PSD3 – A Comprehensive Transformation of Payment Fraud Risk Management
Alongside the Payment Services Regulation (PSR), the Payment Services Directive 3 (PSD3) is regarded as a major restructuring of the EU’s regulatory framework for payment fraud prevention. It shifts the focus toward stronger fraud prevention measures, enhanced data security, and greater consumer control over their financial data. Fraud Prevention Under PSD3 – Key Enhancements Since the implementation of PSD2 in 2018, the global payment fraud landscape has changed dramatically. Fraud schemes have become more sophisticated, with increasingly complex impersonation and social engineering tactics. PSD3 was introduced to address the gaps exposed under PSD2 and to strengthen fraud prevention in a more holistic way, introducing significant changes across the payment value chain. Stronger and More Inclusive Strong Customer Authentication (SCA) Under PSD2, multi-factor authentication was largely treated as a binary requirement—either applied or not. PSD3 goes further by requiring payment service providers to support multiple SCA methods in parallel, ensuring that elderly users, people with disabilities, or those with limited digital skills can still access payment services safely. PSD3 also allows for delegated authentication, meaning that in certain scenarios, a trusted third party may perform authentication on behalf of the bank. This improves user experience without compromising security. Mandatory Verification of Payee (VoP) Before a credit transfer is executed, the system must verify whether the beneficiary’s name matches the International Bank Account Number (IBAN). If a mismatch is detected, the payer must be clearly warned and given the choice to proceed or cancel the transaction. Crucially, if a payment service provider fails to issue a warning or allows the transaction to proceed despite a mismatch, it may be held legally liable. This measure directly targets misdirected payments and scam-induced transfers, which have caused significant financial losses in recent years. Real-Time Transaction Monitoring and Fraud Detection Instead of identifying fraud after funds have already left the account, PSD3 requires fraud monitoring mechanisms to operate in real time, before transactions are executed. These systems must analyze multiple signals simultaneously, including user behavior, device data, location, transaction history, beneficiary information, and signs of compromised authentication. As a result, financial institutions are compelled to move away from static, rule-based controls toward advanced analytics powered by AI and machine learning to detect complex and evolving fraud patterns. Shifting Liability for Impersonation Fraud from Customers to Financial Institutions Under PSD2, customers often had to prove they were not negligent when falling victim to fraud. PSD3 changes this approach. If a customer is deceived by fraudsters impersonating bank staff and is tricked into transferring funds, the payment service provider is required to reimburse the customer, provided the incident is reported according to proper procedures. This reflects the reality that modern social engineering scams are highly sophisticated and cannot simply be blamed on user carelessness. At the same time, it creates strong incentives for institutions to invest more seriously in fraud prevention technologies and customer education. A Clear Legal Framework for Sharing Fraud Data PSD3 enables payment service providers to share fraud-related data with each other without breaching GDPR. When multiple customers report fraud linked to the same beneficiary or scam method, this information can be rapidly shared across the ecosystem, enabling earlier and more effective interbank fraud detection. Mandatory Tools for Customer-Controlled Risk Management PSD3 requires financial institutions to provide customers with tools to actively manage their own risk. These include spending limits, time- or location-based transaction blocking, instant account freezing, and real-time fraud alerts. Such tools must be easy to find and simple to use, pushing banks to invest meaningfully in user-centric design and customer experience. PSD3 also mandates that customers must be able to reach real human support staff—not just chatbots—especially in complex fraud cases or when dealing with vulnerable users. Comprehensive Upgrades to Fraud Prevention Infrastructure Payment service providers are required to upgrade their fraud prevention infrastructure end to end. This includes real-time behavioral analytics, transaction monitoring, risk management, verification of payees, impersonation fraud claims handling, and responsibility management when working with external platforms. These requirements are accelerating the shift toward Zero Trust architectures and real-time intelligence–driven fraud prevention models across banks and financial institutions. With these changes, PSD3 does more than revise existing rules—it fundamentally reshapes how the EU addresses payment fraud. By redistributing liability, mandating real-time fraud detection, and strengthening payee verification, PSD3 establishes a robust legal framework that helps organizations reduce financial losses while offering stronger, more meaningful protection for users. Savyint Fraud Prevention & Risk Management – PSD3 Compliance Built on Zero Trust Built on a Zero Trust architecture, Savyint Fraud Prevention & Risk Management integrates Strong Customer Authentication (SCA), MFA and 3D Secure, AI/ML-driven fraud detection, and real-time risk management. It enhances transaction security through tokenization, Post-Quantum Cryptography (PQC), and a clear quantum-safe migration roadmap, while also meeting PSD3 requirements for TPP monitoring, Open API security, and ecosystem-wide risk control. With a fraud-first approach, Savyint Fraud Prevention & Risk Management (FPRM) enables enterprises and financial institutions to proactively prevent fraud by combining risk management, transaction security, and effective user protection across the entire payment journey. Connect with Savyint experts today to reduce fraud risk and strengthen regulatory compliance in the digital payments landscape.
