Secure PIN Code For Financial Apps

Can you tell the difference?

If not, we can't blame you. It's hidden inside.

Implementing a secure PIN code isn’t about what users can see — instead, it’s about what happens under the hood. While there are many PIN code implementations out there, the majority don’t measure up when it comes to user experience and compliance. Wultra’s solution raises the bar for modern PIN code implementation.

2 mobile phone screens showing pin code keyboard

HERE IS WHY OUR
PIN CODE 
IMPLEMENTATION 
IS NEXT LEVEL 

1

PIN codes are never, ever stored.

A PIN code should only exist in a user's head, and — for a very brief moment — in the volatile memory of their mobile device. We never store the PIN code on a mobile device nor server, not even as a hash.

2

We don’t use the PIN code directly for authentication.

The PIN code only unlocks local cryptographic keys. These keys are used alongside operation data and a hash-based counter value to compute a one-time signature, which is later verified on the server.

3

We never keep the PIN code and keys in memory in plain text.

The low-level C/C++ implementation under the hood allows us to work precisely with the memory. All data is contained in a dedicated part of memory, protected by ad-hoc encryption to complicate its retrieval by untrusted parties, and zeroed out immediately after its use.

4

If authentication fails, we block the PIN code remotely.

In case a user enters a PIN code incorrectly, we increase the number of failed attempts on the server side. After five failed attempts (or another value specified in our system) is reached, we block the device on the server.

5

We check the PIN code policy and disallow weak PIN codes.

Even the strongest cryptography won't protect users who select 1234 as their PIN code. This is why we reflect the best practices in PIN code strength evaluation by providing an additional library to check PIN code strength.

6

We set up the PIN code after a secure activation process.

We've designed our device activation flow to be bulletproof from the cryptography perspective. To protect primary credentials, we apply additional application-level encryption and data signing.

Drop-in Implementation

Straightforward implementation with all the magic under the hood.

Don’t waste time working through the complications that often come along with implementing secure PIN codes. We take care of the heavy lifting so that you can focus on building great digital products and delivering excellent user experiences.

MOBILE AUTHENTICATION SDK

JOIN DISCORD

Schema showing how You can easily use the code on iOS and Android, since we take care of the complicated, low-level stuff in the core implementation layers.

Clean Solution Architecture

Cryptography, networking, and data storage packaged in a comprehensive bundle.

You can easily use the code on iOS and Android, since we take care of the complicated, low-level stuff in the core implementation layers.

Get in Touch
with us

We are here to protect your financial apps

MOBILE-FIRST AUTHENTICATION

IN-APP PROTECTION

Case studies

Blog

WEBINARS

Replace SMS OTP With a Mobile App

Secure PIN Code

Dynamic SSL Pinning

Screen sharing scams

Careers

About us

Contact us

Compliance

brand guidelines

Partners

USE CASES