Open Banking is experiencing remarkable development in many countries. To ensure that open banking operates effectively and securely, it is particularly important to establish and adhere to a system of technical standards.
With their expertise, Savyint and partner Kryptus have collaborated to develop a specific security standard system for each component in open banking.
The API Gateway plays a crucial role in securing APIs by providing authentication, authorization, access control, and traffic limiting mechanisms. For the API Gateway, we ensure compliance with European and global regulations such as PSD2, FAPI, CIBA, OIDC/OAuth2, and API Secure.
Meanwhile, Consent Management utilizes the Strong Customer Authentication (SCA) method as stipulated in PSD2, as well as security standards for key storage on HSM devices that meet FIPS 140-2 Level 3 or higher. The data exchange flows, data signing in transaction flows, or user data sharing are encrypted with the highest security level, ensuring integrity and safe authentication with JWS (JSON Web Signature) and JWT (JSON Web Token). End-to-end data encryption is also strictly adhered to with JWE (JSON Web Encryption) and RSA-PSS (Probabilistic Signature Scheme).
In Vietnam, with the specific regulations for implementing open banking officially in effect, the standards set by Savyint and Kryptus fully comply with the regulations on Open API, API Security (according to Appendices 1 and 2 of Circular No. 64/2024/TT-NHNN), as well as regulations on transaction encryption, digital signing, and user authentication (according to Circular No. 50/2024/TT-NHNN). This is a promising market for the development of open banking in the near future.
“We are proud to contribute our expertise in building a secure and regulation-aligned open banking ecosystem in collaboration with Savyint,” said Thierry Martin, Kryptus Managing Partner. “Kryptus has already achieved the Common Criteria EAL4+ certification for HSM, strengthening our compliance across various global environments, as the fintech and banking sectors require enhanced key protection. Our joint solutions not only fully comply with European and international standards such as PSD2 and FAPI, but also with Vietnam’s specific regulatory frameworks, including Circulars 64/2024 and 50/2024. This partnership reflects our long-term commitment to helping financial institutions meet compliance obligations while accelerating digital transformation. We believe this collaboration will pave the way for broader regional adoption and global expansion of secure open banking models.”
The swift, solid and well-directed steps taken by the two companies in providing a secure and safe open banking solution will be an advantage for Savyint and Kryptus to conquer markets in the region and globally.
About Savyint
SAVYINT is an IT security company in Sydney, Australia, with an R&D Center in Hanoi and international offices in Singapore, Dubai, Ho Chi Minh City (Vietnam), and Sofia (Bulgaria). With over 20 years of experience, we consistently rank among the leading global information technology enterprises, providing software platforms, system solutions, and services for digital transformation. Our expertise spans Open Banking solutions, information security, and FinTech, particularly in the Finance – Banking & FSI, Government, Manufacturing, Telecommunications, Healthcare, Education, and Media sectors.
About Kryptus
Kryptus is a Swiss and Brazilian multinational company specializing in cybersecurity and cryptography solutions. Since 2003 it has been delivering highly customizable, reliable and secure encryption and cybersecurity solutions. For over twenty years, we have served public and private sector clients in Latin America, Europe, the Middle East and Africa for critical applications, with the best level of products and services for mission-critical applications.
