Meet Leading Experts at the Workshop “Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN”
With the goal of helping banks and financial institutions shape effective, secure, and sustainable Open Banking strategies, the workshop brings together leading experts in Information Technology, Security & Legal Compliance, and Banking–Finance. As Vietnam’s financial and banking sector enters a period of strong transformation, implementing Open Banking in alignment with the directions of Circulars 64 & 50/2024/TT-NHNN has become a key mission to ensure safety, compliance, and innovation. The workshop “Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN ” gathers top technology, legal, and data security experts from Savyint Group, the Vietnam Institute of Innovation & Digital Transformation (VIDTI), and IBM Vietnam. Combining strategic perspectives with practical experience, the speakers will share critical solutions that help banks meet new regulatory requirements, protect user data, and build Digital Trust in the era of open finance. Let’s explore the experts who will be joining this event with Savyint. Mr. Hoang Nguyen Van, Vice President, Vietnam Institute of Innovation & Digital Transformation (VIDTI) With many years of experience in digital transformation and policy development, and as a Senior Expert and Technical Standards & Compliance Director of the Open Banking Exchange, Mr. Hoang Nguyen Van will deliver comprehensive insights on security, strong customer authentication (SCA/MFA), and the regulatory framework for implementing Circulars 64 & 50/2024/TT-NHNN. He will also present end-to-end solutions enabling banks to simultaneously achieve innovation and compliance. Mr. Ngo Thanh Hien, Chief Technology Officer, IBM Vietnam As a leading technology expert in cloud security infrastructure, Mr. Ngo Thanh Hien will discuss the role of APIs, building the API economy, and how banks can leverage open platforms to innovate products, optimize operations, and expand collaboration with third-party providers. Mr. Brad Palmer, Chief Executive Officer & Vice President, Savyint Group With extensive experience in identity management, strong authentication (MFA/SCA), and data security, Mr. Brad Palmer will present approaches to ensuring safety and compliance in the Open Banking model—supporting banks in meeting regulatory standards under Circulars 64 & 50/2024/TT-NHNN. Mr. Nguyen Manh Linh – Data Security Expert, IBM Vietnam Mr. Nguyen Manh Linh will share in-depth insights into data protection strategies, encryption, and security risk prevention in the context of rapid advancements in AI and quantum computing—opening new pathways for banks to safeguard digital assets and customer trust. With the participation of leading experts from the State Bank of Vietnam, VIDTI, and global technology enterprises such as Savyint Group and IBM Vietnam, the workshop promises to deliver multidimensional, insightful, and practical perspectives on the journey of implementing Open Banking in Vietnam. This will be a valuable opportunity for banks, financial institutions, and technology partners to discuss, connect, and shape the future of Vietnam’s digital finance landscape. Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN Time: 8:30 – 12:00, November 21, 2025Venue: Hotel du Parc Hanoi, 84 Tran Nhan Tong street, Hai Ba Trung ward, HanoiRegistration link: https://forms.office.com/e/TZvYePQqCB Event Details: https://savyint.com/implementing-safe-reliable-open-banking-and-complying-with-circular-64-50-2024-tt-nhnn/
Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN
Open Banking is not only a global trend but also one of the key pillars in the digital transformation strategy of Vietnam’s financial and banking sector. Expanding connectivity and data sharing between banks and third-party providers (TPPs) opens up opportunities for service innovation and customer-centric financial ecosystems. Alongside these opportunities come significant challenges related to regulatory compliance, data protection, and strong customer authentication (SCA/MFA), as stipulated in Circulars No. 64 and 50/2024/TT-NHNN issued by the State Bank of Vietnam (SBV). To provide a comprehensive perspective from policy to technology to implementation, Savyint Group, in collaboration with the Vietnam Institute for Innovation and Digital Transformation (VIDTI), IBM Vietnam, and Techdata, will host the workshop: “Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN” The event will take place on Friday, November 21, 2025, from 08:30 to 12:00 at Hotel du Parc Hanoi, and will also be livestreamed via Zoom Webinar, enabling individuals and organizations interested in banking technology and digital transformation to join remotely. The workshop will bring together representatives from Savyint Group, along with experts from the Information Technology Department of the State Bank of Vietnam, the Vietnam Institute for Innovation and Digital Transformation (VIDTI), and IBM Vietnam, to share key insights on the following topics: This workshop offers a valuable opportunity for banks, financial institutions, and technology partners to gain a deeper understanding of the regulatory frameworks, technical standards, and modern security solutions required to successfully implement Open Banking in Vietnam. With the participation of leading organizations in digital transformation, information security, and financial technology, the event promises to deliver practical insights, international best practices, and strategic directions to help Vietnam build a secure, transparent, and trusted open financial ecosystem. 👉 Register now to join the workshop: https://forms.office.com/e/TZvYePQqCB
