ACCELERATE AFASA & BSP CIRCULAR NO. 1213 COMPLIANCE WITH SAVYINT
AFASA and BSP Circular No. 1213 are fundamentally reshaping the security architecture of the Philippine financial sector. With the compliance deadline fast approaching, banks and financial institutions must act decisively to meet mandatory regulatory requirements. In June 2025, Bangko Sentral ng Pilipinas (BSP) issued Circular No. 1213, amending the IT Risk Management framework to formally implement Section 6 of the Anti-Financial Account Scamming Act (AFASA). This marks a structural transformation in how financial institutions across the Philippines approach cybersecurity and fraud prevention. Circular 1213 applies to all BSP-supervised entities, including banks, fintech companies, payment service providers, and lending institutions. The regulation focuses on: Notably, before June 2026, , financial institutions are required to eliminate SMS OTP for high-risk transactions and transition to more secure, phishing-resistant, device-bound authentication methods. Understanding the regulatory and operational challenges faced by banks and financial institutions, Savyint delivers an integrated security and fraud prevention platform aligned with AFASA and BSP Circulars 1213 – 1215. The solution is built around four core pillars: Cyber Security & App Protection, SCA/MFA Identity, AI-Driven Fraud Management (FMS), and Risk Management & Compliance, protecting the entire customer journey – from onboarding and login to authentication, transaction execution, and post-transaction monitoring. Savyint’s Key Advantages: Savyint’s integrated platform complies with both international and local security standards and regulations, including: Philippines (AFASA, BSP 1213–1215), Vietnam (Circulars 50, 64, 77/NHNN), Singapore (MAS), as well as FIDO2, PSD2/PSD3, eIDAS, GDPR, and PCI DSS. Connect with our experts today to accelerate your compliance with AFASA and BSP Circulars 1213–1215.
SAVYINT Spring Kick-off 2026 – Galloping Toward Success, Conquering The Global Market
On the first working day of the year, Savyint kicked off 2026 with an energetic Spring Opening ceremony, filled with excitement, determination, and a strong spirit to conquer the global market. The event began with New Year wishes from Executive Chairman – Steve Hoang, who also shared Savyint’s strategic direction for 2026 with all employees. In his early-year message, he emphasized that 2026 is not only about revenue growth or business expansion. It is a defining year for Savyint to strengthen its position as a leading global technology company. He outlined the company’s strategic vision to further develop its ecosystem of cybersecurity, digital identity, and financial fraud prevention solutions. A key focus will be on priority markets such as the Philippines, where Savyint is actively supporting banks in complying with AFASA and BSP circular requirements. Following his inspiring speech, Savyint’s leadership team raised their glasses to celebrate the New Year, accompanied by warm applause from all team members. This was more than just a celebratory gesture – it reflected unity, shared commitment, and the leadership’s strong determination to guide Savyint toward greater international achievements. The Spring Kick-off ceremony concluded in a warm yet powerful atmosphere. For Savyint, the Year of the Horse 2026 is not simply the start of a new calendar year – it marks the beginning of a strong acceleration phase, where strategies turn into real actions and goals are pursued with focus and determination. Savyint 2026: Galloping toward success – Conquering the world!
