raw-html-encoded
raw-html-encoded

About the Programme

GRAB INC. (“GRAB”) strongly believes in protecting our passengers, drivers and partner’s safety, security, and risk exposure. Our priority is to make sure our platform remain safe as possible for all our users, by eliminating fraudulent activities.

We believe that practicing ‘responsible disclosure’ is the best way to safeguard our users. Responsible disclosure allows individuals to notify companies of any fraudulent activities before going public with the information. If you suspect any Grab drivers, passengers or partners of fraudulent activities, we will work with you to not only resolve the issue promptly, but also ensure you are rewarded for discovering and reporting the case.

For the full terms and conditions, click to download.

Tungkol sa Programa

Naniwala ang GRAB INC. (“GRAB”) sa pagprotekta sa safety ng mga pasahero, drivers, at partners. Prayoridad namin na manatiling ligtas sa panganib ang ating platform, sa pamamagitan ng pagtanggal ng lahat ng maling gawain, para sa lahat ng ating users.

Naniniwala kami na ang pagsasagawa ng ‘responsible disclosure’ ay ang pinakamahusay na paraan para alagaan ang ating users. Ang ‘responsible disclosure’ ay nagpapahintulot sa indibidwal na sabihan ang mga kompanya ng anumang mga mapanlinlang na aktibidad bago gawing publiko ang inpormasyon. Kung mayroon drayber, pasahero, o partner ng Grab pinaghihinalaan na gumagawa ng mapanlinlang na aktibidad, makikipagtulungan kami sa iyo upang hindi lamang lutasin agad ang isyu, ngunit matiyak din na gagantimpalaan kayo para sa pag-rereport ng kaso.

I-download. para basahin ang buong terms and conditions.

Submission Procedure

We want to assure you that your responses are completely anonymous. Additionally, your responses will be summarized in a report to further protect your anonymity.

For all submissions, you shall include:

    1. 01

    2. Full description of the vulnerability being reported including the exploitability and impact.

    1. 02

    2. Document all steps required to reproduce the exploit of the vulnerability.

    1. 03

    2. Submit all details here

Paraan ng Pag-Submit

Sinisigurado namin na mananatiling anonymous ang iyong submisyon. Bilang karagdagan, isu-summarize ang iyong submission para mas ma-protektahan ang iyong identity.

Isama ang sumusunod sa lahat ng iyong mga submisyon:

    1. 01

    2. Buong paglalarawan ng vulnerability na in-report, kasama ang posibleng paraan ng pandaraya sa sistema at ang epekto nito.

    1. 02

    2. I-dokumento ang mga hakbang kailangan para kopyahin ang pandaraya sa sistema.

    1. 03

    2. I-submit ang mga detalye dito.

Rewards

Our rewards are impact-based. This means that the value of the reward will be dependent on the potential financial implication it has to Grab or it’s users. When we have our reward meetings, we always ask one question: If a fraudster abuses this, how worse off are we? We assume the worst and fix the fraud vulnerability accordingly.

If we receive several reports for the same issue, we will Reward the earliest report with enough actionable information to identify the issue. If a single fix fixes multiple fraud situations, we treat this as a single fraud. For example, if you find 3 ways to abuse a promotional campaign, and our fix is to stop the campaign, this will receive a single Reward, determined, as always, by impact.

Rewards

Ang ating rewards ay impact-based. Ibig sabihin nito, ang halaga ng iyong reward ay dumedepende sa laki ng impact na mayroon ito sa Grab at sa ating users. Lagi nating in-aassume ang pinakamasama para naaayos namin ang vulnerability ng maaga.

Kapag nakatanggap kami ng maraming reports tungkol sa parehong isyu, makakatanggap ang unang nagreport na may sapat na impormasyon ng reward. Kung ang isang single fix ay nag-ayos ng maraming issue, ito ay itinuturing ito na single fraud. Halimbawa nito ay kapag may nahanap kang tatlong paraan na abusuhin ang isang promotional campaign at naayos ito sa pamamagitan ng pagtitigil sa campaign, single reward parin ang matatanggap ninyo.

Rewards Eligibility

Grab reserves the right to decide if the minimum severity threshold is met and whether it was previously reported. To qualify for a reward under this programme, you should:

  • Be the first to report a specific fraud.

  • Send a clear textual description of the report along with steps to reproduce the fraud pattern. Include attachments such as screenshots, videos or proof of concept when necessary.

  • Disclose the fraud report directly and exclusively to us. Disclosure to third parties including vulnerability brokers before we addressed your report will forfeit the reward.

Reward Payments

We will payout up to USD $1000 based on severity and novelty of the reported fraud. Grab reserves the rights to determine the payout value without explanation for the same. Our decision will be final and further queries on a resolved fraud case will not be entertained.