6-Step Model for Effective Real-Time Online Transaction Fraud Detection
With stricter requirements for payment security and compliance with standards such as AML, KYC, and PSD2/PSD3, a secure payment system must do more than just protect transactions. It also needs to monitor activity, track transactions, and respond quickly to unusual behavior. As online payments continue to grow and fraud becomes more sophisticated, payment systems are being strengthened with modern fraud detection technologies. These technologies help keep transactions safe and reduce financial losses caused by payment fraud. Online Transaction Fraud Detection Mechanism Modern online fraud detection models are designed to spot unusual behavior early, so risks can be stopped during the transaction instead of being handled only after fraud has already happened. In general, fraud detection systems follow a process with six main steps: Step 1: Data Collection Data collection is the foundation of any fraud detection system. To accurately assess the risk of a transaction, the system needs to collect different types of data related to users, devices, and transaction behavior. Step 2: Data Analysis Data analysis plays a key role in preventing online payment fraud. In the past, many organizations only reviewed transactions after they were completed, when fraud had already occurred. In most cases, recovering money from fraudulent transactions is very difficult or even impossible. That is why businesses now focus on detecting and stopping fraud before a transaction is completed. By analyzing transactions in real time, monitoring user behavior, and tracking the full customer journey – from login to payment – the system can quickly identify and block fraud risks. Step 3: Risk Detection Based on the collected and analyzed data, the system detects risks using machine learning or rules-based logic. Machine learning allows the system to learn from large amounts of data, recognize normal and abnormal behavior patterns, and predict fraudulent transactions more accurately in real time. Alongside machine learning, predefined rules also help detect suspicious transactions. For example, transaction limits can be set so that transfers above a certain amount – such as USD 1,000 – are blocked or require additional verification. Step 4: Risk Assessment and Risk Scoring Using identified risk signals, the system evaluates each transaction and assigns a risk score. Based on this score, transactions are classified as either “legitimate” or “suspicious.” Step 5: Alerts and Actions If a transaction is marked as suspicious, the system sends an alert to the security team so immediate action can be taken. This may include blocking the transaction, asking for additional verifications such as Strong Customer Authentication (SCA), Multi-Factor Authentication (MFA), biometric verification, or contacting the customer for further confirmation. Step 6: Continuous Updates and Improvement Fraud detection models are continuously updated and improved using new data and past fraud cases. This helps increase accuracy and allows the system to adapt to new and more advanced fraud techniques. Comprehensive Fraud Prevention with Savyint Fraud Prevention & Risk Management Built around the six- step fraud detection and prevention model, Savyint Fraud Prevention & Risk Management (FPRM) helps banks and financial institutions detect, prevent, and respond effectively to fraud. This reduces losses, strengthens transaction security, protects customer data, and improves long-term operational efficiency. With a Zero Trust architecture, Savyint FPRM enables: Savyint Fraud Prevention & Risk Management (FPRM) complies with global standards such as AML, KYC, KYB, PSD2, PSD3, and PCI-DSS, as well as local regulations including Circulars 64 and 50 (Vietnam), BSP 1213 (Philippines), and regulations in Malaysia. Contact Savyint experts today to strengthen security and implement effective payment fraud prevention strategies. Source: How payment fraud works – Tipalti
Financial Fraud Prevention: Protecting Assets, Data and Customer Trust
Proactive financial fraud prevention not only helps minimize losses but also plays a critical role in maintaining seamless customer experiences and improving overall operational efficiency. As fraud schemes become increasingly sophisticated, faster, and larger in scale, traditional control measures are no longer sufficient. Financial fraud prevention is therefore no longer merely a matter of compliance or security – it has become a strategic priority that enables organizations to optimize processes and ensure sustainable growth. 1. Benefits of Financial Fraud Prevention Implementing robust fraud prevention measures not only safeguards customers and organizations but also supports long-term, sustainable business growth. a. Minimizing financial losses Fraud can cause significant damage even when incidents occur on a small scale. Effective preventive measures help organizations reduce the risk of loss, control costs, and build a solid financial foundation for long-term development. b. Optimizing revenue and transaction processing efficiency One direct benefit is the improvement of authorization rates by reducing false declines of legitimate transactions – a common challenge in online payments. When transactions are processed accurately and quickly, completion rates increase, enabling businesses to maximize revenue. c. Protecting customer data and digital assets In the financial and banking sector, protecting personal information