Wultra acquired its first customers three years ago among Czech banks, helping them solve a problem concerning the security of online and mobile transactions. Today, it receives enquires from Indonesia, Ghana and the USA, and thanks to an investment by J&T Ventures, it doesn’t want to miss any opportunities.
When did you realize that there was a niche in the banking market concerning offers of security solutions?
PD: Nearly all our team members have rich experience with two areas: development of mobile applications and security. We are primarily former employees of Avast, which needn’t be introduced, and Inmite, which developed applications for various bank institutions. We could see that the market lacks an easily tangible plan for certain areas of security, so we started to go that way.
How did you manage to win your first clients? After all, this area is too critical for banks to delegate it onto a very young company.
PD: We had a rather unfair advantage just because of our previous experience from Inmite. We had provided banks with applications including security solutions, so they knew me and believed I was able to create a solution. However, it naturally took some time to build a good reputation and be able to contact banks directly. Within the very first project of ours, we prepared a security solution proposal for Moneta Money Bank, and only then did we agree on the implementation.
How did you manage to address banks so successfully?
PD:We benefited from the fact that traditional producers of similar technologies are rather inflexible and very expensive companies. We basically offered the same competence and products of the same quality that were much cheaper and more tangible for the quickly developing digital world, where the banks were just trying to establish themselves. It was really hard, we had to make many adjustments and modifications and obtain many certificates, but we soon managed to get our first recommendations, and now we are able to contact banks quite easily and show them how our products work and fit their infrastructure.
Is it easy to build a team in this area in the Czech Republic thanks to the historically strong position of the country in cyber safety?
PD: It is true that it is a rather traditional Czech topic. It is never really easy to put together a good team, but as far as competencies are concerned, we are very close to it. If a Czech company has a chance of succeeding on a global level, chances are best in the field of cyber safety.
What makes security of mobile devices specific?
PD: A number of problems that had already been solved returned in a new form along with the boom of mobile devices, such as various types of malware. We can see a parallel to what was going on with classical computers about 20 years ago. From our point of view, specific features include a focus on the financial market, which is restricted by many regulations and cannot rely on community products that work for everyone.
What specifically makes the financial sector different?
PD: Losses caused by attacks are always financial. An attack on a Facebook account is unpleasant, but one can work with it and, Facebook doesn’t typically bear any responsibility, it doesn’t have to indemnify anyone. Banks have considerably higher requirements for security, like state authorities. Moreover, all solutions must be connected to other processes. When a client loses the mobile phone he uses to access Internet banking, it must be possible to call someone and block the access very quickly, renewing it later. But if you lose a Google authenticator, it will be very hard to call someone. Banks also have more complicated systems and infrastructure, so the solution must be flexible.
Disregarding business, what are the most usual safety threats as viewed by users of mobile devices?
PD: It is typically malware, primarily on Android devices, but not exclusively. A user downloads a harmful application, which carries out a phishing attack directly on his device at the right time. It displays a so-called system overlay that covers the legitimate bank application, requests access data from the user and takes his money. The problem is that some users modify their device in various manners or switch off some security functions. This is what we help our customers, primarily banks, identify and connect to their processes so that they can stop a payment made from a device that has been infected by malware.
So, to a certain extent, you protect the bank against its customers, too.
PD: We primarily protect the bank, and some users tend to make it complicated, but the result is positive for everyone. When the bank invests in security measures, it protects users, too, in the end, but they usually don’t know about it. They have protection without having to install it. The biggest damage always consists in loss of funds, and our system helps prevent this very well.
Where can you see opportunities besides banks?
PD: Wultra helps secure anything associated with finance and sensitive data. We outreach areas, such as e-gaming, where we cooperate with Sazka, for example, cryptocurrencies or e-government, which typically concerns various digital ID cards. We can see opportunities almost everywhere, but the principal segment for us is currently banking and fin-tech. We are still convinced that banks are a client that has not been fully served yet as far as robust security solutions are concerned. On the other hand, the fin-tech area is a very quickly growing category – these are companies that look like banks but they set their services up a bit differently. There are many more of them; they typically grow very fast and then come across the need to protect their assets and comply with regulations. Then they look for a partner who can help them solve this problem. Governments have also understood that people use their mobile phones for many different things. Mobile ID cards will certainly be an interesting product that we are able to provide.
You rely on a partly open-source solution. What are its advantages?
PD: Every organisation has a specific view of the open-source. Some like it because it provides a high level of transparency and allows making simple adjustments quickly. On the other hand, some organisations complain about a lack of support and the fact that there is actually no one particular behind many open-source projects. This does not apply to our product; we have a strong development team and conclude support contracts, too. This brings us many benefits and the result is a better product, because every programmer shows their work, which means also their reputation publicly. In addition, the customer can try out the software very easily without being bound by any obligations.
When did you decide to go for the investment?
PD: We can see a very strong trend of consolidation in the entire branch. Customers tend to connect banks, as do their suppliers, our competitors and partners. We needed to find a strong partner to help us grow in this consolidation stage and acquire a market share faster than in organic growth.
Why did you choose J&T Ventures?
PD: We found the discussion with J&T Ventures most reasonable in terms of how we think about things. It was a great match in a very natural way. Moreover, it is a strong brand and a strong partner generally; for our customers, this type of institutional investor is very prestigious. It is also a primarily financial investor with clear functioning and motivation who does not wish to interfere with corporate management and established policies too much.
How are you going to use the investment?
PD: We mostly need the money to build our team faster. Wultra had a very good financial position without the investment too, but even our profitability wouldn’t allow us to hire new people quickly enough to develop the product and the business activities that are necessary if we want to succeed globally.
Do your business activities include physical presence in new markets, too?
PD: Covid-19 has fundamentally changed the way our customers buy software. It is much easier to carry out a transaction fully in a remote manner, so we are going to manage everything centrally from the Czech Republic. The issue rather concerns a sufficient capacity of consultants who will be able to explain the benefits of our solution and visit clients where necessary. Although we concentrate especially on Central and South-Eastern Europe, thanks to globalisation accelerated by the Covid crisis, we have been successful in winning customers from virtually all over the world. We have business opportunities in France, Ghana, the United States, Latin America and Indonesia. These customers found us on their own, typically via our developer portal and open-source solution – it is really very easy to take the software and try it out. In addition, personal recommendations by our current customers have proved useful in various markets. When somebody changes an employer, they often bring something they have good experience with to the workplace. Actually, we are drawn by the market and have to set everything so that we can withstand it.