Open Banking and financial inclusion strategy
1. What is open banking? Open banking allows third parties to access financial data such as current accounts, card accounts, savings accounts, loan information, and KYC information. In some markets like Europe, open banking also allows access to bank accounts to initiate payments, also known as open payments. Open banking is often associated with legal requirements that allow third parties to access bank accounts. This is most prominent in the United Kingdom, where “Open Banking is a national program implementing legal requirements for access to current accounts. However, open banking (or more broadly open finance) is also understood as the development of a new financial ecosystem based on connections between financial institutions and businesses, supported by APIs. Financial institutions are allowing fintech companies and other businesses to integrate financial services into their customer offerings, providing access to banking data and delivering full banking services through APIs. 2. The meaning of Open Banking and the factors driving Open Banking 2.1. The meaning of Open Banking Open Banking focuses on serving consumers, using API or SDK technology as the core foundation and operating within the financial ecosystem. Based on this definition, open banking has three main characteristics: data portability, customer autonomy, and the responsibility of the recipient. 2.2. Data portability The International Organization for Standardization (ISO) defines data portability as “the ability to easily transfer data from one system to another without having to re-enter the data.” Based on this definition, in open banking, consumers can share their relevant banking data with third-party service providers (TPPs), in accordance with “data portability.” Data portability in open banking is supported by standardized and compatible data technology, primarily APIs. 2.3. Customer autonomy Customer autonomy is the ability to consider and act based on reasons that are appropriate to the market context. This is a fundamental principle of liberal democracy, where marketers are allowed to influence customers but must respect their autonomy. Open banking empowers customers to control the sharing of their banking data, and this right is supported by the legal rights of customers to share data through open banking. 2.4. Responsibilities of the receiving party The open banking system requires third-party providers (TPPs) to be accountable to customers. Therefore, Fintech companies that receive banking data must be responsible for protecting this data from leaks, theft, etc. This is why closely managing TPPs through regulation is very important. Overall, these three characteristics of open banking reflect the goal of improving competitiveness, fostering innovation, and enhancing consumer protection. 2.5. Factors driving open banking a. Increasing customer expectations Customers expect seamless, instant services that provide added value to meet their financial needs. As consumers demand more personalized financial tools to improve their financial situation, financial institutions (FIs) will have to compete with fintech companies to maintain customer relationships and generate new revenue streams. Open banking and open finance allow financial institutions to leverage customer financial data to enhance customer experience and reduce administrative costs for processes such as account opening, mortgage application, and home loan borrowing. For example, HSBC allows intermediaries to share business account statements of self-employed mortgage borrowers through open banking, shortening the time from loan application to approval. Banks and fintech companies can develop innovative and personalized financial solutions in the payments sector, such as lending or personal financial management (PFM). This is a fertile ground: Over 90% of consumers in North America use digital applications to manage money, from products and services for simple financial tasks like bill payments or digital banking to more complex needs like financial forecasting, cryptocurrency investing, and crowdfunding. Worldwide, the movement demanding the transfer of control over personal data to consumers, especially data shared with third-party service providers (TPPs), is becoming increasingly strong. Therefore, service providers (such as banks, fintech) need to adjust their systems to allow customers to decide the data they share, including granting customers the right to permit (or revoke) data sharing and only allowing the recipient to use the data for SPECIFIC PURPOSES that the customer has agreed to. Open banking enables businesses operating in the financial sector to leverage customer financial data, after obtaining their consent, to develop innovative and highly personalized financial solutions. b. Open API connectivity is becoming increasingly popular With Open API, financial institutions (FIs) can expand their service distribution channels by collaborating with fintech companies. Open banking through APIs can be seen as the next step in the evolution of banks’ distribution models. By sharing data via Open API, financial institutions allow fintech companies to integrate this data into their applications. FIs can charge fintech companies for data usage or establish revenue sharing if the partner brings new customers to the FI. In this way, FIs create an ecosystem of third-party