HackerOne makes it easy to pay hackers. You can choose from these two options to pay a hacker:
Add a credit card to your HackerOne account that is charged to pay out bounties.
Make an advanced deposit which bounties can be paid out from. Whenever your program decides on a bounty, you simply set the amount you'd like to pay on the report, and it's withdrawn from your balance. When funds are running low, HackerOne will request another advanced deposit if your account has auto-replenishment. HackerOne recommends depositing 3 months' worth of bounty budget at a time. Most programs use this method to pay out bounties.
The typical time to remit payment to hackers is 2-7 days.
With HackerOne taking care of your payments, you don't have to worry about:
Finding yourself in situations such as figuring out how to pay a hacker in an obscure place that doesn't have a mailing address
HackerOne also collects the appropriate tax forms to remove the operational headache for you.
To request an invoice, go to Program Settings > General > Billing > Prepayment.
You can view details for each transaction by viewing or exporting reports in Program Settings > General > Billing > Overview.
Email receipts are sent to authorized team members by default when credit card payments are made to hackers for bounty, pentest, and retest payments. This feature can also be enabled for your program if you need receipts for other payment types.
Low Balance Notifications
When you've opted to use prepayment, you can set up notifications to let you know that your account balance is low.
To set up low-balance notifications:
Go to Program Settings > General > Billing > Overview.
Click Edit next to the Low balance email notification page.
Select Notify us when our balance falls below:
Enter the threshold balance.
To stop notifications, you can select: Edit > Don't notify us.