wARAQAB tFdEaXZ1bGdhdGlvbiBSZXNwb25zYWJsZSAtIE1vdXZlbWVudCBEZXNqYXJkaW5z IDxkaXZ1bGdhdGlvbi1yZXNwb25zYWJsZUBkZXNqYXJkaW5zLmNvbT6JAk4EEwEK ADgWIQR9DV/ExeUJ5m2Cd3DJnBa7ZfRYKQUCZ5pLsAIbAwULCQgHAgYVCgkICwIE FgIDAQIeAQIXgAAKCRDJnBa7ZfRYKbohD/9zJae8hDYTZZX4pFoHDvGyiPYppB1o l3+m0Iuottf1QtmrGZncHhJDBbD2smTglRAC2WCQEaAhthZkqFRnIiVO44gcJTD6 oN5tygHt2LnoloDlsixH2EPTjlcOXLH+aKC3GJ2ZLQr0gSjU3rJMxHs+Bcs2X97f bZyNEY0ZmvysukDS+opKjFPEtUbjs+kWlZ4rvFoRA7l+K7Iug7MLjcJawLJ4ZLW6 vXucQlbV/fwvJvgDgoWQ6aw6HObnrHNzoK47ZlSDSn/waco0ntqCQBEqw9ue9HBP 57RUyQ9aWyNSJeuQsj2hQhtlpiPU0ZCmKA5i+Xpi/cK8zqPS/CDVGhSJ2dpxFFax cRhKru1Qz74MR98eSi/ZOBk6XkUr+PBQQ2B2KRBmuHqciD4TD07hcUrjoTy77sTh fv6bUs+jopZRQ6QysO+NgYkyJERYlO6NSCtTM6qHMSBDbkD83cA/VybfoHDD9MU0 XKp+tKLNsLvR0qbz+BjyqdNlJyJfKWx4VCUS2rAG/vRnEyqZyikassHsL65TXEr0 ZoqPqa9OpLQsK07qcTy0G4hegYXuf/yaeOeMnpdNj4pPpCJkGFl4otqq/mCNroXk aqz7Oqt4AU5W8MeYCV90cuYKN5UJhjiTFcFberSmB8eJXYlsTz0tQm4g5t29sloF wx6eu8ox/lolwrkCDQRnmkuwARAAszglI+hwo/D3Ml/4N7shK1zpNg60pLG8LkCd deVbiqPV255Q25puvNtHJFT7BC9+X10EItU/vW0wqG1jwGW9FijvO4K5Z8/Ud2dP +hS3pXfbzjkGz/XltIp0Rs9U9S86W3SpXvMv2qg8vIS5cAAAefVcuyBbRnqsp6m/ Ycs+KOIxS7n8YTe+kcLJ+7gprriVn4lJy+toA8Bj9f8BcgB0R1E2UQAQ6jTlKIo9 FDTj9MSbI5U5bbCMT4tWQ3074PdyBmiM0Y9LxsH2+6l2DuBngQ6wUqziDg9DrTXJ pwP4PfG47eSKKWnjhfCpkmhnJiZGNcrNZF8yNzSSMSdUb7zJYsOWrW2EjXkhYXda NsWHVVRcnDFZCZbPEOuAQKflltp/mPnXvu5y/AkcQuwdpsVOXEp5Mh+yqMOw+FsZ 5+MUlBqggwRkcQxbfv1HXsSjfHPBeTU+wBt/uxK+V6GDJFI4jCDib01+DWr6WCP3 49hZCxl0l983o2jJmsYTNgKnNCIjBc/Lo4Oy7i8DLwWAPfRhVNA6qVoiakS0V0Sj Ys0NyvzNjAy1vQeL2v9XRWVwf5K/8BBCN7bElu9CWp8/rNjCM7dbuLxnYQVeO/Rv i4SCTH1AqG5SO6sZtOjs+z38P4bK1hlB4iT1w9isoybpIcJQIgHvKnyYtIvU68e2 1HeAMoMAEQEAAYkCNgQYAQoAIBYhBH0NX8TF5QnmbYJ3cMmcFrtl9FgpBQJnmkuw AhsMAAoJEMmcFrtl9FgpqEsP/00luxbeOLScaj8iB8cm+1vIt8l9WjFzJz6Knq+Q Pz3zMgNPV235MYliH29E2BkjCIvnTnz43TJzM95dYvVTr+PYs0/6KxVoudSz3+wV O6ANzUEcbKpvFq3wmWx6rcUhAy81BUcW+eCVAsnpKXodjvjSS1G4n2KLCtKspTVE 2h8sgI9ZF1oxlB/Le/z2+nIIi1E/c+AzYWYA1q5rNJcTSkWLoofE/RuyE1/wRVSo 7Xn8jqC+dBemcLAOTorBHR5ndHKwVdAtTAG+29YPYsvFIkKYtCAw4Fj9ozCF2j2N gwv+RtUgV++gGdXtjXa3DU/udDwNOsrXcudqE60bBWYaGTW4fSBObehT4qRfaECL GNtPAjmbsnbd49sBNnSJYWWx6jAmR5j4pUs3IQXEj/qqJwzu3oAMNER4ulQFA6Ft EXOQq/+zZVcIudssLEEM10bRGJmYQTyVM26QAz8jab6dbHHMc2Vi+IyCYjNt7M6s YFO/npJrTt2JRQ++nH+b0RzqCW/JHVmmuLcN15RJ3iC+dbgHpdKuqZxUb/BuWRZh lqDd9AV/TwzrvRCBObfz5kn/6oQUqk2y+CZ1L5oXd7F5yKIZj0vlmD7o68rN55Dh v2oTb3cJAUtDGoJUiqFtOqhh+zW+DoH8H1fI6V3PQnnH726Zu2JM43ML5AjmsMbP +Q9N =HIcm
-----END PGP PUBLIC KEY BLOCK-----

Rules of our Responsible Disclosure Program

During your investigations, make sure you follow these rules:

  • Do not damage our systems.
  • Do not use any technique that could affect the availability of our services.
  • Never disclose the personal information or card information of our members.
  • Do not use social engineering techniques to get access rights to our systems.
  • Do not use brute force techniques to get passwords.
  • Do not make any changes to our systems (such as installing a backdoor).
  • Do not send an automated scan report.

Examples of vulnerabilities you can report

  • Cross-site scripting (XSS)
  • SQL injection
  • Failed encryption

What you can’t do when reporting vulnerabilities

  • Share your comments and suggestions on Desjardins products or services
  • Report a lost or stolen card
  • Report that a Desjardins service is unavailable
  • Forward a fraudulent email or text message
  • Perform any actions that are unlawful or against regulations

Applicable laws and regulations

Under certain circumstances, investigating our site and applications may be considered a crime under applicable laws and regulations and you could face legal action. Applicable laws and regulations take precedence over the terms and conditions of our Responsible Disclosure Program.

The Desjardins security team’s commitment

We ask that you not share or divulge any unresolved vulnerabilities to third parties. If you report a vulnerability, the Desjardins security team will reply to you as soon as possible and send an acknowledgment of receipt of your email.