From AFASA to BSP Circulars 1213 – 1215: SAVYINT Partners with Philippine Banks to Strengthen Security and Fight Digital Fraud
The rapid growth of digital banking, e-wallets, and online payments in the Philippines has led to a serious consequence – financial fraud is becoming increasingly sophisticated and more organized. Following the enactment of AFASA, the Bangko Sentral ng Pilipinas (BSP) continued to issue BSP Circulars 1213, 1214, and 1215, tightening the responsibilities of financial institutions and imposing stricter requirements for user authentication, fraud management, and data protection. About AFASA and BSP Circulars 1213, 1214, and 1215 Officially taking effect on June 25, 2025, the Anti-Financial Account Scamming Act (Republic Act No. 12010) was enacted by the Philippine government with the following core objectives: One of the most important requirements under AFASA is the mandatory transition of authentication methods before June 2026. OTPs sent via SMS and email will no longer be accepted for high-risk transactions. Instead, more secure methods must be implemented, such as biometric authentication, passwordless authentication, and adaptive multi-factor authentication (MFA) based on risk levels. AFASA marks a major shift in risk management thinking: account security is no longer just a technology choice – it is now a legal obligation. BSP Circular 1213 – Focus on Fraud Management and Strong Authentication Among the three circulars, BSP Circular 1213 is considered the technical backbone that brings AFASA into real operational practice. This circular requires banks and financial institutions to: BSP Circular 1213 clearly states that traditional authentication methods are no longer sufficient. Systems must understand user behavior patterns and detect fraud at the earliest stages – during login or even before a transaction is completed. Read more: Philippines BSP Circular No. 1213 and Compliance Solutions for Financial Institutions BSP Circular 1214 – Enabling Data Sharing for Faster Fraud Response BSP Circular 1214 addresses a major legal bottleneck related to accessing account data during fraud investigations. Its main goal is to create a fast-response mechanism to prevent funds from being completely withdrawn before authorities can intervene. Under this regulation: BSP Circular 1215 – Protecting Funds During Disputes While Circular 1213 focuses on prevention and 1214 focuses on investigation, BSP Circular 1215 addresses what happens after an incident occurs. It allows financial institutions to protect customer funds during the investigation period, preventing money from “disappearing” within minutes. Specifically, this circular: Together, AFASA and BSP Circulars 1213, 1214, and 1215 are reshaping the digital financial security standards in the Philippines. Financial institutions now need not only compliance documentation but also a strong technology foundation capable of detecting, preventing, and responding to fraud in real time. AFASA & BSP 1213, 1214, 1215 – Compliant Security Solutions from SAVYINT Savyint is a leading trusted service provider, ready to deliver authentication and payment security solutions that strictly comply with security standards and regulatory requirements under AFASA, BSP Circulars 1213, 1214, and 1215 issued by the Bangko Sentral ng Pilipinas (BSP), as well as the Philippine Open Banking framework and international regulations. Savyint’s solution ecosystem is built around four key pillars: Risk Management & Compliance, Cybersecurity & Application Protection, SCA/MFA Identity, and the FMS AI Fraud Engine. Together, these components protect the entire customer journey – from registration, login, authentication, and transaction execution to post-transaction monitoring. SAM Auth Server SAM Auth Server is an all-in-one strong authentication solution designed for mobile payments and digital banking. Built on a Zero Trust architecture and integrated with a FIPS 140-3 Level 3 certified Hardware Security Module (HSM), and ready for Post-Quantum Cryptography, SAM Auth Server supports a wide range of modern authentication methods, including: Biometric authentication, Smart OTP, Push Authentication, FIDO2 / Passkeys and Context-based authentication It enables step-up authentication when risk levels increase, ensuring maximum protection for electronic transactions. SAM FIDO2 Identity Server SAM FIDO2 Identity Server is a passwordless identity and authentication platform based on FIDO2/WebAuthn standards. It eliminates password storage by replacing passwords with asymmetric key-based authentication securely stored on the user’s device.As a result, the system effectively protects against common attacks such as phishing, man-in-the-middle attacks, and credential stuffing. SAM FIDO2 Identity Server fully meets Strong Customer Authentication (SCA) requirements under PSD2/PSD3 and complies with international standards for identity and data security. SAVYINT Fraud Prevention & Risk Management SAVYINT Fraud Prevention & Risk Management leverages AI and Machine Learning (ML) to help banks and financial institutions detect, assess, and prevent fraud across the entire user journey – from login behavior, device characteristics, and access context to transaction data. Key capabilities include: RASP+ RASP+ protects mobile applications directly within the runtime environment, detecting and blocking attacks while the application is running. It can detect rooted or jailbroken devices, debugging attempts, code tampering, hooking techniques, memory manipulation and emulator-based attacks. RASP+ integrates directly into mobile applications without affecting performance, ensuring strong protection without compromising user experience. TrustShield TrustShield is a mobile fraud prevention platform powered by device fingerprinting, behavioral analytics, and AI. It can identify devices without relying on cookies or advertising IDs, detect emulators, rooted or jailbroken devices, identify multi-device fraud patterns, analyze in-app user behavior, generate real-time risk scores and trigger adaptive authentication directly on mobile devices. With a multi-layered architecture and seamless integration capabilities, Savyint’s security ecosystem delivers a comprehensive fraud prevention model – protecting devices, behavior, identity, and transactions simultaneously. All solutions comply with AFASA, BSP Circulars 1213, 1214, 1215, and international standards such as FIDO2, PSD2/PSD3, eIDAS, GDPR, and PCI DSS. This allows fast deployment on existing infrastructure while achieving the highest level of security. Connect with Savyint’s experts today to implement and optimize your security solutions – and be fully prepared to meet AFASA and BSP requirements within just 3 months!
