Wultra has been recognized as a Sample Vendor for post-quantum authentication (PQA) in the Gartner® Hype Cycle™ for Digital Identity, 2025.

The Central Bank of the UAE has issued a new directive requiring all financial institutions to eliminate SMS and email-based one-time passwords (OTPs) by March 2026. With fraud on the rise and only a handful of banks fully compliant, the race is on to adopt secure, biometric, and risk-based authentication methods.

Securing customer data is no longer just a technical concern — it’s a core part of building trustworthy banking products. As a product owner, you’re likely to encounter conversations about cryptographic techniques — terms like encoding, hashing, encryption, digital signing, and authentication codes often surface in discussions around security and compliance. However, these concepts can be complex and occasionally overwhelming, especially if you don’t work hands-on with the underlying technology.

A quiet but essential shift has just made passkeys — the future of secure passwordless authentication — ready for the quantum era.

In our latest webinar, Wultra’s special guest, Jiří Pavlů, a Mathematical Security Expert at Raiffeisen Bank’s Cryptology and Biometrics Competence Centre, joined Petr Dvořák, Wultra’s CEO and founder, for an insightful discussion about post-quantum authentication.

The upcoming PSD3 and Payment Services Regulation (PSR) introduce new expectations for how banks and payment service providers approach strong customer authentication (SCA). One of the most significant changes is the requirement to offer an alternative authentication method for users who cannot—or choose not to—use smartphones.

By challenging common authentication-related excuses with critical thinking, your organization can take a proactive approach to security and strengthen your authentication.

The rise of quantum computing is reshaping the foundations of cryptography and, by extension, authentication. While many industries rely on authentication methods like FIDO2 tokens, X.509 certificates, RFID tokens, mobile push authentication, OTP tokens, and more, these mechanisms heavily depend on cryptographic algorithms that will soon be obsolete.

Recent advancements in quantum computing and the NIST standardization of quantum-resistant cryptography have motivated security-conscious organizations to assess the impact of the quantum threat across their digital ecosystems and explore innovative cyber-security solutions, including post-quantum authentication, to stay ahead of emerging threats.

With the advent of quantum computing, organizations must transition from legacy authentication methods to post-quantum authentication (PQA) before Q-Day — the point when quantum computers can break conventional encryption. However, switching to PQA isn’t just a technical upgrade; it’s a transformation that impacts user experience, security, and compliance.