and financial data is essential to maintaining customer trust. Account Takeover (ATO) attacks and card data theft not only result in financial losses but also severely damage an organization’s reputation. By proactively preventing fraud, organizations can detect and stop these threats early, before real damage occurs. d. Enhancing customer experience Customers increasingly expect transactions to be smooth, uninterrupted, and free from unnecessary verification steps. Reducing fraud also means reducing unnecessary transaction rejections, leading to better customer experiences while lowering operational pressure and costs for businesses. e. Preserving brand reputation As noted above, even minor fraud incidents can erode customer trust and negatively impact brand image. Investing in comprehensive fraud prevention demonstrates a strong commitment to security and customer protection, helping organizations build a trusted and credible brand over the long term. 2. Effective Fraud Prevention with Savyint Fraud Prevention and Risk Management With these benefits in mind, a comprehensive and effective fraud prevention system enables banks and financial institutions to minimize losses, strengthen transaction protection, ensure customer data security, and enhance long-term operational efficiency. This is precisely the objective of Savyint Fraud Prevention & Risk Management (FPRM). Built on a Zero Trust architecture, Savyint FPRM enables organizations to proactively prevent fraud while integrating risk management and transaction security. The solution leverages AI and Machine Learning for behavioral analysis, combined with strong authentication mechanisms such as SCA, multi-layer MFA, and biometrics, along with advanced security technologies including tokenization and Post-Quantum Cryptography (PQC). This enables: As a result, organizations can detect, prevent, and respond to fraud effectively before losses occur. Savyint Fraud Prevention & Risk Management (FPRM) also complies with global standards such as AML, KYC, KYB, PSD2, PSD3, and PCI-DSS, as well as local regulatory requirements including Circulars 64 and 50 (Vietnam), BSP 1213 (Philippines), and regulations in Malaysia. Connect with Savyint experts today for detailed consultation on a fraud prevention roadmap tailored to your organization’s business model!
Strengthening Authentication and Security in the Financial and Banking Sector in Southeast Asia
Alongside the rapid growth of the financial and banking sector, regulatory frameworks across many Southeast Asian countries have been continuously updated and refined to enhance safety and security in financial operations. In Vietnam, Singapore, the Philippines, and Malaysia, newly issued regulations go beyond technical compliance requirements and increasingly focus on protecting users and strengthening trust in digital financial systems. Safeguarding digital identities, personal data, and financial transactions is now widely recognized as a prerequisite for the sustainable development of the electronic financial ecosystem. In response to these increasingly stringent requirements, financial institutions are compelled to comprehensively upgrade their authentication capabilities, security controls, and risk-management frameworks to a higher level. Security Requirements for Open API Implementation The rapid expansion of digital banking, e-wallets, Open Banking, and fintech partnership models has made fraud, cyberattacks, and data leakage common challenges across the region. Establishing strict security requirements for Open API implementation has therefore become a critical prerequisite for protecting financial systems and maintaining customer trust. In Singapore, as early as 2016, the Monetary Authority of Singapore (MAS) issued Open Banking and API guidelines requiring financial institutions to implement strong authentication mechanisms, customer consent management, identity and access control, and strict authorization when sharing data with partners. From an early stage, Singapore mandated standards such as secure API gateways, OAuth/OIDC-based security, multi-factor authentication (MFA), and contextual access monitoring as foundational requirements for sustaining trust within the open financial ecosystem. In 2021, the Philippines introduced the Open Finance Framework, which defines a phased roadmap for data sharing with clearly articulated technical, governance, and security standards aimed at building an open financial ecosystem. One year later, in 2022, Bank Negara Malaysia (BNM) launched the Open API Framework, providing clear guidance on how banks and third-party fintech providers can securely share data. The framework emphasizes strict security controls, customer-consent-based access management, and technical reference guidelines to promote innovation and fair competition within the digital financial ecosystem. In Vietnam, Circular 64/2024/TT-NHNN regulates the implementation of Open Application Programming Interfaces (Open APIs) in the banking sector, allowing credit institutions to connect and collaborate with third parties to deliver new financial services. However, ecosystem expansion must be accompanied by stringent requirements for authentication, access control, data protection, and customer consent management. The Circular also defines a clear roadmap for banks that have already deployed Open APIs, ensuring a controlled and secure transition process. Data Protection and Financial Fraud Prevention Requirements Singapore and the Philippines have long