%20(1).png)
OTP Bank SA (Moldova), a subsidiary of the Hungarian OTP Group, undertook a strategic security upgrade to modernize transaction authentication for its corporate customers. The bank replaced its legacy competitor hardware tokens with Wultra’s Talisman FIDO2 hardware tokens, addressing both security and usability challenges while aligning with the evolving regulatory direction of the European payments framework.
The primary objectives were:
- To modernize the bank’s security infrastructure using a future-proof, FIDO2-based authentication solution.
- To significantly improve the user experience for corporate customers by eliminating manual One-Time Password (OTP) transcription during transaction authorization
Challenge: High-Assurance Security Requirements and Legacy UX
OTP Bank Moldova serves corporate customers with elevated security requirements, including businesses that perform high-value or sensitive transactions and deliberately prefer a dedicated, standalone authentication device over embedded mobile application tokens. For these customers, stronger isolation from smartphones and reduced exposure to malware or device compromise are key security considerations.
The bank’s existing authentication solution relied on legacy competitor hardware tokens that required users to manually enter transaction details into the device and transcribe a numerical OTP back into the web interface to authorize transactions.
This approach was:
- Technologically outdated
- User-unfriendly and error-prone
- Misaligned with modern expectations for strong customer authentication and secure transaction authorization
As fraud techniques increasingly exploit manual transcription, social engineering, and screen-sharing scenarios, OTP Bank Moldova required a modern, high-assurance alternative capable of delivering superior security while improving usability for its most security-conscious corporate clients.
Solution: PSD3/PSR-Ready FIDO2 Hardware Tokens for Corporate Customers
To address these needs, OTP Bank Moldova selected Wultra’s Talisman FIDO2 hardware tokens as a high-assurance authentication solution for its corporate customer segment.
Wultra supplied 4,500 Talisman devices to support the authentication needs of the bank’s most valued corporate customers.
Talisman is a PSD3/PSR-ready FIDO2 hardware token, designed specifically for banking use cases and aligned with the draft regulatory direction of the upcoming EU payment services framework. It represents a generational leap in authentication by offering:
- Zero-Transcription Authentication
The device completely eliminates the need for manual OTP entry and transaction data transcription, removing a major source of user frustration and human error. - Guided Authentication and Visual Transaction Confirmation
A two-line display guides users through the authentication process in line with the What You See Is What You Sign (WYSIWYS) principle. Customers can review full transaction details directly on the device and confirm them securely using a PIN code. - FIDO2/WebAuthn-Based Enrollment
Built on open standards, the solution enables simple, zero-installation, self-service enrollment while providing strong protection against phishing, malware, and credential theft.
The solution delivers robust security and regulatory readiness while supporting corporate customers who intentionally choose a dedicated hardware authenticator over embedded mobile tokens.
Partnering with Wultra allows us to deliver digital services with the highest level of trust and convenience. By integrating advanced token‑based authentication, we not only strengthen transaction security but also reinforce our commitment to customer confidence and innovation. This collaboration highlights our vision to combine cutting‑edge technology with seamless user experience.
Irina Pohila
Head of Digital Channels & Digital Product Owner
Impact: Enhanced Security, Regulatory Readiness, and User Experience
- Improved User Experience (UX)
The transition to Talisman devices fundamentally improved the corporate customer experience. By enabling direct transaction confirmation on the device and eliminating manual OTP transcription, a previously cumbersome security step became fast, intuitive, and significantly less error-prone.
- Infrastructure Modernization & PSD3/PSR Readiness
The deployment fully replaced legacy competitor hardware tokens with a modern, high-security solution aligned with the forthcoming PSD3/PSR regulatory framework and current strong customer authentication principles. - High-Assurance Authentication for Corporate Customers
Talisman provides a dedicated, tamper-resistant authentication device preferred by corporate clients seeking stronger isolation than embedded mobile application tokens, reducing exposure to malware, device compromise, and social engineering attacks.
- Strengthened Security Posture
Leveraging the FIDO2 protocol and on-device visual transaction confirmation significantly enhanced the bank’s defenses against common fraud vectors, including phishing, malware-assisted attacks, and fraud scenarios exploiting manual transcription or screen-sharing vulnerabilities.
The success of the project validated the value of zero-transcription authentication, improved user experience, and FIDO2-based security for corporate banking environments.