SAVYINT YEAR-END PARTY 2025 | RE:IMAGINE – REDEFINING DIGITAL TRUST FOR THE GLOBAL STAGE
Closing 2025 with pride and opening a new chapter of aspiration, Savyint gathered for its year-end party under the theme “RE:IMAGINE.” More than a celebration, this event served as a strategic milestone, declaring a bold vision to conquer the APAC and MENA markets in 2026. A Global Vision with Strong Roots With its office located in Australia, Savyint serves as a beacon of technological excellence, seamlessly connecting world-class R&D with practical, high-scale deployment. With a core team comprising top Australian and Vietnamese talent, Savyint operates a dual R&D structure in Sydney and Vietnam, supported by a robust service center in Vietnam and business centers strategically located across Hanoi, HCMC, Singapore, the Philippines, Dubai, Sydney, and the EU. The “REIMAGINE” theme signifies a major strategic pivot. It is a commitment to breaking familiar boundaries and creating distinctive value on a global scale. As Executive Chairman Steve Huang emphasised during the opening speech, amidst a rapid global digital transformation, Savyint is steadfast in mastering core technologies to meet the most stringent international standards. The 2026 Strategy focuses on Advanced Technology and Zero Trust Moving into 2026, Savyint is restructuring its strategic focus to deepen its expertise in cutting-edge domains. The group is well-positioned to take the lead in the following areas: At the heart of this strategy is the Zero Trust Framework. Savyint positions itself as a pillar of digital trust, ensuring absolute safety in payment transactions and cryptocurrency dealings, while providing a total fraud prevention mechanism. Compliance: The Competitive Edge Savyint distinguishes itself not just by technology but by rigorous adherence to global and local compliance standards. Savyint’s solutions are engineered to comply with a comprehensive matrix of regulations: This dedication ensures that Savyint acts as a secure bridge for enterprises as they navigate the complicated regulatory landscapes of APAC and MENA. Highlighting this success, SAM Enterprise Appliance was honoured as the “Product of the Year”. Already successfully deployed in major financial institutions like Agribank, BIDV, Sacombank, and Bac A Bank, this solution recently won at APICTA 2025 (the “Oscars” of Asia-Pacific ICT), affirming Savyint’s ability to compete on the international stage. Reaching the Open Seas The Year End Party 2025 concluded not just with festivities but with a unified spirit of determination. The Savyint team’s energy – from the R&D engineers to the business units – reflected a readiness to step into the “Open Seas”. With a redefined strategy, a footprint stretching from Sydney to Dubai, and a portfolio of certified, high-security solutions, Savyint Group is ready to dominate the competitive landscape of 2026, delivering uncompromised Digital Trust to the world. Highlights at the event:
Savyint Officially Announces Strategic Partnership with VietNet and SAVIS to Build a Digital Trust Ecosystem in Vietnam
On January 16, 2026, Savyint successfully hosted the event “Strategic Partnership Announcement, Cooperation and Market Development in Vietnam” officially marking a long-term strategic partnership between Savyint – VietNet – SAVIS Group. The event represents a significant milestone in Savyint’s growth strategy in Vietnam and Southeast Asia, reaffirming Savyint’s strong commitment to long-term , structured and sustainable investment in building a comprehensive, compliant and trusted digital security ecosystem. As the event organizer, Savyint proudly presented Strategic Partner Certificates to VietNet, its strategic distribution partner in Vietnam, and SAVIS Group, its technology partner. The event also featured live demonstrations of key solutions within Savyint’s Digital Trust ecosystem, aligned with the development direction of the Vietnamese market. The event was attended by representatives from the Ministry of Science and Technology, the Information Technology Department of the State Bank of Vietnam, the Government Cipher Committee under the Ministry of National Defence, the Vietnam Software and IT Services Association (VINASA), leaders of the three companies, as well as banks and organizations operating in Finance – Banking, Cryptography, Information Technology and Cybersecurity. Building a Digital Trust Ecosystem – An Inevitable Trend of the Digital Economy Speaking at the event, Mr. Nguyen Khac Lich, Director General of the Department of Information Technology Industry (Ministry of Science and Technology), emphasized that the strategic partnership announcement between Savyint – SAVIS – VietNet is a concrete demonstration of the Party and Government’s policy to place technology enterprises at the center of innovation, science and technology development, digital transformation, and the “Make in Vietnam to Lead” strategy. He highlighted that the three-party cooperation model creates a complete digital technology value chain, contributing to a secure and trusted foundation for the digital economy. At the same time, it opens opportunities for Vietnamese technology enterprises to expand into regional and international markets, fully reflecting the enterprise-centered innovation spirit as defined by