🚀 See you in Berlin! We are exhibiting at "European Identity and Cloud Conference 2025" (5-9 May 2025). Let's meet there.
Securing customer data is no longer just a technical concern — it’s a core part of building trustworthy banking products. As a product owner, you’re likely to encounter conversations about cryptographic techniques — terms like encoding, hashing, encryption, digital signing, and authentication codes often surface in discussions around security and compliance. However, these concepts can be complex and occasionally overwhelming, especially if you don’t work hands-on with the underlying technology.
A quiet but essential shift has just made passkeys — the future of secure passwordless authentication — ready for the quantum era.
In our latest webinar, Wultra’s special guest, Jiří Pavlů, a Mathematical Security Expert at Raiffeisen Bank’s Cryptology and Biometrics Competence Centre, joined Petr Dvořák, Wultra’s CEO and founder, for an insightful discussion about post-quantum authentication.
The upcoming PSD3 and Payment Services Regulation (PSR) introduce new expectations for how banks and payment service providers approach strong customer authentication (SCA). One of the most significant changes is the requirement to offer an alternative authentication method for users who cannot—or choose not to—use smartphones.
By challenging common authentication-related excuses with critical thinking, your organization can take a proactive approach to security and strengthen your authentication.
The rise of quantum computing is reshaping the foundations of cryptography and, by extension, authentication. While many industries rely on authentication methods like FIDO2 tokens, X.509 certificates, RFID tokens, mobile push authentication, OTP tokens, and more, these mechanisms heavily depend on cryptographic algorithms that will soon be obsolete.
Recent advancements in quantum computing and the NIST standardization of quantum-resistant cryptography have motivated security-conscious organizations to assess the impact of the quantum threat across their digital ecosystems and explore innovative cyber-security solutions, including post-quantum authentication, to stay ahead of emerging threats.
With the advent of quantum computing, organizations must transition from legacy authentication methods to post-quantum authentication (PQA) before Q-Day — the point when quantum computers can break conventional encryption. However, switching to PQA isn’t just a technical upgrade; it’s a transformation that impacts user experience, security, and compliance.
European banks are already navigating complex regulatory changes, including PSD3/PSR and the EU Digital Identity Wallet. However, a third less visible but equally urgent challenge looms: Post-quantum cryptography (PQC). While compliance and digital identity projects dominate the conversation, banks must prepare for a cryptographic shift that will define the security of financial services in the next decade.
"Harvest now, decrypt later" has become the phrase on everyone’s lips when discussing post-quantum cryptography. The idea is simple: Adversaries collect encrypted data today and wait for the arrival of quantum computers that can break current encryption methods. But is this really the only threat we should focus on?
When exploring the various hard token types on the market, here’s why Talisman stands out as the top choice for banks and fintech companies.
If your business is new to post-quantum cryptography (PQC), now’s the time to start educating yourself on why it matters — and learn why the best time to migrate to quantum-resistant solutions was yesterday.
This year, the cyber-security and authentication landscape will be shaped by both an array of advancing threats and cutting-edge solutions.
Quantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions. Czech cybersecurity startup Wultra has raised €3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its post-quantum authentication technology, safeguarding banks and fintech against the coming wave of quantum threats.
We’re excited to announce that our latest update to our mobile token now incorporates OIDC-based activation.
RBI’s new framework is just around the corner. Here’s what this initiative means for India’s banks and fintech companies.
In a landmark moment for cyber-security, the U.S. National Institute of Standards and Technology (NIST) officially announced the finalization of its first set of post-quantum cryptography (PQC) standards in August 2024.
By recognizing the strengths of hard and soft tokens for different customer segments, you can deploy future-proof authentication solutions that stay ahead of fraudsters and ensure the safety of your customers.
Mobile banking stands out as a great example of how digital advancements can simplify our lives. I've seen firsthand the remarkable impact that mobile solutions have on financial management, yet the journey towards striking a perfect balance between user convenience, security, and regulatory compliance remains a challenge for many banks and fintech companies.
