Yearly penetration testing for trading platform

• IDS Group provided critical oversight by executing recurring penetration tests to protect cardholder data and high-volume transaction flows.
• Specialists neutralised risks across payment gateways and APIs through comprehensive threat detection.
• The team validated encryption and storage protocols to ensure all data safeguarding exceeded global regulatory standards.
• Our experts hardened digital defenses to prevent fraud and maintain the operational integrity of the trading marketplace.
• IDS delivered the technical evidence and remediation guidance required for a seamless and gap-free certification process.

We delivered a comprehensive, PCI-mapped penetration testing programme tailored to Capital.com’s complex environment.

1. PCI DSS scoping and system mapping

We worked closely with the Capital.com team to understand their end-to-end payment flow, define in-scope assets, and align testing methodology with PCI DSS requirements.

2. Network and application layer testing

Simulating real-world threats, we tested infrastructure, web applications, and mobile endpoints targeting payment workflows, cardholder data storage, access management controls, API interaction points. 

3. Database and data security assessment

We examined encryption, access controls, and data integrity to ensure stored financial information met PCI DSS’s strictest guidelines.

4. Reporting and remediation support

IDS provided detailed vulnerability reports with actionable remediation steps, giving Capital.com clear guidance to strengthen defences ahead of their PCI audit.

• PCI DSS compliance confirmed
• Critical issues were identified and remediated, significantly hardening their security posture.
• Strengthened encryption, improved access controls, and tighter data handling reduced exposure to potential breaches.
• A demonstrably secure trading platform reinforced Capital.com’s reputation as a safe, compliant financial service provider.