google-play

Scan to Download iOS&Android APP

Security

Ensuring the security of your accounts is a key priority for us. At Capital.com, we are committed to protecting your funds and personal data using a holistic system of security controls.

Our comprehensive security programme includes market-leading security solutions to ensure our platform and infrastructure are secure. We put measures in place to effectively detect security breaches which are reflected in our policies and our employee awareness programmes. All our security detection and assessment activities are monitored and continuously enhanced to establish and protect the integrity of our security systems.

Protecting your account

Capital.com uses encryption and Two-Factor Authentication (2FA) to secure your account. We never store passwords in plain text, instead we employ salted secure hash algorithms to better protect your passwords and your accounts.

Computer
Computer

Securing your funds

Our clients’ funds are held in segregated bank accounts, which means that your money is never used for business activities or merged with our own money. Your funds are completely ring-fenced and protected.

Securing our network

We use a combination of load balancers, firewalls, and VPNs to monitor and filter incoming and outgoing network traffic to defend against cyber attack threats. Our infrastructure is constantly monitored and we only transmit our data over encrypted transport layer security (TLS). In addition, we enable a HTTP Strict-Transport-Security response system to detect possible cyber threats and apply a DMARC policy to evaluate the authenticity of all email messages.

Securing our platform

The Capital.com security team drives an Application Security Programme which is designed to improve our code security and quickly detect vulnerabilities. To further promote security through the exchange of best practices and new ideas, we launched a bug bounty programme. This has enabled us to attract new perspectives on how to challenge emerging security threats.