Savyint Proudly Sponsors World Financial Innovation Series (WFIS) 2025 Philippines as Bronze Sponsor
Savyint is honored to be a Bronze Sponsor of the World Financial Innovation Series (WFIS) 2025 Philippines, the premier fintech event in the ASEAN region, organized by Tradepass. The event will bring together over 600 leaders and experts from the finance, banking, and insurance sectors, representing more than 200 organizations across the region. The Philippines is at the forefront of the digital financial transformation, with the online lending market projected to reach USD 1.68 billion by 2027 and over 65 million e-wallet users expected by 2025. Additionally, electronic payments account for 52.8% of total retail transactions, reflecting the widespread adoption of digital technologies in financial services. This surge is driven by three key factors: supportive government policies, the rapid rise of fintech, and the growing demand for a comprehensive financial ecosystem. Initiatives led by the Bangko Sentral ng Pilipinas (BSP), such as the Open Finance pilot program and Project Nexus for enhanced cross-border payments, underscore the country’s commitment to fostering financial inclusion and sustainable development. Against this backdrop, WFIS 2025 Philippines, hosted by Tradepass, serves as a pivotal platform, uniting over 600 industry leaders and experts from 200 organizations. Under the theme “Bridging Financial Gaps for a Digitally Smart Philippines,” WFIS 2025 is more than an event—it is a hub for strategic collaboration and discussions on critical topics such as Open Finance, Central Bank Digital Currency (CBDC), and the application of AI and blockchain in financial services. With over 300 active fintech companies and online payments comprising 52.8% of retail transactions, WFIS 2025 is the ideal stage to shape the future of fintech in the Philippines and drive financial innovation. Over the course of two days, WFIS 2025 Philippines will feature a robust lineup of activities, including: As a Bronze Sponsor, Savyint is represented at the event by Mr. Steve Hoang, Chief Technology Officer, and Mr. Brad Palmer, Chief Operating Officer and Executive Vice President. Savyint’s leadership will engage with top regional executives, investors, and strategic partners, sharing insights on secure digital transformation, electronic identity, and building digital trust within the financial ecosystem. Mr. Brad Palmer stated: “WFIS 2025 is a vital platform for Savyint to connect with strategic partners in the region while reaffirming our long-term commitment to delivering advanced security, identity, and digital finance solutions. This event provides an opportunity to showcase our latest technologies, engage with banking and fintech leaders, and contribute to the secure and sustainable growth of the Philippines’ and ASEAN’s financial ecosystems.” With over 20 years of expertise in developing encryption, identity, and authentication solutions, Savyint offers the market’s most comprehensive authentication platforms, fully compliant with BSP Circular No. 1213. The company is dedicated to supporting the Philippines’ financial sector by implementing modern security standards, combating fraud, and fostering digital trust. Images from the event:
SAM Auth Server – Next-Gen Digital Identity & Authentication Compliant with Philippines BSP Circular No. 1213
The Philippines BSP Circular No. 1213 introduces specific changes that will reshape authentication policies across financial institutions in the Philippines, with a one-year compliance window starting June 2025. The pressing question now is how to adapt effectively Bangko Sentral ng Pilipinas (BSP) Circular No. 1213, issued in June 2025, is a regulation mandating stricter, phishing-resistant, device-bound authentication for financial institutions in the Philippines to combat digital fraud. The circular aims to enhance security in digital customer onboarding, transactions, and session management by replacing insecure methods like SMS/email OTPs with stronger tools such as passkeys and biometrics. The requirements apply to all BSP-supervised financial entities, including banks, fintech companies, payment providers, and lending firms, and cover critical areas such as: Financial institutions have one year from June 2025 to fully comply with all the requirements of this Circular. 1. Specific regulations BSP Circular No. 1213 highlights the growing security risks of traditional OTP methods – particularly those delivered via SMS or email—and advises against their use. This stance reflects global recognition that such channels are highly vulnerable to phishing, SIM swap attacks, and other forms of social engineering. Biometric authentication, Behavioral biometrics, Passwordless authentication (biometrics, hardware tokens and cryptographic keys, FIDO), Adaptive authentication, considered perfectly aligned with BSP Circular No. 1213 because they directly address the circular’s core security objectives: preventing phishing, eliminating interceptable authentication, and binding user access to a secure device. Fundamentally, the provisions of BSP Circular No. 1213 adopt a similar approach to those of other countries around the world, as cyberattacks are a global issue. 