Resolution 57 and Resolution 68. Mr. Brad Palmer, Vice Chairman of the Board and Chief Executive Officer of Savyint, shared that Savyint has been present and growing in Vietnam for more than 15 years. The partnership with VietNet and SAVIS Group marks an important step in expanding Savyint’s deployment network and bringing its “Made in Vietnam” solutions closer to organizations and enterprises, particularly in the Finance – Banking sector and critical digital infrastructure. Under the cooperation agreement, VietNet, as the strategic distribution partner, and SAVIS, as the technology partner in Vietnam, will work closely with Savyint to deploy, integrate and develop solutions for authentication, encryption, digital identity, digital signatures and transaction authentication in Vietnam and Southeast Asia. Within the cooperation framework, the parties will share implementation experience and technical expertise, while jointly organizing solution showcases, technology demonstrations and in-depth training programs to enhance deployment and operational effectiveness. The partnership is built on leveraging each party’s strengths, ensuring effective coordination, regulatory compliance, and contributing to higher levels of security and trust in electronic transactions in Vietnam. Digital Trust – Strengthening Security, Enabling Digital Confidence As digital transformation accelerates alongside increasing requirements for security, safety and regulatory compliance, Digital Trust has become a foundational pillar for ensuring confidence in digital transactions and services. With this vision, Savyint has developed a comprehensive Digital Trust ecosystem designed to protect the digital financial ecosystem and support the sustainable growth of the digital economy. The Savyint Digital Trust ecosystem consists of the following key solutions: These solutions are also the core offerings within the three-party cooperation framework, designed to meet stringent requirements for security, fraud prevention, regulatory compliance and scalability, fully aligned with the Vietnamese and regional markets. Mr. Le Tuan Dat, Chief Executive Officer of VietNet, stated: “As the strategic distribution partner, VietNet will focus on bringing SAM Appliance, SAM Auth Server, SAM FIDO Identity Server and Mobile Security solutions (TrustShield, RASP+) to the Vietnamese market, particularly in the Finance – Banking sector and critical information systems, ensuring compliance with regulatory requirements and operational models.” Meanwhile, Mr. Pham Van Duc, Chief Executive Officer of SAVIS Group, emphasized: “With extensive hands-on experience in information security infrastructure, electronic transactions, digital signatures and trust services, SAVIS will work closely with Savyint and VietNet to integrate, operate and optimize authentication, encryption and digital security solutions.” The combination of Savyint (core technology) – VietNet (distribution & market development) – SAVIS (deployment & integration) forms a comprehensive cooperation model, enabling customers to access digital security solutions that are effective, compliant and trusted. About Savyint Savyint is a technology company headquartered in Sydney, Australia, with an R&D center in Hanoi. The company specializes in providing platforms, system solutions and services in Digital Trust, Open Banking, Secure Payments and cryptography for the Finance – Banking, FSI and Government sectors, meeting stringent requirements for security, compliance and scalability.About VietNet Founded in 2011, VietNet Distribution JSC is a professional technology distributor in Vietnam, with a well-trained workforce, strong market insight and a scientifically structured operating model. With more than 15 years of market development experience, a broad partner ecosystem, and strong consulting, technical support and operational capabilities, VietNet has established itself as a trusted distributor, particularly in the fields of information security and digital infrastructure.About SAVIS With 20 years of experience, SAVIS Group is a leading trusted service provider, recognized for its digital signature and electronic signature solutions, identity authentication and trust services across sectors such as Finance – Banking, Media, Digital Government, Healthcare and Education, in compliance with both domestic and international standards. Media coverage of the event: Event Highlights:
PSD3 – A Comprehensive Transformation of Payment Fraud Risk Management
Alongside the Payment Services Regulation (PSR), the Payment Services Directive 3 (PSD3) is regarded as a major restructuring of the EU’s regulatory framework for payment fraud prevention. It shifts the focus toward stronger fraud prevention measures, enhanced data security, and greater consumer control over their financial data. Fraud Prevention Under PSD3 – Key Enhancements Since the implementation of PSD2 in 2018, the global payment fraud landscape has changed dramatically. Fraud schemes have become more sophisticated, with increasingly complex impersonation and social engineering tactics. PSD3 was introduced to address the gaps exposed under PSD2 and to strengthen fraud prevention in a more holistic way, introducing significant changes across the payment value chain. Stronger and More Inclusive Strong Customer