developers, providing innovative experiences for customers without having to develop everything in-house. Financial institutions (FIs) can also connect through APIs with other financial service providers and offer their products to customers. In this way, FIs can quickly bring new products from leading providers to market. As a result, the traditional value chain of banking and financial services is shifting from a single approach to a multi-party ecosystem. However, many financial institutions and large enterprises are still in the process of digital transformation. On the other hand, the infrastructure of fintech companies is designed with an API-first and cloud-based approach. The challenge for financial institutions is to modernize their infrastructure while meeting the rapidly changing demands of customers and complying with increasingly complex legal requirements. c. Customer identification has become a core element in business strategy Customer identification is one of the top priorities for businesses. Financial institutions (FIs) are striving to modernize their customer identification solutions. Some notable trends in this area include: Modernizing customer identification at financial institutions (FIs) is often driven by the desire to improve digital experience. This is not a new motivation, but the provision of multi-party services is creating challenges as the old identification systems of FIs hinder a seamless experience. Financial institution leaders are well aware that multi-party services are a
Europe pushes Open Banking: Mandatory UX improvements on banking apps
How you see and interact with your online bank accounts is about to change. That’s because Europe is forcing change into the financial market. Digital transformation is a thing this decade. “Digital disruption,” startups who want to be “the Uber of X” in their industry, and going “mobile first” are not new trends. But the banking industry has been slow to move with the times. New businesses have started to push into the European banking market. Yet progress has been slow, due to both regulation and customer inertia. Even though companies who focus on the best customer experience outperform the market. The pace of change in the banking industry will accelerate in 2018. Some new laws coming into effect are to thank. Why are things changing? European governments have decided that “traditional” banks are uncompetitive and slow. New banks find it very hard to break into the market. To do something about this, they have created some new legislation. This new legislation will force all banks to share a lot more digital information when their customers ask them to. As the above diagram shows, current core banking services will have a new digital interface added. This is called an API, or Application Programming Interface. It will allow third party “fintech” (Financial Technology) apps and services to get information directly from your bank. It’ll also add a new layer of tools on top. These fintech apps may be provided by your bank, or by external companies. All these changes must become law by January, 2018. In addition to the European legislation (PSD2), the UK has its own version (Open Banking). So this change will affect the UK regardless of Brexit. What differences will it make? This piece will focus on three of the biggest, broadest changes and how they will affect consumers. I will also follow up with a deeper dive into each change. There, I’ll discuss possible side effects as well as business opportunities. Direct bank account payments What are they? Right now, if you’re shopping online, you would most likely choose to pay with your debit card. The merchant (e.g. Amazon) has an acquirer (e.g. WorldPay) who coordinates with your debit card provider (e.g. Visa). They will then pull the payment out of your bank account (e.g. Barclays). That’s a lot of companies — and they’re all getting paid. The idea is that you, the consumer, can instead “push” a bank transfer direct from your bank (Barclays) to the merchant (Amazon). How it affects you, the consumer In the future, instead of entering all your card information, you’d grant Amazon permission to access your bank account. The user experience would be like logging into other websites with your Facebook account today. The first time, it will take you to your bank’s website and ask you to confirm your authorization. After that, the permission should stay active until you revoke it, so you can just click and buy. It will be interesting to see how this change affects all those other companies who were playing the middlemen. That will, of course, have an indirect effect on you. But it’s hard to say exactly what. Amazon’s costs should go down. Will they pass those savings on to you, or otherwise incentivize you to pay in the way that’s cheapest for them? Information sharing across all financial institutions What is it? Currently, the only way to get your bank information online is to log on to the website. Or perhaps they have a clumsily ported mobile website, packaged as an “app.” If you wanted to let another organization see your bank account, you’d have to give them your login details. This breaks the bank’s T&Cs, and would cause all kinds of issues in case of fraud or misuse. How it affects you By the new regulations, banks must provide a secure way for third parties to access your banking information. You will be able to consolidate all