2. Comprehensive Compliance Solution – SAM Auth Server With over 20 years of experience in developing encryption, identity, and authentication solutions, Savyint offers one of the most comprehensive authentication platforms, fully meeting and even exceeding the requirements of BSP Circular No. 1213. SAM Auth Server is an all-in-one strong authentication solution that enables system authentication, data encryption, transaction encryption, multi-layer authentication, multi-level security, and integration with hardware security devices as well as software functional modules, ensuring maximum safety for electronic transactions. 2.1 Key features of the solution Transaction Authentication Features Access Control Token Types Data Encryption – Transaction Encryption Encrypt data and transactions, ensuring that all information cannot be stolen or tampered with during initiation, storage, and transmission. Integration with AML monitoring systems and Fraud Management Systems (FMS) 2.2 Full compliance with international standards With a flexible design and high scalability, SAM Auth Server can be easily deployed across various system models (on-premise, cloud), supports multiple platforms, and delivers the most advanced authentication methods available today. Contact us now for a consultation HERE!
Philippines BSP Circular No. 1213 and Compliance Solutions for Financial Institutions
In June 2025, BSP Circular No. 1213 was issued as a regulatory instrument amending the IT Risk Management Regulations to implement Section 6 of the Anti-Financial Account Scamming Act (AFASA) in the Philippines. This Circular provides a detailed set of mandatory compliance actions for financial institutions to safeguard users’ financial transactions and accounts. The Philippines government has demonstrated that it is taking bold action to ensure the safety and protection of online financial transactions. Cybercrime in the Philippines is rising at a staggering rate. Cybercrime complaints surged by 71.9% in the first quarter of 2025 compared with the same period the previous year, increasing from 1,891 to 3,251 cases, according to the Cybercrime Investigation and Coordinating Center (CICC). This sharp rise underscores how cybercriminals are evolving faster than conventional security models can keep pace with. Financial institutions are a popular target. According to the Bangko Sentral ng Pilipinas (BSP), supervised institutions reported losses of P5.82 billion due to cyber incidents in 2024, up from P5.67 billion in 2023. Most of these were due to phishing, card-not-present fraud, and ATOs. In addition to financial repercussions, these cyber incidents also undermine consumer trust and confidence in digital systems. 1. About the Anti-Financial Account Scamming Act (AFASA) Before delving into the specifics of BSP Circular No. 1213, issued in June 2025, it’s important to first understand the broader regulatory framework it falls under — the Anti-Financial Account Scamming Act (AFASA). The AFASA is a landmark Philippine law passed July 20, 2024, aims to prevent the misuse of financial accounts in fraud and scams like phishing and vishing. It also defines and penalizes social engineering schemes, money muling activities, and related offenses. These include those committed using advances in technology, which were previously not covered by existing cybercrime laws in the Philippines. The BSP has issued three circulars to implement AFASA: BSP Cir. No. 1213, series of 2025: https://www.bsp.gov.ph/Regulations/Issuances/2025/1213.pdf BSP Cir. No. 1214, series of 2025: https://www.bsp.gov.ph/Regulations/Issuances/2025/1214.pdf BSP Cir. No. 1215, series of 2025: https://www.bsp.gov.ph/Regulations/Issuances/2025/1215.pdf 2. About the Bangko Sentral ng Pilipinas (BSP) Circular No. 1213 Bangko Sentral ng Pilipinas (BSP) Circular No. 1213, issued in June 2025, is a regulation mandating stricter, phishing-resistant, device-bound authentication for financial institutions in the Philippines to combat digital fraud. The circular aims to enhance security in digital customer onboarding, transactions, and session management. We can further explore the specific changes introduced by the new Circular and examine how these changes will affect the authentication policies of financial institutions in the Philippines. a. Broader Scope: The requirements apply to all BSP-supervised financial entities, including banks, fintech companies, payment providers, and lending firms. b. Focus Areas: The enhanced authentication requirements cover critical areas such as: 3. Limitation on the use of interceptable authentication mechanism Limitation on the use of interceptable authentication mechanism (e.g. One-Time Pins [OTPs] via SMS and email). With the increasing prevalence of social engineering attacks aimed at obtaining login credentials, BSFIs should limit the use of authentication mechanisms that can be shared to, or intercepted by, third parties unrelated to the transaction. The Philippines is one of many countries, such as the United Arab Emirates and Singapore, that are making the move to retire SMS and email OTPs and adopt more secure forms of authentication. Fundamentally, the provisions of BSP Circular No. 1213 adopt a similar approach to those of other countries around the world, as cyberattacks are a global issue. To gain a broader perspective, let’s compare BSP Circular No. 1213 with regulatory frameworks from a few other jurisdictions. 