Authentication (SCA) Under PSD2, multi-factor authentication was largely treated as a binary requirement—either applied or not. PSD3 goes further by requiring payment service providers to support multiple SCA methods in parallel, ensuring that elderly users, people with disabilities, or those with limited digital skills can still access payment services safely. PSD3 also allows for delegated authentication, meaning that in certain scenarios, a trusted third party may perform authentication on behalf of the bank. This improves user experience without compromising security. Mandatory Verification of Payee (VoP) Before a credit transfer is executed, the system must verify whether the beneficiary’s name matches the International Bank Account Number (IBAN). If a mismatch is detected, the payer must be clearly warned and given the choice to proceed or cancel the transaction. Crucially, if a payment service provider fails to issue a warning or allows the transaction to proceed despite a mismatch, it may be held legally liable. This measure directly targets misdirected payments and scam-induced transfers, which have caused significant financial losses in recent years. Real-Time Transaction Monitoring and Fraud Detection Instead of identifying fraud after funds have already left the account, PSD3 requires fraud monitoring mechanisms to operate in real time, before transactions are executed. These systems must analyze multiple signals simultaneously, including user behavior, device data, location, transaction history, beneficiary information, and signs of compromised authentication. As a result, financial institutions are compelled to move away from static, rule-based controls toward advanced analytics powered by AI and machine learning to detect complex and evolving fraud patterns. Shifting Liability for Impersonation Fraud from Customers to Financial Institutions Under PSD2, customers often had to prove they were not negligent when falling victim to fraud. PSD3 changes this approach. If a customer is deceived by fraudsters impersonating bank staff and is tricked into transferring funds, the payment service provider is required to reimburse the customer, provided the incident is reported according to proper procedures. This reflects the reality that modern social engineering scams are highly sophisticated and cannot simply be blamed on user carelessness. At the same time, it creates strong incentives for institutions to invest more seriously in fraud prevention technologies and customer education. A Clear Legal Framework for Sharing Fraud Data PSD3 enables payment service providers to share fraud-related data with each other without breaching GDPR. When multiple customers report fraud linked to the same beneficiary or scam method, this information can be rapidly shared across the ecosystem, enabling earlier and more effective interbank fraud detection. Mandatory Tools for Customer-Controlled Risk Management PSD3 requires financial institutions to provide customers with tools to actively manage their own risk. These include spending limits, time- or location-based transaction blocking, instant account freezing, and real-time fraud alerts. Such tools must be easy to find and simple to use, pushing banks to invest meaningfully in user-centric design and customer experience. PSD3 also mandates that customers must be able to reach real human support staff—not just chatbots—especially in complex fraud cases or when dealing with vulnerable users. Comprehensive Upgrades to Fraud Prevention Infrastructure Payment service providers are required to upgrade their fraud prevention infrastructure end to end. This includes real-time behavioral analytics, transaction monitoring, risk management, verification of payees, impersonation fraud claims handling, and responsibility management when working with external platforms. These requirements are accelerating the shift toward Zero Trust architectures and real-time intelligence–driven fraud prevention models across banks and financial institutions. With these changes, PSD3 does more than revise existing rules—it fundamentally reshapes how the EU addresses payment fraud. By redistributing liability, mandating real-time fraud detection, and strengthening payee verification, PSD3 establishes a robust legal framework that helps organizations reduce financial losses while offering stronger, more meaningful protection for users. Savyint Fraud Prevention & Risk Management – PSD3 Compliance Built on Zero Trust Built on a Zero Trust architecture, Savyint Fraud Prevention & Risk Management integrates Strong Customer Authentication (SCA), MFA and 3D Secure, AI/ML-driven fraud detection, and real-time risk management. It enhances transaction security through tokenization, Post-Quantum Cryptography (PQC), and a clear quantum-safe migration roadmap, while also meeting PSD3 requirements for TPP monitoring, Open API security, and ecosystem-wide risk control. With a fraud-first approach, Savyint Fraud Prevention & Risk Management (FPRM) enables enterprises and financial institutions to proactively prevent fraud by combining risk management, transaction security, and effective user protection across the entire payment journey. Connect with Savyint experts today to reduce fraud risk and strengthen regulatory compliance in the digital payments landscape.