.png)
Mobile tokens, also called mobile authenticators, software tokens, or soft tokens, are mobile apps for iOS and Android that supplement two-factor authentication (2FA) for various online applications, both on the web and in mobile apps.
.png)
Hard tokens are far from being a thing of the past — instead, they may actually be the best choice for your organization’s authentication needs.
[Prague, 02/07/2024] — Wultra, a leading provider of modern authentication and security solutions, is expanding its product portfolio with the launch of Talisman, a next-generation personal identity device that allows bank clients to access online banking with the speed and convenience of a mobile app, but with significantly enhanced security.
The proposed PSD3/PSR directive focuses on clarifying and improving how SCA requirements are applied in real-life scenarios. Here’s how the proposal will make SCA more effective.
Get to know the plans and requirements laid out in each of the Scam Safe Accord’s initiatives.
Learn how Australian banks are joining forces to declare war on scammers with the introduction of the Scam Safe Accord.
František Nonnemann of GDPR.cz recently had the chance to sit down with Petr Dvořák, founder and CEO of Wultra, to discuss trends related to advanced tools for user authentication and the protection against cyberattacks on online payments.
[PRAGUE, 28/03/2024] — Wultra, a leading provider of modern authentication and security solutions, sits at the forefront of Moldova's banking sector transformation by supporting the country's journey towards European Union membership. As Moldova begins EU accession negotiations, which the European Council decided to open in December 2023, its banking sector is undergoing significant changes related to digital banking security to meet EU regulatory standards.
In July 2024, regulation on biometric authentication will come into effect and transform how Vietnamese banks approve payments. Our solution is fully equipped to seamlessly help you make the shift to secure authentication.
Decentralized identity marks a significant shift in the ways that both businesses and individuals handle personal data and identity verification.
Our new set of features has been specifically designed to safeguard against the array of attacks that are actively causing financial harm to both banks and their customers.
In the ever-evolving landscape of digital authentication, Wultra is proud to announce a series of updates and improvements to our mobile-first authentication, specifically for our mobile-first authentication solutions that we’ve made during 2023. The new features that we’ve rolled out in both of these products are designed to deliver an increasingly seamless, easy-to-deploy authentication experience to our clients and their customers.
Prague, 4/12/2023 — Wultra, a provider of modern authentication solutions to banks and fintech companies, is delighted to announce a strategic partnership with Global Payments Europe (GPE). This collaboration marks a significant step in enhancing today’s security and payment offerings within the financial sector, particularly in the Czech, Slovak, German, and Hungarian markets.
[PRAGUE, 27/11/2023] — Wultra, a provider of modern authentication solutions to banks and fintech companies, has achieved significant growth and transformation in 2023. With its current strategy, Wultra remains steadfast in its commitment to deliver cutting-edge mobile authentication solutions, expand its global presence, and foster genuine customer satisfaction in the financial services landscape.
For banks and fintech companies with questions about protecting the finances of customers who use remote access tools on their mobile devices, we have answers.
Learn which authentication trends will shape how people onboard to financial services, access digital banking, and approve payments.
In the current state of financial fraud and authentication in Canada, Guideline B-13 is set to be the regulatory framework that helps bolster the security of Canadian banks and financial institutions.
Some of today’s tech giants have already made the move toward implementing authentication via passkeys. Here’s why banks and fintech companies should do the same — plus, how Wultra’s solutions can help.
Breaking down the roles and functions of FIDO2’s associated specifications.
%20(2).png)
A first look at the European Commission’s newest proposal, which has consumer rights and secure digital payments at its core.
Revisions to the Regulatory Technical Standards of PSD2 have come into effect in July 2023 — here’s what they mean for both payment service providers and customers.
Here’s why passkeys are today’s most secure authentication option.