5.1 PSD3/PSR (EU, proposed 2023–2025) Aspect BSP Circular No. 1213 (Philippines, 2025) PSD3/PSR (EU, proposed 2023–2025) Objectives / new focus Strengthen technology security, combat digital account scamming; require BSFIs to implement Fraud Management System (FMS), strong authentication, and account protection. Upgrade of PSD2: enhance security, expand user rights, impose PSP liability for impersonation fraud, improve SCA, refunds, and fraud data sharing. Fraud requirements / fraud detection Mandatory implementation of real-time FMS: velocity checks, blacklists, geo-location, bot, and anomaly detection. Proposed transaction monitoring before execution (pre-execution monitoring), push for real-time anti-fraud. Authentication & SCA Move away from SMS/email OTP, require phishing-resistant MFA (passkeys, FIDO2). Tighten & expand SCA: clarify mandatory cases, support new methods (biometric, device binding). Liability & compensation Mainly technical requirements; no clear rules on liability/compensation for customers in case of fraud. Introduces liability shift: PSPs must refund when customers suffer impersonation fraud (except in cases of gross negligence). Data sharing & cooperation No emphasis on fraud data sharing among institutions. Opens path for PSPs to share fraud intelligence within GDPR framework. Account & device protection 24h pause after account info changes, kill switch, restrictions on root/jailbreak, monitoring device/geo anomalies. Adds confirmation of payee, protection against impersonation, clearer liability rules. Timeline & entry into force Effective June 2025, BSFIs have 1 year to comply. Still in proposal stage, expected adoption 2025–2026 after EU approval. Limitations / unclear points Focused on large BSFIs, not yet extended to smaller fintechs; lacks clear compensation mechanism; weak on data sharing. Details still evolving due to EU legislative process; challenges in defining impersonation and compliance costs for smaller PSPs. 5.2 Aspect BSP Circular No. 1213 (Philippines, 2025) Circular 50/2024/TT-NHNN (Vietnam) Basis & objectives Adds IT Risk Management requirements under Section 6 AFASA (RA 12010) to combat scamming/digital account attacks. Regulations on safety and security for online services, replacing Circulars 35/2016 + 2018; aligned with the Law on Cyberinformation Security & E-Transactions Law. Scope of application All BSP-supervised financial entities, including banks, fintech companies, payment providers, and lending firms Credit institutions, foreign bank branches, payment intermediaries, credit information companies providing online services. Fraud / FMS / Fraud detection Requires high-transaction BSFIs to implement real-time Fraud Management System: velocity checks, blacklist, geo, device, bot, anomaly detection. No requirement for real-time FMS; focus on IT security, encryption, access control, periodic testing. Authentication & transaction protection Push for stronger authentication, reducing SMS/email OTP; encourage passkeys, FIDO, phishing-resistant MFA. Requires electronic transaction confirmation via PIN, OTP, or secret key; mandatory re-authentication when identity information
Savyint Partners with WFIS 2025 Philippines
Held in the Philippines, the World Financial Innovation Series (WFIS) 2025 Philippines is one of ASEAN’s leading finance and technology events, attracting more than 600 experts and organizations from the banking, insurance, and financial sectors. Savyint is proud to join this year’s edition as a Bronze Sponsor. With the theme “Bridging Financial Gaps for a Digitally Smart Philippines”, WFIS 2025 is set to bring together over 600 senior leaders and financial experts from more than 200 organizations across the region. The event will highlight today’s most pressing technology topics—including the future of Fintech, AI, Blockchain, and Automation in Finance – making it a premier platform that connects financial service providers, technology innovators, and business leaders. WFIS 2025 promises to drive forward groundbreaking initiatives, showcase pioneering solutions, and foster comprehensive strategic partnerships. As a Bronze Sponsor, Savyint is honored to stand alongside WFIS 2025, advancing our global strategy while showcasing our core values in security, digitalization, and safe financial transformation to the financial community in the Philippines and ASEAN. Savyint believes that WFIS 2025 will unlock outstanding opportunities for collaboration, fueling digital transformation not only in the Philippines but also across the globe. Join us on this journey at WFIS 2025 Philippines: https://www.philippines.worldfis.com/
Can Central Bank Digital Currency Work Offline?