6-Step Model for Effective Real-Time Online Transaction Fraud Detection
With stricter requirements for payment security and compliance with standards such as AML, KYC, and PSD2/PSD3, a secure payment system must do more than just protect transactions. It also needs to monitor activity, track transactions, and respond quickly to unusual behavior. As online payments continue to grow and fraud becomes more sophisticated, payment systems are being strengthened with modern fraud detection technologies. These technologies help keep transactions safe and reduce financial losses caused by payment fraud. Online Transaction Fraud Detection Mechanism Modern online fraud detection models are designed to spot unusual behavior early, so risks can be stopped during the transaction instead of being handled only after fraud has already happened. In general, fraud detection systems follow a process with six main steps: Step 1: Data Collection Data collection is the foundation of any fraud detection system. To accurately assess the risk of a transaction, the system needs to collect different types of data related to users, devices, and transaction behavior. Step 2: Data Analysis Data analysis plays a key role in preventing online payment fraud. In the past, many organizations only reviewed transactions after they were completed, when fraud had already occurred. In most cases, recovering money from fraudulent transactions is very difficult or even impossible. That is why businesses now focus on detecting and stopping fraud before a transaction is completed. By analyzing transactions in real time, monitoring user behavior, and tracking the full customer journey – from login to payment – the system can quickly identify and block fraud risks. Step 3: Risk Detection Based on the collected and analyzed data, the system detects risks using machine learning or rules-based logic. Machine learning allows the system to learn from large amounts of data, recognize normal and abnormal behavior patterns, and predict fraudulent transactions more accurately in real time. Alongside machine learning, predefined rules also help detect suspicious transactions. For example, transaction limits can be set so that transfers above a certain amount – such as USD 1,000 – are blocked or require additional verification. Step 4: Risk Assessment and Risk Scoring Using identified risk signals, the system evaluates each transaction and assigns a risk score. Based on this score, transactions are classified as either “legitimate” or “suspicious.” Step 5: Alerts and Actions If a transaction is marked as suspicious, the system sends an alert to the security team so immediate action can be taken. This may include blocking the transaction, asking for additional verifications such as Strong Customer Authentication (SCA), Multi-Factor Authentication (MFA), biometric verification, or contacting the customer for further confirmation. Step 6: Continuous Updates and Improvement Fraud detection models are continuously updated and improved using new data and past fraud cases. This helps increase accuracy and allows the system to adapt to new and more advanced fraud techniques. Comprehensive Fraud Prevention with Savyint Fraud Prevention & Risk Management Built around the six- step fraud detection and prevention model, Savyint Fraud Prevention & Risk Management (FPRM) helps banks and financial institutions detect, prevent, and respond effectively to fraud. This reduces losses, strengthens transaction security, protects customer data, and improves long-term operational efficiency. With a Zero Trust architecture, Savyint FPRM enables: Savyint Fraud Prevention & Risk Management (FPRM) complies with global standards such as AML, KYC, KYB, PSD2, PSD3, and PCI-DSS, as well as local regulations including Circulars 64 and 50 (Vietnam), BSP 1213 (Philippines), and regulations in Malaysia. Contact Savyint experts today to strengthen security and implement effective payment fraud prevention strategies. Source: How payment fraud works – Tipalti
Financial Fraud Prevention: Protecting Assets, Data and Customer Trust
Proactive financial fraud prevention not only helps minimize losses but also plays a critical role in maintaining seamless customer experiences and improving overall operational efficiency. As fraud schemes become increasingly sophisticated, faster, and larger in scale, traditional control measures are no longer sufficient. Financial fraud prevention is therefore no longer merely a matter of compliance or security – it has become a strategic priority that enables organizations to optimize processes and ensure sustainable growth. 