Vulnerability Disclosure

Responsible Disclosure Program

At Santander Consumer USA we appreciate the integral role security researchers play in making the Web a safer place and support their efforts through our Responsible Disclosure Program.

If you believe you have identified a potential security vulnerability, please submit the discovered vulnerability via our Responsible Disclosure Program. Thank you in advance for your submission; we appreciate your assistance in making the Web a better place.

Do not initiate, facilitate or assist in fraudulent financial transaction(s).
Provide a reasonable time to fix any reported vulnerabilities before information is shared with a third party or disclosed publicly.

By responsibly researching and disclosing your discovered vulnerabilities to Santander Consumer USA in accordance with these program guidelines Santander Consumer USA agrees not to pursue legal action against you. Santander Consumer USA reserves all legal rights in the event of noncompliance with these program guidelines.

Note: Santander Consumer USA does not operate a bug bounty program and makes no offer of reward or compensation in exchange for any submission to the Responsible Disclosure Program.

The Disclosure Process

Email VulnerabilityDisclosure@SantanderConsumerUSA.com with a brief description of the identified issue
You will receive a link to our secure messaging portal where you can provide complete issue details and artifacts via a secure channel.

This program exists entirely at the discretion of Santander Consumer USA and may be modified or canceled at any time. Any changes to these program terms do not apply retroactively.