established comprehensive legal frameworks to protect customer data. Singapore is a regional pioneer in data-protection and digital-banking regulation. The Personal Data Protection Act (PDPA), enacted in 2012 and amended in 2020, provides detailed rules governing the collection, use, and storage of personal data, and requires organizations to notify authorities in the event of data breaches. In the banking sector, the Technology Risk Management Guidelines issued by MAS mandate multi-factor authentication (MFA), the use of OTPs or biometrics, and enhanced monitoring of high-risk transactions. The Philippines adopted the Data Privacy Act in 2012, one of the earliest such frameworks in the region, granting users the right to access, correct, and delete personal data. Compliance is overseen by the National Privacy Commission (NPC). In banking, the Bangko Sentral ng Pilipinas (BSP) mandates MFA for electronic payment services, the implementation of eKYC, and device and transaction risk management. Most recently, BSP Circulars 1213 and 1214 were issued in response to rising financial account fraud, to enforce the Anti-Financial Account Scamming Act (AFASA). These regulations emphasize enhanced technology risk management, the adoption of modern authentication methods, and the establishment of coordinated investigation and information-sharing mechanisms between banks and law-enforcement authorities. Specifically: In Vietnam, the Personal Data Protection Decrees (2023), together with the Cybersecurity Law (2018), impose strict requirements on customer consent, impact assessments for sensitive data, and data localization. More recently, Circular 50/2024/TT-NHNN establishes security requirements for online banking services, mandating that credit institutions and foreign bank branches implement customer-protection guidelines (PINs, OTPs, fraud awareness), encryption, access monitoring, and incident reporting to ensure confidentiality, integrity, and availability while protecting customer rights. Overall, regulatory priorities in Singapore, Vietnam, the Philippines, and Malaysia converge around the adoption of advanced security measures to protect customers from technological risks, online fraud, and cyberattacks, alongside clearly defined Open API implementation roadmaps. Strengthening Authentication and Security with Savyint’s Comprehensive Solutions In response to increasingly stringent compliance requirements, Savyint delivers a comprehensive security ecosystem that enables banks and financial institutions to effectively comply with Circulars 64 and 50, as well as BSP Circulars 1213 and 1214, while strengthening long-term security capabilities and risk governance. Savyint’s solution portfolio is built around four core pillars: Secure Payments, Open Banking, Data Protection, and Digital Trust. Under the Secure Payments pillar, Savyint deploys strong customer authentication (SCA), multi-factor authentication (MFA), Smart OTP, passkeys, FIDO2, biometrics, 3D Secure, tokenization, and fraud-management capabilities such as risk scoring and real-time monitoring. This security layer directly protects card payments, e-wallets, online transfers, and e-commerce transactions, reducing fraud risks for customers, financial institutions, and merchants while safeguarding wallet and card data. To support controlled Open API connectivity under Circular 64 and Open Banking standards, Savyint provides a full Open Banking solution suite, including API Management, Open Banking Portal, Consent Management, CIAM/SCA-PSD2, TPP Management, and Tokenization. These solutions enable banks to securely deploy Open APIs with strict access control, robust customer consent management, and purpose-limited data sharing in line with security and compliance requirements. For transaction and data protection, Savyint secures information throughout its lifecycle with solutions such as Sam Appliance, Sam Auth Server, Savyint PKI-in-a-Box, Enterprise Security Appliance, KMS, and DSS. Notably, Sam Appliance is an all-in-one platform for data encryption, digital signatures, and mobile identity, featuring a FIPS 140-2 Level 3-certified server appliance integrated with Hardware Security Modules (HSMs), SAM software, key-management systems, and digital-signing software. This flexible security platform supports diverse deployment needs across banking, finance, healthcare, education, telecommunications, broadcasting, and media sectors. Beyond digital signatures for invoices, contracts, documents, certificates, and payment records, Sam Appliance is built on a Cryptographic
S-Health Care Day 2025: 100% Strong
As an annual health check-up program, S-Health Care Day 2025 received enthusiastic participation from a large number of SAVIS employees. With the message “100% Strong,” S-Health Care Day 2025 emphasizes a proactive approach to health care, aiming to build a SAVIS workforce that is healthy, energetic, and ready to conquer new goals. The program also reflects the Board of Management’s deep concern for the physical and mental well-being of every member, recognizing health as a solid foundation for the company’s sustainable development. S-Health Care Day 2025 was organized in two examination phases. The first phase took place on the morning of October 18, with employees actively participating, arriving early, carefully following doctors’ guidance, and completing blood and urine sample collection. The second phase was conducted directly at the Doctor4U Clinic (Lieu Giai, Ba Dinh). Here, participants received more in-depth examinations with a wider range of services, including: With a scientific and well-structured examination process covering comprehensive health check items, each participant was able to gain a clear and holistic understanding of their current health status. Based on the results, they can make appropriate adjustments and plan a healthier daily routine if any indicators require improvement. S-Health Care Day 2025 is not only a welfare activity but also a strong affirmation of SAVIS’s long-term commitment to building a healthy and sustainable working environment. Each healthy individual forms the foundation of a stronger SAVIS collective—one that is resilient, ready to break through, and poised for stronger growth in the future. Some photos from S-Health Care Day 2025:
AI/ML-Based Banking Transaction Fraud Prevention
As digital transformation accelerates, detecting and preventing banking transaction fraud through advanced technologies such as AI and machine learning (AI/ML) has become a top strategic priority for financial institutions, as cybercrime continues to grow in both scale and sophistication. According to the latest data from the U.S. Federal Trade Commission (FTC), total consumer-reported fraud losses in 2024 reached approximately USD 12.5 billion, representing an increase of nearly 25% compared to 2023. This highlights the rapidly escalating severity of fraudulent activities. Beyond direct financial losses, banks also incur substantial additional costs related to investigations, legal proceedings, incident response, and reputation recovery – often making the actual cost several times higher than the initial monetary loss. More critically, fraud incidents significantly erode customer trust, negatively impacting customer retention and the ability to attract new users. Investing in advanced fraud detection systems and proactive prevention measures is therefore not merely an operational requirement, but a strategic imperative for banks to protect assets and maintain credibility in the digital era. What Is Banking Fraud Prevention? Banking fraud prevention refers to the use of multiple, layered protection methods by banks to detect early signs of fraud, reduce risk exposure, and prevent financial fraud before it causes serious damage. Today, modern fraud prevention strategies no longer focus solely on incident response after fraud has occurred. Instead, they emphasize proactive prevention from the outset. These approaches integrate advanced data analytics, real-time monitoring, and AI-driven risk assessment, enabling banks to stay ahead of increasingly complex financial threats. As fraud types become more sophisticated, fraud detection technologies are more critical than ever to maintaining the security and integrity of banking data and transactions. Using AI/ML to Detect and Prevent Banking Fraud By deploying a flexible and adaptive defense system against financial fraud threats, banks and financial institutions can effectively prevent and minimize the impact of fraudulent activities. At the core of this defense system is the application of advanced data analytics, artificial intelligence, and machine learning to detect fraud patterns in real time and provide early warnings of potential risks. In parallel, banks deploy phishing-resistant Strong Customer Authentication (SCA) and Multi-Factor Authentication (MFA), incorporating FIDO2 security keys, passkeys, transaction signing, device-bound cryptographic keys, and biometric factors. Together, these mechanisms create a flexible, adaptive and resilient defense against financial fraud, ensuring that only authorized users can access accounts and sensitive information. Real-time transaction monitoring serves as a foundational component of financial fraud prevention systems. Beyond supporting compliance with KYC and anti-money laundering requirements, continuous AI/ML-driven monitoring enables large-scale data analysis to identify abnormal behaviors as soon as they occur, thereby mitigating risks before fraud results in actual losses. Periodic risk assessments involve analyzing emerging fraud trends, reviewing vulnerabilities in existing systems, and adjusting prevention strategies accordingly. This allows banks to continuously refine and enhance the effectiveness of fraud detection over time. Beyond detection and assessment, AI/ML enables the prediction of future fraud risks. By learning from past fraud incidents, systems can identify individuals or groups with a higher likelihood of committing fraud, helping organizations allocate preventive resources more precisely and effectively. Strong Customer Authentication and Multi-Factor Authentication enhance the security of user access and transaction approval by moving beyond traditional password-based mechanisms. When implemented with phishing-resistant authentication methods such as FIDO2 security keys, passkeys, transaction signing, device-bound cryptographic keys, and biometrics, SCA/MFA provides a flexible, adaptive, and resilient security layer. This method ensures that only legitimate users can access accounts and authorize transactions, effectively mitigating risks such as phishing, credential theft, account takeover, and financial fraud, while meeting stringent regulatory and security requirements. Alongside technology, customers play an increasingly important role. Proactively raising customer awareness of common scam techniques and providing guidance on safe transaction practices empowers users to protect themselves against fraud and social engineering attacks. Financial fraud prevention is a continuous journey that requires banks and financial institutions to constantly update and adopt new technologies to enhance prevention capabilities and minimize fraud-related losses. Savyint delivers a comprehensive Fraud Prevention and Risk Management solution suite designed to help banks and financial institutions detect fraud early, prevent incidents promptly, and manage fraud risks effectively. Connect with Savyint’s experts today to strengthen your defenses and minimize financial fraud risks. Source:
Deadline March 2026: UAE’s Mandatory Roadmap for Implementing New Authentication Methods to Replace SMS and Email OTPs
The Central Bank of the United Arab Emirates (CBUAE) has issued a comprehensive directive requiring all financial institutions to completely discontinue the use of OTPs sent via SMS and email by 31 March 2026. This is considered one of the most significant shifts in user authentication in the Middle East in the past decade. Compliance Roadmap and New Authentication Requirements According to the CBUAE directive, the transition will occur in two phases. Beginning July 2025, banks must gradually phase out SMS/email OTPs and introduce stronger authentication mechanisms for critical transactions and logins. Specifically: + Passkeys based on global FIDO standards, protected by biometric authentication on smartphones. + Fingerprint or facial recognition, some banks, such as United Arab Bank, have partnered with the national facial recognition system to support mobile banking login. + Integration with UAE Pass, part of the country’s broader digital identity framework, also supported by private-sector providers. + Risk-based authentication: For low-risk actions like balance checks, quick biometric scans may suffice; high-value transactions may require additional verification layers. + Behavioral biometrics: For example, monitoring typing patterns, swipe gestures, or how a user holds a device to provide an additional “invisible” security layer. + Other modern protection mechanisms may include AI-powered deepfake detection, decentralized identity systems, hardware security keys, post-quantum cryptography (PQC) to prepare for future threats, and real-time fraud monitoring capable of suspending active sessions when suspicious activity is detected. This decision follows a sharp rise in digital banking fraud across the UAE in early 2025. Complaints related to digital banking scams increased by 73%, largely due to vulnerabilities in SMS/email OTP delivery. Any institution that fails to meet the deadline or cannot demonstrate adequate risk management may face administrative penalties, with fines reaching up to 250,000 AED (approx. 68,000 USD) for serious violations of the regulation. Benefits of the UAE Directive for Financial Institutions and Banks For financial institutions and banks, this directive represents one of the most significant technological transformations in UAE banking in decades. Banks will need to make substantial investments in new authentication infrastructure and transition toward passwordless strong authentication, which aligns with global trends. In the long term, this shift will result in massive cost savings – particularly by eliminating millions of SMS messages sent each month, along with customer support costs tied to OTP issues. Additionally, stronger authentication methods drastically reduce fraud risks through enhanced anti-fraud, anti-spoofing, and anti-SIM-swap mechanisms, thereby reinforcing security. At the same time, providing fast, seamless, and secure authentication experiences helps banks build competitive advantages, increase customer loyalty, and affirm their leadership in the UAE’s digital financial transformation. For customers, instead of typing OTP codes, they will log in or approve payments using fingerprint scans, facial recognition, or built-in device security features. This results in faster interactions, fewer errors, and greater peace of mind, as users no longer fear OTP interception through fraud or impersonation attacks. Most importantly, the CBUAE mandate strengthens consumer trust in digital banking and encourages broader adoption of online financial services. Financial experts view this as not merely a regulatory change but a strategic turning point for the entire UAE banking ecosystem. Savyint – Global Expert in Strong Payment Authentication Amid increasing security demands, Savyint – a global expert in strong payment authentication, introduces the SAM Auth Server – an all-in-one strong authentication solution. SAM Auth Server is built on an advanced authentication platform powered by the Cryptographic Security Platform (CSP), featuring SCA/MFA authentication, Passkey/FIDO integration, biometric authentication combined with SmartOTP, PKI-based passwordless authentication, data encryption, Smart Token, Tokenization, transaction signing with E2E2E, mobile cryptography security, post-quantum cryptography (PQC), enabling system authentication, data encryption, transaction encryption, multi-layer authentication, and multi-tier security at the highest level. SAM Auth Server is also a pioneering solution that simultaneously complies with major global standards (AML, KYC/KYB, PSD2/PSD3, MAS TRM, NIST, CIBA, API security…) as well as regulatory frameworks in multiple countries such as Circular 64 and Circular 50 (Vietnam), BSP 1213 (Philippines), and Malaysia’s regulatory requirements. Connect with Savyint experts today to build a secure and compliant payment ecosystem.