1. Benefits of Financial Fraud Prevention Implementing robust fraud prevention measures not only safeguards customers and organizations but also supports long-term, sustainable business growth. a. Minimizing financial losses Fraud can cause significant damage even when incidents occur on a small scale. Effective preventive measures help organizations reduce the risk of loss, control costs, and build a solid financial foundation for long-term development. b. Optimizing revenue and transaction processing efficiency One direct benefit is the improvement of authorization rates by reducing false declines of legitimate transactions – a common challenge in online payments. When transactions are processed accurately and quickly, completion rates increase, enabling businesses to maximize revenue. c. Protecting customer data and digital assets In the financial and banking sector, protecting personal information and financial data is essential to maintaining customer trust. Account Takeover (ATO) attacks and card data theft not only result in financial losses but also severely damage an organization’s reputation. By proactively preventing fraud, organizations can detect and stop these threats early, before real damage occurs. d. Enhancing customer experience Customers increasingly expect transactions to be smooth, uninterrupted, and free from unnecessary verification steps. Reducing fraud also means reducing unnecessary transaction rejections, leading to better customer experiences while lowering operational pressure and costs for businesses. e. Preserving brand reputation As noted above, even minor fraud incidents can erode customer trust and negatively impact brand image. Investing in comprehensive fraud prevention demonstrates a strong commitment to security and customer protection, helping organizations build a trusted and credible brand over the long term. 2. Effective Fraud Prevention with Savyint Fraud Prevention and Risk Management With these benefits in mind, a comprehensive and effective fraud prevention system enables banks and financial institutions to minimize losses, strengthen transaction protection, ensure customer data security, and enhance long-term operational efficiency. This is precisely the objective of Savyint Fraud Prevention & Risk Management (FPRM). Built on a Zero Trust architecture, Savyint FPRM enables organizations to proactively prevent fraud while integrating risk management and transaction security. The solution leverages AI and Machine Learning for behavioral analysis, combined with strong authentication mechanisms such as SCA, multi-layer MFA, and biometrics, along with advanced security technologies including tokenization and Post-Quantum Cryptography (PQC). This enables: As a result, organizations can detect, prevent, and respond to fraud effectively before losses occur. Savyint Fraud Prevention & Risk Management (FPRM) also complies with global standards such as AML, KYC, KYB, PSD2, PSD3, and PCI-DSS, as well as local regulatory requirements including Circulars 64 and 50 (Vietnam), BSP 1213 (Philippines), and regulations in Malaysia. Connect with Savyint experts today for detailed consultation on a fraud prevention roadmap tailored to your organization’s business model!
Strengthening Authentication and Security in the Financial and Banking Sector in Southeast Asia
Alongside the rapid growth of the financial and banking sector, regulatory frameworks across many Southeast Asian countries have been continuously updated and refined to enhance safety and security in financial operations. In Vietnam, Singapore, the Philippines, and Malaysia, newly issued regulations go beyond technical compliance requirements and increasingly focus on protecting users and strengthening trust in digital financial systems. Safeguarding digital identities, personal data, and financial transactions is now widely recognized as a prerequisite for the sustainable development of the electronic financial ecosystem. In response to these increasingly stringent requirements, financial institutions are compelled to comprehensively upgrade their authentication capabilities, security controls, and risk-management frameworks to a higher level. Security Requirements for Open API Implementation The rapid expansion of digital banking, e-wallets, Open Banking, and fintech partnership models has made fraud, cyberattacks, and data leakage common challenges across the region. Establishing strict security requirements for Open API implementation has therefore become a critical prerequisite for protecting financial systems and maintaining customer trust. In Singapore, as early as 2016, the Monetary Authority of Singapore (MAS) issued Open Banking and API guidelines requiring financial institutions to implement strong authentication mechanisms, customer consent management, identity and access control, and strict authorization when sharing data with partners. From an early stage, Singapore mandated standards such as secure API gateways, OAuth/OIDC-based security, multi-factor authentication (MFA), and contextual access monitoring as foundational requirements for sustaining trust within the open financial ecosystem. In 2021, the Philippines introduced the Open Finance Framework, which defines a phased roadmap for data sharing with clearly articulated technical, governance, and security standards aimed at building an open financial ecosystem. One year later, in 2022, Bank Negara Malaysia (BNM) launched the Open API Framework, providing clear guidance on how banks and third-party fintech providers can securely share data. The framework emphasizes strict security controls, customer-consent-based access management, and technical reference guidelines to promote innovation and fair competition within the digital financial ecosystem. In Vietnam, Circular 