A Central Bank Digital Currency (CBDC) is being envisioned to replace a major percentage of cash transactions across the world. China, for example, is very close to being a cashless society1. As a result, banks are shutting down their branches and discouraging cash deposits and withdrawals in China, to encourage the use of the Chinese Digital Yuan. As and when the CBDCs across the countries launch and start replacing cash transactions, the dependency of a country’s trade and economy shall increase on retail CBDC transactions, and in such a case, a power outage or loss of contact with the ledger, can bring the economy to a still. Therefore, as a backup, CBDCs should also have the capability to transact offline. This functionality shall make Retail CBDC transactions similar to cash transactions. Problem Statement – What is Exactly an Offline Retail CBDC Payment? A transaction is defined as an offline transfer if: An offline CBDC ecosystem consists of a Central Authority, a bank, a merchant, and a spender. The model proposed by VISA3, works on a Two-Tier Hierarchical Model where the Central Bank, authorizes a bank or a financial institution to provide a cryptographic key to the digital wallets held by the payee and payor. These digital wallets hold balance that is either transferred from the bank account or Central Bank directly. Accessing a digital wallet and moving money from one digital wallet to another requires an individual to be present online. However, to move money offline, in the absence of an intermediary bank, and during a temporary network outage, an Offline Payment System (OPS) is required. To put it in simpler terms, Individual A holding Digital Wallet A should be able to transfer money to Individual B holding Digital Wallet A/B (Where A and B are different Digital Wallet Providers), without having to involve Bank or Digital Wallet provider, when the network is temporarily not available. Before understanding the offline retail CBDC transfer, it is important to understand how retail CBDC works. Offline CBDC transfer works best with Token Based Retail CBDC transfer, where the actual movement of tokens takes place from the spender/payor to merchant/payee. How Does Offline CBDC Transfer Work? The smartphone and tablet’s secure hardware has the capability to store authentication keys and is next to impossible to tamper with the information saved in it. It can only be accessed using strong authentication techniques like biometrics. Therefore VISA in its study4, recommends the use of Mobile/Tablet’s hardware as a store for CBDC funds, offline. Further, as per IMF5 Giesecke+Devrient is working on storing offline CBDC in an offline smart card. Steps Involved in Offline CBDC Transfer Initialization The first step to facilitate an Offline CBDC transfer is to register and get an authentication key for the digital wallet, smartphone/tablet’s secured hardware, or smart card. The user shall need to share his/her documents for KYC with the financial institution authorized by the Central bank to issue the authentication certificate key for the digital wallet, smartphone/tablet’s secured hardware, or smart card. These, thereafter become, trusted entities and can participate in the offline CBDC transfer. This is a one-time process. Withdrawal The user then needs to transfer the retail CBDCs from his/her digital wallet to a smartphone/tablet’s secured hardware, or smart card. This means, that the user is transferring retail CBDC from his online digital wallet balance to the smartphone/tablet’s secured hardware, or smart card’s offline CBDC balance. Payment When the user goes to a merchant to purchase, the merchant using the Mobile app or POS creates a payment request for the user. Since the network is not available, the payment request generated by the merchant, using Near Field Communication (NFC) or with the help of POS, presents the payment amount and merchant’s certificate to the user’s smart card or smartphone/tablet’s secured hardware. The Offline Payment System Protocol (built-in smart card and smartphone/tablet’s secured hardware), checks the user’s offline CBDC balance and thereby deducts it and creates a Payment Message for the merchant which contains: On presenting the Payment Message to the merchant’s mobile application or POS, the validity of the user’s certificate, CBDC coin unique identification number, the unique transaction number, and payment amount are validated. If all checks are successful and authenticated, the Payment Message is stored in the merchant’s smartphone/tablet’s secured hardware, or offline smart card. Deposit After the Payment Message is stored in the merchant’s smartphone/tablet’s secured hardware, or offline smart card, he/she can thereafter transfer it to their digital wallet, when the network is resumed. While initiating the transfer, the digital wallet shall check if the payment message is new and was not