Rewards Eligibility

May karapatan ang Grab na magpasya kung ang minimum severity threshold ay nakamit at kung nai-report ito dati. Upang mag-qualify ng reward sa programang ito, kailangan mong gawin ang mga sumusunod na hakbang:

  • Maging una sa pag-report ng fraud.

  • Magpadala ng isang malinaw na deskripsyon ng iyong report kasama ang mga kailangang hakbang para ulitin ang fraud pattern. Isama ang mga attachments tulad ng screenshots, video, o proof of concept kapag kailangan.

  • Ang report ng pandaraya ay dapat i-send na direkta at eksklusibo sa amin. Ang pagsisiwalat sa mga third parties, kasama ang mga vulerability brokers, bago naming na-address ang iyong report ay dahilan para hindi matanggap ang reward.

Reward Payments

Magabayad kami ng payout hanggang sa USD $1000 depende sa lala at pagiging kakaiba ng na report na pandaraya. May karapatan ang Grab na matukoy ang halaga ng payout nang walang paliwanag. Ang desisyon namin ay final at ang mga karagdagang katanungan tungkol sa resolved na kaso ay hindi na sasagutin.

Fraud Scope

In-Scope Fraud Cases

Wondering what would be considered as fraudulent activities? Here are some examples. For cases that are not stated here, do report it to us and we’ll review it accordingly.

(Hover over each case for more information)

  • Passenger
    promo abuse

    Passenger creates multiple accounts to cheat on promo codes.

  • Driver incentive
    gaming

    Driver self book or get a friend to book to hike up their ride count to receive incentives.

  • Driver selective
    job acceptance

    Driver uses illegal apps to pick and choose jobs without affecting acceptance rating.

  • Ghost Rides

    Driver taps ‘Pick up’ and ‘Drop off’ without the rider on board to hit targets.

  • Account
    takeovers

    A driver’s account is hacked by someone else to sabotage the driver’s ratings.

  • Fare payment
    fraud

    Driver keys in extra toll charges or passenger uses invalid card to book rides to get free rides.

  • Spoofing device
    level data like GPS,
    device IDs etc

    Driver uses GPS manipulator to appear anywhere from the map or rooted devices that can create multiple rider accounts.

  • Driver passenger
    collusion

    Driver uses his/her rider account to help other drivers hit the target.

  • Invalid Driver App
    versions

    Driver uses old or unauthorised Grab Driver app version to capitalise on bug flaws.

Out-of-Scope Fraud Cases

There are certain cases that are not accepted under this programme because they are not malicious and/or because they have low impact. Therefore, they will be immediately marked as invalid.

The following findings are specifically excluded from the programme:

• Passenger self referrals

Exclusions

This is not a bug bounty programme. Any security vulnerabilities or bug reports will not be entertained by this programme.

We don’t need specific fraudster accounts but need your reports on new fraud patterns that are being employed by fraudsters

Fraud Scope

In-Scope Fraud Cases

Gusto mo ba malaman kung ano ang mga fraudulent activities? Narito ang mga halimbawa. Para sa mga kaso na hindi nakasaad dito, i-report lamang sa amin at susuriin namin nang maayos.

(Mag-hover sa bawat kaso para sa karagdagang impormasyon.)

  • Passenger
    promo abuse

    Passenger creates multiple accounts to cheat on promo codes.

  • Driver incentive
    gaming

    Driver self book or get a friend to book to hike up their ride count to receive incentives.

  • Driver selective
    job acceptance

    Driver uses illegal apps to pick and choose jobs without affecting acceptance rating.

  • Ghost Rides

    Driver taps ‘Pick up’ and ‘Drop off’ without the rider on board to hit targets.

  • Account
    takeovers

    A driver’s account is hacked by someone else to sabotage the driver’s ratings.

  • Fare payment
    fraud

    Driver keys in extra toll charges or passenger uses invalid card to book rides to get free rides.

  • Spoofing device
    level data like GPS,
    device IDs etc

    Driver uses GPS manipulator to appear anywhere from the map or rooted devices that can create multiple rider accounts.

  • Driver passenger
    collusion

    Driver uses his/her rider account to help other drivers hit the target.

  • Invalid Driver App
    versions

    Driver uses old or unauthorised Grab Driver app version to capitalise on bug flaws.

Out-of-Scope Fraud Cases

May mga kaso na hindi tinatanggap sa programang ito dahil hindi sila nakakahamak o mababa ang kanilang impact. Ang mga kasong ito ay agad minamarka na invalid.

Ang mga sumusunod ay partikular na hindi kasama sa programa:

• Passenger self referrals

Exclusions

Hindi ito isang bug bounty na programa. Ang mga report tunkol sa kahinaan ng seguridad o sa mga bugs ay hindi tinatanggap.

Hindi namin kinakailangan ang report ninyo tungkol sa partikular na fraudster accounts pero tungkol sa mga bagong fraud patterns na ginagamit ng mga fraudsters