In response to the adoption of digital banking and an increase in generative AI-based attacks, iProov and Wultra have created a secure digital onboarding solution to meet the needs of modern banks and financial services providers.
Here’s how Wultra can help your business get ready for what's coming.
The EU Digital Identity Wallet has the potential to revolutionize the way customers verify their identity, reactivate accounts, sign documents, and more.
Looking to swiftly move your bank towards European banking standards? Wultra is here to help.
To genuinely become mobile-first, it’s time for banks to rethink their mobile onboarding process. Here’s how Wultra can help.
Learn more about our new partner as well as the goals we’ve set for our future work together.
Authentication via SMS-OTP is considered outdated because of higher overall costs, low user convenience, and insufficient regulatory compliance in specific geographic regions, but primarily for practical security reasons.
Payment scenarios exempt from SCA requirements are generally determined by a transaction’s amount, recurrence, and the channel used to carry out the payment. Let’s take a more detailed look at each of these exemptions and their real-world applications.
mojeID has recently been certified for EU-wide use, which means that it’s now possible for users to access e-government services throughout Europe.
Authentication elements are either categorized as knowledge, possession, or inherence. How are these categories defined — and what does each of them require?
The latest installment of our series focused on Strong Customer Authentication (SCA) explores the aspect of dynamic linking. How is this component vital to providing secure online transactions?
In a continuation of our article series on Strong Customer Authentication (SCA), we’ll be examining the requirements for generating a core component of SCA requirements: authentication codes.
The introduction and implementation of SCA has made it clear that certain authentication factors no longer cut it in terms of security. Here’s how your business can benefit from embracing SCA requirements.
Let’s take a moment to think about each of the services that we, as consumers, carry out using a variety of mobile applications. Whether we’re purchasing something online or managing our personal finances, we turn to digital solutions that we access on our mobile devices. The adoption of mobile services isn’t going away anytime soon — in fact, it’s growing at a steady rate. Mobile devices (and the apps on them) have become a central part of our lives, and that’s a fact.
Mobile banking security can be complex. There are a number of important components to consider, and it’s necessary for banks looking to achieve all-around security for their mobile banking applications to implement several important layers.
We recently told you about a handful of current threats facing mobile banking users. In that post, we mentioned multi accounting, which is the act of purposefully creating multiple accounts in order to abuse a system. Multi accounting attacks on banking steal victims’ credentials and attackers pair victim’s accounts to mobile banking on their devices. A surefire way to protect against this type of attack is to implement a more thorough identity verification using a personal ID scan and server-side face biometrics.
For many people, the concept of passwordless authentication can be difficult to wrap their head around. How is it that one safely logs in to and interacts with sensitive services without using a password, you may wonder?
Wultra, founded three years ago by Petr Dvořák, protects the Internet and mobile applications of leading banks and FinTech. The company prepares for rapid international expansion and secures tens of millions of Czech crowns in the investment round led by J&T Ventures.
We are thrilled to announce that our Mobile Token solution is now available on Microsoft Azure Marketplace. Thanks to this offer and simplified integration APIs, financial organizations worldwide can now deploy our industry-leading passwordless authentication in a significantly shorter time.
Huawei, a global provider of ICT infrastructure and smart devices, has been in a negative spotlight lately. Many national security agencies have flagged this company as a potential security risk, with some countries imposing sanctions to impede Huawei’s operations. Banks are considered critical infrastructure in most states. As a result, they need to evaluate their approach to Huawei, especially in the context of smartphones and portable devices their customers use to access digital banking. At the same time, they cannot merely ignore Huawei because it is currently the biggest smartphone vendor with a global smartphone market share of approximately 20%.
Finshape and Wultra strengthen its technology partnership to accelerate the synergies and further business expansion. Wultra’s innovative security components are a great asset for Finshape's products, with Mobile Token now being fully integrated into Digital Bank OS and easily available to all clients with Finshape's banking platform.
.webp)
We equip banks and fintech companies with a seamless, quantum-resistant authentication.