64/2024/TT-NHNN regulates the implementation of Open Application Programming Interfaces (Open APIs) in the banking sector, allowing credit institutions to connect and collaborate with third parties to deliver new financial services. However, ecosystem expansion must be accompanied by stringent requirements for authentication, access control, data protection, and customer consent management. The Circular also defines a clear roadmap for banks that have already deployed Open APIs, ensuring a controlled and secure transition process. Data Protection and Financial Fraud Prevention Requirements Singapore and the Philippines have long established comprehensive legal frameworks to protect customer data. Singapore is a regional pioneer in data-protection and digital-banking regulation. The Personal Data Protection Act (PDPA), enacted in 2012 and amended in 2020, provides detailed rules governing the collection, use, and storage of personal data, and requires organizations to notify authorities in the event of data breaches. In the banking sector, the Technology Risk Management Guidelines issued by MAS mandate multi-factor authentication (MFA), the use of OTPs or biometrics, and enhanced monitoring of high-risk transactions. The Philippines adopted the Data Privacy Act in 2012, one of the earliest such frameworks in the region, granting users the right to access, correct, and delete personal data. Compliance is overseen by the National Privacy Commission (NPC). In banking, the Bangko Sentral ng Pilipinas (BSP) mandates MFA for electronic payment services, the implementation of eKYC, and device and transaction risk management. Most recently, BSP Circulars 1213 and 1214 were issued in response to rising financial account fraud, to enforce the Anti-Financial Account Scamming Act (AFASA). These regulations emphasize enhanced technology risk management, the adoption of modern authentication methods, and the establishment of coordinated investigation and information-sharing mechanisms between banks and law-enforcement authorities. Specifically: In Vietnam, the Personal Data Protection Decrees (2023), together with the Cybersecurity Law (2018), impose strict requirements on customer consent, impact assessments for sensitive data, and data localization. More recently, Circular 50/2024/TT-NHNN establishes security requirements for online banking services, mandating that credit institutions and foreign bank branches implement customer-protection guidelines (PINs, OTPs, fraud awareness), encryption, access monitoring, and incident reporting to ensure confidentiality, integrity, and availability while protecting customer rights. Overall, regulatory priorities in Singapore, Vietnam, the Philippines, and Malaysia converge around the adoption of advanced security measures to protect customers from technological risks, online fraud, and cyberattacks, alongside clearly defined Open API implementation roadmaps. Strengthening Authentication and Security with Savyint’s Comprehensive Solutions In response to increasingly stringent compliance requirements, Savyint delivers a comprehensive security ecosystem that enables banks and financial institutions to effectively comply with Circulars 64 and 50, as well as BSP Circulars 1213 and 1214, while strengthening long-term security capabilities and risk governance. Savyint’s solution portfolio is built around four core pillars: Secure Payments, Open Banking, Data Protection, and Digital Trust. Under the Secure Payments pillar, Savyint deploys strong customer authentication (SCA), multi-factor authentication (MFA), Smart OTP, passkeys, FIDO2, biometrics, 3D Secure, tokenization, and fraud-management capabilities such as risk scoring and real-time monitoring. This security layer directly protects card payments, e-wallets, online transfers, and e-commerce transactions, reducing fraud risks for customers, financial institutions, and merchants while safeguarding wallet and card data. To support controlled Open API connectivity under Circular 64 and Open Banking standards, Savyint provides a full Open Banking solution suite, including API Management, Open Banking Portal, Consent Management, CIAM/SCA-PSD2, TPP Management, and Tokenization. These solutions enable banks to securely deploy Open APIs with strict access control, robust customer consent management, and purpose-limited data sharing in line with security and compliance requirements. For transaction and data protection, Savyint secures information throughout its lifecycle with solutions such as Sam Appliance, Sam Auth Server, Savyint PKI-in-a-Box, Enterprise Security Appliance, KMS, and DSS. Notably, Sam Appliance is an all-in-one platform for data encryption, digital signatures, and mobile identity, featuring a FIPS 140-2 Level 3-certified server appliance integrated with Hardware Security Modules (HSMs), SAM software, key-management systems, and digital-signing software. This flexible security platform supports diverse deployment needs across banking, finance, healthcare, education, telecommunications, broadcasting, and media sectors. Beyond digital signatures for invoices, contracts, documents, certificates, and payment records, Sam Appliance is built on a Cryptographic