XTB has launched a new in-app caller verification feature designed to help protect its retail trading clients from voice-phishing scams. The Warsaw-listed broker rolled out the tool on Tuesday, enabling customers to confirm in real time whether an inbound call is genuinely being made by an XTB representative.
The feature allows users of the XTB app to trigger a push notification during an incoming call. By approving the notification, clients can verify the caller's identity and, at the same time, bypass standard security questions that are typically required during support interactions.
The rollout comes amid a broader rise in vishing activity and repeated warnings from regulators about clone firms using XTB branding. The UK's Financial Conduct Authority has cautioned investors about entities trading under names such as "XTB Trading World," "XTB Online" and a clone site at xtbtrading.org, all of which have been used to solicit UK residents while mimicking XTB's identity.
XTB cited CrowdStrike's 2025 Global Threat Report, which found that vishing attacks increased by 442% between the first and second halves of 2024. Chief Executive Omar Arnaout said the safety of clients' accounts is the company's top priority and called on financial institutions to "lead with innovation and responsibility" as cyber threats evolve. He added that he wants every client to feel "fully confident" during each interaction with the XTB team.
Security measures and industry context
The caller verification feature follows an earlier security update in March, when XTB added a kill switch to its investment app. These measures form part of the company's response to an alleged hack that resulted in a loss of $38,000 for a Polish client and prompted an overhaul of its security policies.
Brand impersonation and phishing have become widespread issues across the brokerage sector. Tallinn-based broker Admirals saw its branding copied by a fake crypto-trading site called AdmiralsFX, while Cyprus-headquartered Exante was cloned in a US scam in 2025 that involved fraudsters opening a real JPMorgan Chase account to collect victim deposits.
Push-based authentication has already gained traction in retail banking, with institutions such as PNC, U.S. Bank and multiple European lenders deploying similar approval flows for logins and card transactions. Adoption among CFD brokers has lagged, however. In Hong Kong, the Securities and Futures Commission has spent the past year urging brokers to implement SMS verification and has banned broker text links following a series of phishing attacks targeting retail traders.
Growth and product roadmap
The introduction of the caller verification tool coincides with one of the most expansive periods in XTB's 22-year history. The broker added 864,286 new clients in 2025, a 73% year-on-year increase that lifted its total client base above 2.16 million. Management has guided for at least one million new accounts in 2026.
The verification feature is part of a broader product roadmap that includes margin trading, 24/5 trading hours, options and cryptocurrency. XTB is positioning this expanded offering to compete for European retail accounts against platforms such as Robinhood, Interactive Brokers and Trade Republic.