5 Common Global Financial Fraud Types
Financial fraud is rising at an unprecedented rate worldwide. The explosion of digital payments, e-commerce, online banking, and e-wallets, combined with advancements in technologies such as AI and deepfake, has made financial fraud more complex and difficult to detect. According to the Federal Trade Commission (FTC), consumer-reported losses due to fraud increased by 25% in 2024 compared to the previous year, reaching $12.5 billion. Simultaneously, Coinlaw.io predicts that global losses from online payment fraud will exceed $50 billion in 2025, with approximately 3.3% of global digital payment transactions involving fraudulent activity. 1. What is Financial Fraud? Financial fraud refers to the act of deceiving victims in order to unlawfully seize their assets or sensitive information. This often involves tricking the victim into acting quickly, such as entering an OTP, scanning biometric data, or transferring funds fraudulently. Along with financial theft, personal information, such as bank account numbers, identification numbers, or passwords, is also targeted to facilitate asset theft. The growth of artificial intelligence (AI), e-commerce, digital payments, and other technologies has opened the door to more sophisticated and damaging financial fraud schemes. 2. Common Types of Financial Fraud While there is no exact report on the total number of types of financial fraud, they can generally be classified into several prevalent forms: 2.1. Identity Theft Identity theft occurs when fraudsters illegally acquire and use another person’s sensitive information, such as ID numbers, bank account details, credit card information, email addresses, or biometric data, for fraudulent purposes. Common identity theft methods include: 2.2. Payment Fraud Payment fraud is one of the most widespread forms of financial crime, affecting both individuals and businesses around the globe every day. Criminals manipulate payment systems to steal money, defraud sellers, or exploit banking system vulnerabilities, often causing severe consequences. In the third quarter of 2024, U.S. consumers reported losses of $58 million, according to industry estimates. Common methods include: 2.3. Account Takeover (ATO) ATO occurs when fraudsters gain control over a victim’s online account, such as a bank account, email, or social media account. Criminals typically gain access through brute force attacks, credential stuffing, phishing, malware, or by purchasing stolen data. Once they have access, they can withdraw or transfer money without authorization, change account details (such as phone numbers or email addresses) to maintain long-term control, or impersonate the victim to defraud others. According to reports from Experian & TransUnion, the APAC region has seen a 70% increase in ATO cases between 2023 and 2024. Common signs of ATO include: 2.4. Investment Fraud Investment fraud schemes often involve sophisticated tactics designed to deceive individuals into believing they are making legitimate, low-risk investments offering high returns. In 2024, the FTC reported that consumers lost over $5.7 billion to investment fraud, a $1 billion increase compared to the previous year. Fraudsters use various techniques, including AI-generated content for convincing advertisements and deepfake technology to impersonate celebrities in fraudulent campaigns. Regulatory bodies predict that AI will be increasingly exploited for fraud in 2025 and 2026. 2.5. Mobile App Fraud The widespread use of digital banking has facilitated the rise of fraud involving mobile apps. Common methods include: Financial fraud is becoming an increasingly serious global issue. The development of advanced technologies has made it easier for fraudsters to carry out sophisticated and complex schemes, resulting in enormous financial losses. Both organizations and individuals must adopt advanced security solutions and raise awareness to prevent these attacks. Savyint offers a comprehensive Fraud Management System (FMS) platform that integrates real-time fraud detection, enhancing the security of transactions. This system helps businesses build strong customer trust by minimizing fraud risks, protecting sensitive customer data, and strengthening security in all transactions. Connect with Savyint experts today to mitigate all financial fraud risks! Sources:
Savyint – Pioneering and Dominating Vietnam’s Open Banking Game
