FTCO (part of PSI Group)

“With Invicti, we’ve significantly reduced false positives, streamlined our remediation process, and can now generate compliance-ready reports that support PCI DSS and other regulations.”
—Eugene Fateev, Lead Cybersecurity Specialist, PSI Group

Company overview

PSI Group, through its subsidiary FTCO and other companies, develops and operates white-label fintech solutions. Operating in a highly regulated financial environment, PSI Group must comply with strict requirements such as PCI DSS, DORA, GDPR, and UK financial regulations. Security is not only a business necessity but a critical foundation for protecting customers and maintaining trust.

The company runs a hybrid infrastructure spanning on-premise data centers, Azure, and AWS. With customer-facing payment applications at the center of its business, PSI Group needed a security solution that could scale with its complex environment while providing consistent, reliable results.

The challenge: Scaling security beyond open-source tools

As a financial technology company, PSI Group heavily relies on web applications as the primary interface for customers. With most applications being internet-facing, they are exposed to significant cybersecurity threats. A security vulnerability or breach could lead to severe consequences, including financial fraud, data leaks, reputational damage, regulatory penalties, and loss of customer trust.

Before implementing Invicti, PSI Group did not have a dedicated corporate DAST solution and instead relied on open-source scanners to secure its applications. While useful for initial testing, these tools created major bottlenecks at scale:

• High false positive rates slowed down remediation efforts
• Lack of automation meant manual intervention at every stage
• No integration with existing systems or infrastructure
• No enterprise-grade support or compliance-ready reporting

Relying solely on open-source tools was unsustainable for a financial services company with strict regulatory obligations. PSI Group needed a dedicated DAST solution that could automate vulnerability discovery, integrate into existing processes, and scale across dozens of applications.

“Using open-source tools, we faced frequent false positives with no automation and no enterprise support, which slowed down remediation and wasted valuable time.”

The solution: Enterprise-grade DAST from Invicti

PSI Group adopted Invicti’s dynamic application security testing (DAST) solution, starting with the on-premise version and now transitioning to Invicti’s cloud platform. Implementation was smooth, supported by clear guidance and practical examples from Invicti’s technical team.

Invicti was integrated into PSI Group’s secure software development lifecycle (SDLC), bringing automation and visibility to the vulnerability management process. Improved scan accuracy with proof-based scanning greatly cut down on false positives, enabling faster remediation and more accurate reporting.

“The implementation process was smooth, with only minor challenges that were quickly resolved. Invicti’s support team provided clear explanations and practical examples, ensuring successful integration.”

The result: Efficiency, compliance, and visibility

Invicti’s DAST solution is now a fundamental component of PSI Group’s security framework and is critical for maintaining compliance with regulations such as PCI DSS, DORA, and GDPR. DAST helps detect vulnerabilities before deployment and supports continuous security testing efforts.

Since adopting Invicti, PSI Group has realized multiple benefits:

• Scalability and efficiency: Automated scanning and proof-based results eliminated hours of manual verification, saving at least 20 hours per month and streamlining remediation.
• Improved compliance: Invicti provides out-of-the-box reporting aligned with PCI DSS, GDPR, and other regulations, making audits more straightforward.
• Greater visibility across environments: With hybrid infrastructure spanning cloud and on-premise, Invicti’s DAST gives PSI Group a consistent outside-in view of risks before deployment.
• Fewer false positives: Developers now focus on fixing exploitable issues rather than sifting through noise.

“Since adopting Invicti, penetration tests show fewer findings because vulnerabilities are detected earlier in the SDLC, which reduces the effort required during pen testing.”

Looking ahead

Invicti has become an essential part of PSI Group’s security strategy, enabling the company to enhance its security posture, meet regulatory requirements, and protect its web applications effectively. By leveraging Invicti’s capabilities, PSI Group continues to strengthen its cybersecurity framework, ensuring safer and more reliable fintech solutions for its customers. The group’s next steps in exploring Invicti capabilities include looking into API discovery and scanning to strengthen its API security efforts.