Blog

FIDO2 is one of the most significant advances in authentication security in a generation. It eliminates many of the attacks that defined a decade of banking fraud, particularly phishing and credential theft.

At Finovate London, Wultra's Regional Lead for Digital Identity Amal Nazar walked through what it actually takes to modernize legacy authentication for a post-quantum world, and why the window to do it properly is getting shorter every year.

India’s latest update to digital payment authentication signals a shift in how trust is established in large-scale financial ecosystems. With enforcement starting in April 2026, the Reserve Bank of India is reinforcing two-factor authentication while clearly encouraging a move toward dynamic, transaction-bound security.

Malaysia’s updated RMiT policy shifts authentication from guidance to enforceable standards, requiring phishing-resistant, device-bound methods. It reflects a broader move toward continuous, risk-based security tied to real-world fraud threats.

Post-quantum authentication is no longer theoretical. It is becoming a practical requirement for organizations that rely on cryptography to protect digital services, customer identities, and long-lived data. Advances in quantum computing mean that the security assumptions behind today’s cryptographic systems may not hold for the full lifetime of systems being deployed now.

Interestingly, some of the less secure — or even outright legacy — authentication methods appear to be less affected by quantum threats than their modern, cryptography-based counterparts.

We’re excited to announce the opening of Wultra’s new office in Singapore — our first location in Asia. This step strengthens our support for banks and fintech companies, especially across Southeast Asia as they prepare for the post-quantum era and the next generation of secure digital authentication.

The upcoming PSD3/PSR1 regulation introduces stricter requirements for Strong Customer Authentication (SCA). One of the most notable changes is the requirement to provide authentication methods that do not depend on smartphone possession.

The Central Bank of the UAE has made it clear: by 2026, financial institutions must eliminate SMS one-time passwords (OTPs). This regulation is reshaping the authentication landscape for banks across the region, and the time to prepare is now.

While “passwordless” is the keyword of the current era, relying solely on a particular approach to authentication without passwords, such as camera-based facial biometrics, might be short-sighted, result in missed business opportunities, and expose an organization to unnecessary risk.