previously encashed. On successful verification, the amount gets transferred to the merchant’s digital wallet and starts reflecting as an online CBDC balance. In case, if the network outage is for a longer duration, and the merchant, has huge offline Payment Messages stored with him, he/she can use already stored Payment Messages to make offline payments for his purchases. This shall act as an incentive for the merchant to remain cashless even during a network outage What are the Challenges of Offline CBDC Payment in Absence of a Network? Double Spend In the absence of a network, while doing an offline retail CBDC transfer, the transactions rely on the transfer of messages. If a single retail CBDC coin, is mischievously used simultaneously for 2 transactions for two different merchants, it is referred to as a ‘double spend’. The problem with ‘double spend’ is that when the network resumes, and the merchant tries to settle the offline retail CBDC coin, it makes the CBDC coin unavailable for the second merchant as it is already settled by the 1st merchant and hence fails the purpose of the offline payment. How to tackle the problem? When the merchant sends a payment request to the payor, on successful verification, the offline CBDC balance is deducted from the payor’s smart card or smartphone/tablet’s secured hardware, and a log is created with the CBDC coin’s unique identification number
Embracing the Quantum era with Post-Quantum Cryptography (PQC)
In the near future, quantum computers are expected to become powerful enough to break traditional asymmetric cryptographic algorithms—the backbone of data security for messages, documents, and online transactions. Post-Quantum Cryptography (PQC) is being developed to counter this immense computational power. Post-Quantum Cryptography (PQC), also referred to as Quantum Safe Cryptography (QSC), encompasses encryption algorithms designed to withstand attacks from quantum computers. What is Quantum Computing? Quantum computing leverages principles of quantum physics to solve mathematical problems exponentially faster than classical computers. Tasks that would take today’s most powerful supercomputers years to complete could be reduced to mere days by quantum computers. This unprecedented computational power heralds a new era for applications like artificial intelligence. However, alongside its benefits, quantum computing poses significant security threats. Why Are Quantum Computers a Security Threat? Once sufficiently advanced quantum computers emerge, traditional asymmetric cryptographic algorithms will become vulnerable. For instance, widely used algorithms like RSA and ECC, which rely on mathematically complex problems such as integer factorization and discrete logarithms, are employed globally to secure bank accounts, medical records, and other critical data. However, quantum algorithms like Shor’s algorithm could easily break RSA and ECC. Governments and global tech corporations have acknowledged this threat, issuing warnings to protect critical infrastructure against potential quantum attacks. The U.S. National Security Memorandum of May 2022 states: “A sufficiently large and sophisticated quantum computer capable of breaking cryptography (CRQC) could compromise most public-key cryptographic algorithms used in digital systems across the U.S. and worldwide. A CRQC could endanger civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most internet-based financial transactions.” What is Post-Quantum Cryptography (PQC)? To counter quantum attacks, global research efforts are underway to develop stronger algorithms to replace RSA and ECC, capable of resisting attacks from both classical and quantum computers. These algorithms are collectively known as Post-Quantum Cryptography (PQC). Why Act Now? While quantum computers capable of such feats may not yet exist, data collection is already occurring. Sensitive or private data, valuable for years or even decades, is at risk. Hackers may be storing encrypted data now, waiting for future quantum computers to decrypt it—a strategy termed “harvest now, decrypt later.” Additionally, devices like chips have long development cycles, requiring years of security testing and certification before deployment in existing infrastructure. Therefore, transitioning to PQC sooner rather than later is highly advantageous. Global Progress in PQC Development The most significant PQC research is led by the U.S. National Institute of Standards and Technology (NIST). NIST launched a global competition, inviting researchers worldwide to propose, evaluate, and validate new algorithms for resilience. On July 5, 2022, NIST announced the first set of standardized algorithms, including: Key encapsulation mechanism (KEM) CRYSTALS-Kyber and Digital signature algorithms such as CRYSTALS-Dilithium, FALCON, SPHINCS+. In 2022, the U.S. National Security Agency (NSA) released an