On the morning of November 21, Savyint, in collaboration with IBM Vietnam and TechData, successfully organized the Workshop “Implementing Safe, Reliable Open Banking and Complying with Circulars 64 & 50/2024/TT-NHNN.” In the context where Open Banking is becoming a pillar of digital transformation in the Finance – Banking sector, institutions require not only advanced technologies but also legal compliance, data security, and strong authentication. The workshop, held with the support of the Vietnam Institute for Digital Transformation and Innovation (VIDTI) and the Open Banking Forum, provided a comprehensive perspective on strategies, technical frameworks, and legal considerations for implementing Open Banking in alignment with the State Bank of Vietnam’s directives. Delivering the opening remarks, Mr. Doan Thanh Hai – Deputy Director of the Information Technology Department, State Bank of Vietnam – emphasized: “This workshop is an opportunity to share successful models, exchange practical lessons, and discuss emerging trends in security and technology for the effective implementation of Open Banking.” He also expressed confidence that the capabilities of banks, technology enterprises, and pioneering organizations would contribute to promoting safe, reliable Open Banking deployment in Vietnam, establishing a compliant ecosystem aligned with both domestic and international regulations. As the hosting organization, Savyint showcased solutions and delivered presentations on the Open Banking Tech Stack and Savyint Digital Trust – two core solution suites enabling banks to implement Open Banking in full compliance with Circulars 64 and 50/2024/TT-NHNN. Mr. Brad Palmer, COO & EVP of Savyint, highlighted that Open Banking is not merely about API connectivity but a multi-layered security ecosystem where customer identity, strong authentication, transaction protection, fraud risk management, and encryption infrastructure play foundational roles. Open Banking Tech Stack – Strengthening Connectivity and Expanding a Comprehensive Digital Financial Ecosystem Savyint’s Open Banking Tech Stack is purpose-built to meet all regulatory and technical requirements for Open Banking deployment. The stack comprises multiple critical components: Notably, SAVYINT Consent Management is one of the core systems, supporting multiple consent flows including redirect, decoupled, and intuitive consent management interfaces. Developed on an open, globally aligned architecture, the Savyint Open Banking Platform fully supports advanced security standards such as FAPI 2.0, OAuth2, OpenID Connect, PAR, JAR, JARM, mTLS, and Consent Management, ensuring compliance with Circulars 64/2024 and 50/2024. It also aligns with stringent Open Banking frameworks from the Berlin Group, UK Open Banking, Singapore, Australia, Hong Kong, and others. The platform is seamlessly integrated with Savyint Digital Trust, enabling core capabilities such as end-to-end encryption, transaction signing, key management, and tokenization – ensuring every API request is strongly authenticated, encrypted, and verifiably recorded. Savyint Digital Trust – Building Digital Trust and Enabling Secure Digital Transformation Alongside the Open Banking Tech Stack, Mr. Brad Palmer emphasized that the most critical factor in Open Banking is data security. This is why Savyint Digital Trust was created—to safeguard the financial ecosystem in the digital era. The platform is built on an advanced authentication foundation powered by the Cryptographic Security Platform (CSP), which includes SCA/MFA, passwordless authentication based on PKI, data encryption, Smart Token, tokenization, end-to-end transaction signing, and modern cryptography-based mobile device security. This ensures that every user, device, and transaction is protected, authenticated, and verifiable with absolute trust. Highly scalable, Savyint Digital Trust integrates with core systems across banking and finance, including invoicing, taxation, insurance, e-wallets, and digital banking. It supports on-premise or hybrid-cloud deployment and fulfills stringent domestic and international requirements for digital signatures, encryption, and authentication such as eIDAS, CSC 2.0, GDPR, PCI DSS, HIPAA, and more. As the organizer of the workshop, Savyint reaffirmed its pioneering role in shaping the Open Banking landscape in Vietnam. Savyint is among the most comprehensive Open Banking solution providers in Vietnam and the region – covering legal compliance, transaction security, identity & authentication, TPP management, and API infrastructure. Savyint’s technology ecosystem equips banks to implement Open Banking safely, reliably, compliantly, and with scalable expansion – supporting the digital transformation strategies of the Finance – Banking sector. Photos from the workshop: