Recognised for redefining phishing protection

MetaCert won the global 2025 Sibos Banking Award for innovation in fraud prevention – proof that a new approach to security is finally here.

the first major upgrade to phishing protection in 20 years

Zero Trust for web links.​

At Sibos 2025, MetaCert was awarded Established Trendsetter in the global Perfect Pitch competition – the highest honour for innovation in banking and fintech.

Judges recognised MetaCert for bringing Zero Trust principles to web links, a breakthrough that finally protects every bank customer from phishing – the leading cause of online fraud, account takeovers and data breaches.

This wasn’t just an award. It was a signal that the world’s financial institutions are ready to adopt a new standard of digital trust.

About MetaCert and the Founder, Paul Walsh

MetaCert isn’t just another cybersecurity startup.

MetaCert is a Silicon Valley–based, venture-backed company built on two decades of work at the core of the internet. It specialises in stopping online impersonation by focusing on URLs, the number one tool used in phishing. MetaCert is an expert in URL classification and content labelling, with deep Irish roots as a spin-out of a telecom testing firm that was the first of its kind to join the GSMA.

Paul Walsh, MetaCert’s founder, co-founded the global standard for content labeling at the W3C – the very concept of describing and classifying user accounts and web pages. That early work laid the foundation for trust on the internet long before phishing became the dominant threat.

He was also one of the first high-profile individuals to be impersonated by hackers, an experience that shaped his understanding of how fragile trust could be online.

MetaCert also holds patents that remain licensed today by the world’s top security vendors. Even as the company has moved beyond traditional detection, those patents still underpin anti-phishing and anti-malware technology inside the mobile apps people use every day. The fact that competitors continue to license MetaCert’s IP speaks to the depth of its innovation and credibility in the industry.

Where others stopped at detection, MetaCert went further. The company pioneered the concept of Zero Trust for web links – the idea that every link should be treated as untrusted until explicitly verified as legitimate. This shift from reactive to preventative is the first real upgrade in internet security in more than twenty years.

Paul’s career has been defined by anticipating where trust breaks down online, and building the frameworks to restore it. MetaCert and Link Verifier represents the culmination of that work: extending Zero Trust to the last unprotected frontier of the internet, the link itself.

Frequently asked questions

What is MetaCert?

MetaCert is a cybersecurity company that protects people from phishing and online impersonation by applying a Zero Trust model to web links. It invented Zero Trust URL Authentication and developed new technologies that verify the legitimacy of links in real time before anyone clicks, taps, or shares them.

What problem is MetaCert solving?

Our purpose is to protect over 5 billion people through strategic partnerships with banks, financial institutions, payment providers, telecom operators, and tech companies.

Most people are told to “stay vigilant” and check links that look suspicious, but that advice isn’t an effective strategy, and it doesn’t really work. In reality, phishing links, websites, apps, and services can look identical to legitimate ones, and criminals know exactly how to time them for maximum impact. MetaCert solves this by giving people a way to verify the safety of links without guessing.

How does MetaCert make money?

MetaCert earns revenue through a combination of monthly service fees and enterprise integrations. Individuals and teams pay a subscription for browser and mobile protection, while larger organisations pay API and licensing fees to embed our technology inside their own apps, services, or infrastructure. This includes banks, telecoms, payment platforms, and security vendors that want to offer real-time link verification without building it themselves. Our model is designed to scale efficiently while aligning with the priorities of each partner.

Who founded MetaCert?

MetaCert was founded by Irish entrepreneur Paul Walsh, a telecom veteran and internet security expert. In the 1990s, while leading emerging technology at AOL, Paul became one of the first people ever impersonated online - around the same time phishing was discovered on the web. He later led mobile testing at major European operators and co-authored the W3C standard for URL classification. After watching the same security failures repeat for over two decades, Paul invented Zero Trust URL Authentication - a preventative model that verifies web links before trust is triggered. His mission is to fix phishing at its root by eliminating the need to guess which links are safe. Most leading security vendors license Paul's patents for mobile app security.

Who are MetaCert’s competitors?

Every security company focused on mobile protection could be seen as a competitor, but also a potential partner. Most still rely on outdated threat detection models, and none offer the level of phishing protection MetaCert delivers through Zero Trust for web links. Our API makes it easy for these vendors to upgrade their own products with the same model we invented - helping them move from reactive defence to proactive verification.

In SMS security, we don’t have direct competitors. No other cybersecurity company offers telcos a viable solution for protecting messages at the network level. We believe that’s because SMS exposes how flawed traditional threat-based systems really are. MetaCert is the first to solve it, making us not just a leader in this space, but the one defining it.

How can I partner with MetaCert?

We partner with organisations that want to offer real-time phishing protection across their mobile apps, services, or networks. Our technology is easy to integrate through a lightweight API, and we support flexible models for distribution, co-branding, or direct deployment.

Whether you’re a security vendor, telecom operator, bank, payment provider, or tech company, we can help you adopt Zero Trust protection for web links and deliver visible security to your customers.

To explore a partnership, email us at hello@metacert.com.

What makes MetaCert different?

Traditional security companies rely on detecting known threats using databases, AI, and machine learning. These systems assume a link is safe until proven dangerous, which creates a gap that criminals exploit. MetaCert flips this model by applying Zero Trust to web links. Every link is treated as untrusted until it’s explicitly verified as legitimate. This prevents phishing before harm can happen, using real-time authentication rather than delayed detection. It’s a fundamental shift in how trust is established online.

Why hasn’t this been done before?

The gold standard in cybersecurity is Zero Trust and MetaCert just happens to be the first to apply that principle to web links so the world can finally stop being attacked by online impersonations. The security industry was built around threat detection because that’s what it knows. For over 20 years, business models, infrastructure, and incentives have been shaped around scanning for danger instead of checking for legitimacy. But phishing doesn’t need to look dangerous to succeed. It just needs to look familiar. MetaCert saw the flaw in that model and rebuilt from first principles, treating every link as untrusted until verified and inventing the infrastructure to do it at scale.

The industry will follow. Our goal is to help accelerate that shift by providing an API service that makes it easy for any security vendor to adopt Zero Trust for web links inside their own products and services in the same way they already ingest threat feeds from companies like MetaCert.

Who are MetaCert’s investors?

MetaCert is backed by Moneta Ventures, a Sacramento-based VC firm, along with three angel networks based in Silicon Valley and Nevada. Our investors also include notable entrepreneurs and angel investors who founded companies like Travelocity, Kayak, Qik (acquired by Microsoft), PayByPhone (acquired by Volkswagen), and Appthority (acquired by Symantec).

When was MetaCert founded?

MetaCert was founded in 2011 with a mission to rethink internet security for the protection of kids. It began as a company focused on URL classification and content labelling, and over time evolved into the inventor of Zero Trust URL Authentication - a preventative model now protecting people from phishing at internet scale.

Where was MetaCert founded?

MetaCert was founded in San Francisco, with a distributed team almost from day one. In fact, in 2017, the company was featured on the front cover of the San Francisco Chronicle’s business section for pioneering a distributed team model managed from Silicon Valley.

Where is MetaCert based today?

MetaCert operates as a remote-first company with team members mostly across Ireland, the UK, Australia, Canada, Ukraine, the US. While the company was founded in San Francisco, it no longer maintains a physical headquarters. This distributed structure allows MetaCert to work closely with global partners in telecoms, banking, and cybersecurity.

Can’t find an answer? Email us