updated Commercial National Security Algorithm Suite (CNSA 2.0), mandating that national security systems (NSS) fully transition to PQC algorithms by 2033, with some cases required as early as 2030. CNSA 2.0 specifies CRYSTALS-Kyber and CRYSTALS-Dilithium as key quantum-resistant algorithms, alongside hash-based signature algorithms like XMSS (Extended Merkle Signature Scheme) and LMS (Leighton-Micali Signatures). By August 2024, NIST published its first three standardized PQC algorithms to ensure proper implementation: NIST also outlined a roadmap to phase out classical cryptographic algorithms like RSA-2048 and ECC-256 starting in 2030, with complete discontinuation by 2035. How should businesses prepare for the quantum era? To be ready for the transition to post-quantum cryptographic algorithms, the first step for businesses is to review their entire systems and technology infrastructure to identify where RSA and ECC algorithms are currently being used. Next, they should assess the potential impact on speed and performance when switching to more secure Post-Quantum Cryptography (PQC) algorithms. Based on this assessment, businesses can then develop a step-by-step transition plan, while engaging with customers and partners to align on the migration approach and begin the transition. Savyint PQC Lab: Vietnam’s First Post Quantum Crytography Platform for Digital Signatures, PKI, and Data Encryption As an international technology group with extensive expertise in PKI, Cryptography, Blockchain, Electronic Identification, Authentication, and Open Banking/Finance, Savyint proudly introduces the Savyint PQC Lab – Vietnam’s first post-quantum cryptography platform tailored for digital signatures, PKI, blockchain, and cryptographic solutions. This testing platform enables organizations to explore NIST-approved PQC algorithms, assess compatibility, performance, and impact without disrupting existing infrastructure. This is critical for financial institutions and fintech organizations aiming to comply with international standards such as FIDO2, PSD2, eIDAS, and PCI DSS. Key features of Savyint PQC Lab: Connect with Savyint’s experts today to lead the way into the post-quantum era!
Savyint Officially Launches Open Banking Tech Stack, Driving Open and Inclusive Finance Ecosystems
Savyint has officially announced the launch of its Open Banking Tech Stack, marking a significant milestone in the journey of building an open and inclusive financial ecosystem in Vietnam and across the region. As the global financial industry undergoes a strong transformation towards open finance models, implementing open banking is no longer just a trend but a strategic imperative for financial institutions to maintain competitiveness. The growing demand for connectivity between financial ecosystems – including banks, enterprises, and end-users – requires an infrastructure that not only complies strictly with regulatory frameworks but also ensures the highest level of data security and privacy. With this vision, Savyint introduces the Open Banking Tech Stack – a comprehensive solution designed to help banks, financial institutions, and enterprises accelerate digital transformation, foster innovation, and contribute to shaping an open and inclusive financial ecosystem. Open Banking Tech Stack – Bridging Technology and Compliance The Open Banking Tech Stack is designed to strictly meet both regulatory and technological requirements, enabling banks and financial institutions to enhance connectivity, collaboration, and innovation within a globally integrated system. Key Advantages of the Open Banking Tech Stack: The Open Banking Tech Stack equips organizations with a complete set of tools to implement a modern open banking system, including: In addition, the Tech Stack integrates seamlessly with secure online payment gateways, creating a complete end-to-end process for banks and third-party providers – from registration, identification, authentication, integration, and data sharing to payments. Strategic Partnerships with Global Technology Leaders Savyint’s Open Banking Tech Stack is built on strategic collaborations with world-leading names in Open API and Open Banking, including Red Hat, Axway, Tyk.IO, Kong, Curity, Salt Group, IBM, Google Cloud, Gravitee, Fiorano, and Open Banking Exchange. Through these partnerships, Savyint not only delivers cutting-edge technology solutions but also provides customized adaptability to meet the specific needs of each market – ensuring reliability, optimal security, and exceptional scalability. The Open Banking Tech Stack is expected to break down traditional barriers, enabling intelligent data sharing and close collaboration among stakeholders. This fosters healthy competition, drives innovation, and lays the foundation for a new era of inclusive finance. Don’t stand outside the open banking movement, connect with Savyint experts TODAY!
SAVYINT is an Official Member of the Quantum Technology Network and Innovation and Cybersecurity Development Network
On August 25, at the Launch Ceremony of three Strategic Technology Innovation Networks organized by the Ministry of Finance, under the chairmanship of Deputy Prime Minister Nguyen Chi Dung, SAVYINT, as an official member of two out of three networks, introduced its Cybersecurity and Information Security Solution System, featuring two core components: PQC Lab – Vietnam’s first post quantum cryptography platform – and SAM Auth Server. To realize the objectives outlined in Resolution No. 57-NQ/TW dated December 22, 2024, by the Politburo, and Decision No. 1131/QĐ-TTg dated June 12, 2025, by the Prime Minister, the Ministry of Finance tasked the National Innovation Center (NIC) with collaborating with experts, scientists, and businesses to establish Strategic Technology Innovation Networks. Under the leadership of Deputy Prime Minister Nguyen Chi Dung, the Ministry of Finance organized the launch of three Innovation Networks, with key highlights: During the ceremony, Deputy Prime Minister Nguyen Chi Dung emphasized that Vietnam is entering a new development phase and must proactively seize the immense opportunities brought by the Fourth Industrial Revolution. The three Strategic Technology Innovation and Expert Networks will work alongside the Government, ministries, and businesses to shape strategies, develop policies, and promote research, development, and application of new technologies, transforming the country’s “challenges” into “great opportunities” for the future. SAVYINT is an official member of both the Quantum Technology Network and the Cybersecurity Innovation and Development Network. With over 20 years of research and experience, SAVYINT aims to serve as a catalyst, driving the growth of these alliances and their respective fields in Vietnam. At the event, SAVYINT unveiled its comprehensive Cybersecurity and Information Security Solution System, with SAM Auth Server and PQC Lab – Vietnam’s first post quantum cryptography platform for digital signatures, PKI, blockchain, and data encryption – garnering significant attention from attendees. Pioneering Post-Quantum Technology with SAVYINT PQC Lab As quantum technology advances rapidly, traditional encryption methods face the risk of being compromised. SAVYINT PQC Lab was developed to pioneer the application of posy-quantum technologies and algorithms, safeguarding digital signature systems, PKI, blockchain, and data encryption against threats from quantum computers. This platform not only meets current security requirements but also prepares for the future when quantum technology becomes widespread. It enables organizations to adopt NIST-approved Post-Quantum Cryptography (PQC) algorithms, test compatibility, performance, and impacts of PQC without affecting existing infrastructure or systems. This is particularly critical for financial and fintech organizations that must comply with international standards such as FIDO2, PSD2, eIDAS, and PCI DSS. SAVYINT PQC Lab utilizes Hardware Security Modules (HSMs) supporting NIST-standard PQC algorithms: ML-KEM (FIPS-203), ML-DSA (FIPS-204), and SLH-DSA (FIPS-205). It manages and automates the issuance of PQC digital certificates, scans and alerts for certificates requiring replacement per NIST and new security standards, and provides a flexible and secure sandbox environment for rapid testing, isolated from operational systems. With SAVYINT PQC Lab, businesses and organizations can ensure long-term data protection, prevent “Harvest Now, Decrypt Later” attacks, comply with NIST’s PQC standards, and adhere to the highest global data security regulations. This builds customer trust, enhances global competitiveness, and solidifies leadership in cybersecurity. SAM Auth Server – All-in-One Identity, Authentication and Security Solution SAM Auth Server is an all-in-one identity, authentication, and security solution developed by SAVYINT, leveraging advanced security technologies to address the growing complexity of securing information in digital environments. SAM Auth Server offers multi-layer authentication and security, integrating dedicated hardware and software, as well as smart biometric cards, while strictly adhering to domestic and international security standards such as FIPS 140-3, eIDAS, PSD2/PSD3, GDPR, FIDO2, and OIDC/OAuth2. It is a pioneering solution that applies Post-Quantum Cryptography (PQC) algorithms and tokenization technology, ensuring absolute security for data and transactions amid increasingly sophisticated cyber threats. With rapid integration, independent operation, and unlimited scalability, SAM Auth Server enables organizations and businesses to proactively manage digital identities, protect systems, data, and critical digital content, while optimizing costs, enhancing efficiency, and ensuring security across all digital operations. Comprehensive Cybersecurity and Information Security Ecosystem In addition, SAVYINT introduced a comprehensive Cybersecurity and Information Security Solution System designed to meet the diverse needs of organizations and businesses in protecting sensitive information, ensuring data security, and complying with international regulations. This system includes a range of standout solutions: The application of advanced cybersecurity and information security technologies serves as a robust shield for organizations and businesses in the digital era. Contact us today to start preparing for a sustainable and secure digital future. Event highlights: