- Start importing
- Prohibited and restricted imports
- Import animals
- Commercial ships and cruise liners
- Lodge your import entry
- Valuation for import
- Preferential tariff duty rates
- Customs rulings
- Customs exchange rates
- Import payments and refunds
- Deferred accounts for importers
- Deferred accounts for brokers
- Import forms and documents
- What is excise?
- Apply for a licence
- Lodge your excise entry
- Claim excise duty remission or refund
- Pay excise duty and other charges
- Apply for excise duty credit or drawback
- Moving excisable items
- Changing, suspending or cancelling your licence
- Amend, surrender or transfer your licence
- Change your entry or payment timeframe
- Excise forms and documents
- Advice for exporters, importers and businesses
- Movement of goods
- Customs duties
- Excise clients
- Goods clearance fees deferral
- Lodging of Import Declarations
- Movement of critical supplies
- Permits and Carnets
- Point of Care test kits
- Public counters
- Tariff Concessions
- Trade enquiries
- Report a website vulnerability
Report a website vulnerability
A website vulnerability is a weakness that allows an attacker to gain some level of control of a website.
Once found, these vulnerabilities can be exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable site.
We encourage the public to report website vulnerabilities. If you've found or know of any vulnerabilities to any New Zealand Customs Service website, please complete the form below.
What will Customs do?
- We'll acknowledge receipt of this form as soon as possible and provide an update within seven (7) working days.
- We'll assess and validate the reported vulnerability.
- If requested, you can be notified of the outcome.
- We'll aim to fix vulnerabilities as quickly as practicable.
Customs will not seek legal recourse for any reported vulnerabilities unless the vulnerability is:
- Used to change, deface or destroy the website.
- Used to corrupt or destroy data.
- Used to access or share any information that does not belong to the reporter.
- Reported to others so it may be exploited for malicious intent.
- Used to undertake ‘Denial of Service’ attacks.