The Authentication Newsletter for January 2026
The Authentication Newsletter is OneSpan’s roundup of news, trends, and perspectives on authentication, fraud prevention, and mobile app security, originally shared with our LinkedIn community. We’re republishing it here to make these insights accessible to a wider audience. Enjoy!
Read the January 2026 issue of The Authentication Newsletter for more on:
- Predictions for 2026
- Acquisition news
- Regulatory updates
- Fraud prevention tips
- And more
Predictions for 2026, acquisition news, regulatory updates, and fraud prevention tips
⛄January is a time for new beginnings, goal setting, and reflection. At OneSpan, we’re looking at what’s next in the cybersecurity space in 2026, while learning from the shifts that defined 2025.
As we kick off a new year of The Authentication Newsletter, we have some big news. We just announced an agreement to acquire Build38, a leader in next-generation mobile application protection solutions. The acquisition is expected to close by March 2026, so stay tuned for additional updates. 🔗Learn more.
Together, these milestones reflect OneSpan's direction:
- June 2025: Acquired Nok Nok Labs for passwordless FIDO authentication
- October 2025: Strategic investment in ThreatFabric for fraud prevention
- January 2026: Agreement to acquire Build38 for mobile app security
Take a closer look at how market trends are aligning authentication, fraud detection, and application security. 👇
Reflecting on 2025 and what it means for 2026
🤔 2025 was a pivotal year for fraud. In a recent blog, ThreatFabric examines five key trends that shaped the fraud landscape, including:
- 1. Investment fraud dominated losses across the U.S. and Europe
- 2. The re-emergence of carding with a modern twist through Apple Pay and Google Wallet accounts
- 3. Biometric data collection by criminals
- 4. The tipping point of criminal development through genAI
- 5. Fraud intelligence sharing among financial institutions to identify gaps and coordinate responses
Noting these 2025 patterns, the following areas are expected to be critical to staying ahead of threat actors in 2026: fraud collaboration, proactive threat intelligence, AI-powered detection, and unified frameworks and layered defenses.
Our security experts @Ashish Jain and @Frederik Mennes have a few things top of mind for what’s to come this year:
- Passkeys will shift from a “nice to have” to a non-negotiable as AI attacks surge
- More regulation will be aimed at preventing APP fraud, especially as bad actors lean on AI tools like deepfakes to further scale and disguise their schemes
- The static API-to-API world was predictable, but agent-to-agent workflows demand continuous negotiation of trust, intent, and authority, requiring organizations to have more dynamic trust stacks that integrate authentication, verification, and fraud detection
- Digital identity wallets will help facilitate ID verification, protect against deepfake threats, and make customer onboarding smoother with robust guardrails to protect sensitive information, but governments and banks will need a clear plan to encourage widespread use
Industry shifts and trends
PSR and PSD3 updates
In late 2025, European co-legislators reached a political agreement on the Payment Services Regulation (PSR) and the third Payment Services Directive (PSD3), completing a critical stage towards finalizing both.
The new regulations will overhaul digital banking and payments rules, requiring major changes in fraud prevention, liability, and strong customer authentication to reduce authorized fraud and improve consumer protection across Europe. The reforms will significantly impact how financial institutions design security, compliance, and payment processes.
☝️Listen to Frederik Mennes, OneSpan's Director of Product Management and Business Strategy, discuss the latest regulatory updates.
Central Bank of the United Arab Emirates boosts consumer protection against fraud
For digital banking security teams in the Middle East, remember the deadline to comply with the CBUAE’s Notice No. CBUAE/FCMCP/2025/3057 is 31 March 2026.
If your bank needs support, this white paper covers the new regulatory requirements in detail.
Securing identity in the age of agentic commerce
Commerce keeps reinventing itself. First was the shift from brick-and-mortar to e-commerce. Now, agentic commerce is coming into play, where AI agents shop, negotiate, and transact on consumers’ behalf. But allowing agents free rein of our passwords and private financial information carries security risks.
@Rolf Lindemann shares actions commerce leaders can take now to secure user access and reduce friction.
Mastering the fraud kill chain
Traditional fraud detection controls aren’t enough anymore. Learn how mobile threat intelligence and real-time prevention strategies stop account takeover (ATO), impersonation scams, and voice phishing attacks at every stage of the attack chain.
For a quick preview, watch this 1-minute clip from the webinar.
Watch the full presentation here.
Going beyond authentication in digital banking
Modern fraud in mobile banking is increasingly about manipulating real customers and compromising their devices. To better support and protect customers, banks need to adopt a broader security lens that allows visibility into the entire transaction journey through behavioral analytics and device risk intelligence.
Understanding 🧑💻 how the user behaves, 📱what is happening on the device, and 🏧 whether the transaction aligns with legitimate intent is now key to stopping fraud. Learn more about modern fraud patterns and how banks can move beyond authentication.
FIDO authentication in Japan
Japan’s largest trust bank, Sumitomo Mitsui Trust Bank (SuMiTB), recently partnered with SCSK Corporation and OneSpan to deploy a new cloud-based FIDO authentication solution to strengthen mobile banking security.
The system aims to prevent phishing-related fraud and account impersonation to counter Japan’s rising ATO fraud, which contributed to reported losses of approximately ¥690 billion (US$4.44 billion) in 2025. 👉 Read about SuMiTB’s plans for implementing FIDO authentication.
Recommended resources
2025 gave us some great resources for passwordless authentication and digital identity. We particularly loved:
- The Gartner® Hype Cycle for Digital Identity, 2025. In it, discover a fresh look at what’s shaping the future of identity — from AI-native platforms to decentralized credentials. You’ll also learn what security leaders need to pay attention to next.
- An article in American Banker from FIDO Alliance CEO Andrew Shikiar: Banks need to adopt passkeys as a safer alternative to passwords. As passkey adoption builds across industries and among consumers, it has paved the way for American banks to deliver simpler, safer digital experiences for their customers.
If you’re an authentication fanatic like us and are looking for your next listen, dive into this Razorwire podcast episode from Razorthorn Security on The Death of Passwords: The Future of Authentication.
Host James Rees and guests David Higgins from CyberArk and Murtaza Hafizji from OneSpan examine the persistent challenges surrounding identity management. They also discuss the opportunities and complexities that cloud environments create for access management, and the evolution of passwordless.
💡 Ransomware is an identity problem. In a recent webinar, Silverfort Sr. Director of Strategic Alliances Jonathan Nativ and OneSpan Sr. Product Marketing Manager Sarah Van De Vyver consider how adaptive access controls and phishing-resistant MFA stop identity-based ransomware across hybrid and legacy environments. 🔗
Before you go…
Join us in congratulating our partner ThreatFabric for their recent patent granted by the European Patent Office for behavioral analytics technology. They’ve spent years working with European tier 1 banks to make fraud detection smarter, faster, and frictionless, and this patent is a great testament to that work.
And if you’re headed to any upcoming industry events, come see us!
- We’ll be at Finovate Europe in London from February 10-11 in booth #8. On day 2 at 9:45 a.m., hear OneSpan and ThreatFabric experts discuss impersonation scams and PSD3 & PSR.
- We’ll be at the Gartner Identity & Access Management Summit in London from March 9-10. Chat with one of our experts or just say hi.
- Catch us in San Francisco for RSAC March 23-26. We’ll be in the North Expo, booth #6578!
LinkedIn Newsletter
The Authentication Newsletter
Be sure to subscribe to this newsletter on Linkedin to get the latest on authentication and cybersecurity.
Subscribe now