your information in one place, and see your ‘actual’ balance across all banks, accounts, and cards. Furthermore, you’ll be able to use that information in useful services. For example, some of the new “challenger banks” like Monzo or Starling can show you a breakdown of your spending. They can do it by category (e.g. restaurants), then by store (e.g. Nandos), then by transaction. They’ll even show you the location of that pub where you bought a round last night. Now imagine if you didn’t have to switch current accounts or wait for your bank to bring out something similar. You could just plug in to a service that collates it for you, from all your accounts and credit cards. After these changes, that should be possible and even simple. There are many possible applications for this type of information. Some examples include: personalized credit or budgeting advice; easier savings; easier current account switching (based on automated, personalized advice); better terms for loans or credit (in exchange for more access to your information for underwriting); easier personal tax returns, or small business accounting; third party fraud detection services you can use across all your cards and accounts; simpler and cheaper international transfers; and the list goes on. Let’s look at an example of the possible, unexpected side effects of the improved customer service and transparency banks can provide. There’s a great story here about how Monzo helped one customer get his stolen bag back the same night it was taken. There was even a bonus bottle of Jack Daniel’s included. Strong authentication for online payments What is it? Authentication is how the bank or payment provider knows that you are who you say you are. Given how much of your financial information they’ll be able to share, it’s critical that they use it securely. This is where authentication comes in. The new regulations will require multi-factor authentication in many areas. This will include every online purchase over €30. There are three commonly recognized methods of authentication: Using more than one of these methods together is “2-factor” or “multi-factor” authentication. How it affects you The average online
How does data work in open banking?
Open banking is a new financial ecosystem that allows users to securely share their personal financial data with third-party organizations, which can be fintech companies or other financial institutions. By sharing data, these organizations can provide personalized financial services to users. So how is open banking data being processed and what is it used for? Open banking: Managing user consent for data access (consent management) To provide and develop quality products and services, third-party providers (TPPs) need user consent to access their financial data, which is then filtered and processed for research purposes, and to build new financial products and services. Consent management is a sensitive issue that requires caution and understanding of legal and technical aspects. Contrary to popular belief, consent management is not simply clicking or checking the “Agree” box; it is a structured process that complies with regulations and directives in each region and country, such as the PSD2 directive or GDPR regulations in the EU. The approval management process in banking usually proceeds as follows: Some organizations may have different ways of expressing the agreement to access data, but this will be the most common mechanism, often used in: Understanding how data and information flow during the consent request process is a key factor in the transparency and success of organizations in open banking. The process of managing the approval of open banking data sharing The approval management process is typically divided into three stages: a. Agreement stage b. Verification stage c. Authorization stage Throughout the process, users are always aware of who they are granting data access to, for how long, and for what purpose. In particular, users can withdraw consent at any time. The information users are aware of typically includes: Open banking data sharing: How does it work? Open banking allows third-party financial service providers to access information with the user’s permission. Technically, this process is carried out through open APIs. Legally, the data sharing process is monitored and regulated according to current government regulations, such as the Payment Services Directive PSD2 in the EU or the Open Banking Act in the UK. However, these regulations vary by region, so the types of data shared through open banking services also differ. Typically, to ensure transparency and integrity, there will be multiple layers of security and verification in the data exchange process between financial institutions and third-party providers. The transmission of data from one side to the other is done in “an instant” thanks to APIs to ensure seamless, safe, and efficient communication. Who can access open banking data? Not everyone can access data in open banking. To view this data, consent from the user is required, and the third-party provider must also be licensed. Third-party providers must meet specific requirements before being granted access to the user’s financial information. Regulatory authorities will be responsible for granting access to user data for third-party providers, such as in Australia, where the Australian Competition and Consumer Commission (ACCC) is responsible for licensing open banking data. These authorities are responsible for ensuring that the sharing of personal financial data does not violate the law and can grant, modify, or revoke data collection licenses. What data is collected in open banking? The data collected by open banking service providers may vary depending on the regulations of each country/region as well as the type of services provided. Regulatory authorities often impose strict regulations on the type of information that can be collected, limiting the scope of data collection to ensure that third-party providers only access what is necessary. The most commonly collected data includes: How do open banks protect user data? In fact, data protection in open banking is a matter of great concern to regulatory agencies and financial institutions. Security measures implemented include: However, alongside protective measures, there are still some risks that developers and users are concerned about, such as: In summary, while it is impossible to completely eliminate risks, current security measures have been established to ensure that user data is safely protected in open banking systems. However, users should also protect themselves by using strong passwords, regularly updating software, and being vigilant against phishing attacks. Additionally, allowing users to manage open banking data is also a great way for users to take responsibility for when and how they want to provide their information. Third-party providers need to clearly inform about the purpose and the data that will be collected to ensure transparency and the privacy of open banking data. About SAVYINT and the SAVYINT Open Banking solution SAVYINT is a trusted service provider leading the market and is in the TOP 10 leading IT companies in Vietnam. SAVYINT has successfully developed the SAVYINT Open Banking solution – a specialized system dedicated to the Finance – Banking sector, meeting legal and technological requirements to create connections and build a digital financial ecosystem. With a solid technological infrastructure and experience in deployment and operation, SAVYINT provides customers with advanced technology and the best user experience. The SAVYINT Open Banking solution encompasses all the features to become a reputable standard platform in the Finance – Technology field: Open banking applications are the key to accelerating growth in the financial sector. Connect with SAVYINT now to leverage and experience the features and benefits of open banking today!
Security challenges in Open Banking and solutions
The development of Open Banking brings many opportunities but also presents challenges, particularly in the area of security. So what is the solution to security issues in Open Banking? Let’s explore with SAVYINT in the article below. According to predictions by The Financial Brand, Open Banking is one of the eight fintech trends set to transform the banking industry. In Vietnam, Open Banking is becoming an inevitable trend and a key growth direction for banks. Open Banking is a unified model that enables the sharing of financial data between two or more third parties through Open API (Application Programming Interface) technology. In this model, banks collaborate with technology partners that offer innovative services and provide technology platforms to build a digital financial ecosystem that meets customer needs. Security Risks in Open Banking The openness of the Open API model raises significant challenges for the banking sector, with privacy and data security being the most prominent. Incomplete Legal Framework Open Banking is rapidly growing within Vietnamese banks. However, the legal framework for Open Banking is incomplete and lags behind the pace of technological development. Currently, there are no specific regulations guiding Open API usage (e.g., what data can be shared, how partners can use the data, under what standards, etc.), and there is no unified standard for IT infrastructure, storage, or security. As a result, commercial banks are applying different API security protocols. In this ecosystem, if any party uses an API protocol that is not robust enough, the risk of data leaks or theft is very high. Moreover, customers cannot be certain how their personal and financial information is being secured and used. Risks from Non-Banking Partners Open Banking allows third-party service providers to access users’ financial data. To expand their service ecosystems, banks will partner with technology companies offering innovative products and services. These partners often propose security measures to collaborate with banks, but in reality, few provide viable solutions. Strong infrastructure, technological expertise for implementation, and risk control capabilities are essential criteria that technology partners must meet. However, not every technology company can fulfill all of these standards. SAVYINT Open Banking Platform – Vietnam’s First Comprehensive Open Banking Solution Choosing a reliable and promising partner is a crucial issue for banks. Understanding the challenges faced by the banking sector, SAVYINT has developed the SAVYINT Open Banking Platform, a solution that addresses both legal and technological needs to connect and build a digital financial ecosystem. Financial-Grade API Security Standards The SAVYINT Open Banking Platform applies advanced security solutions, such as OAuth (RFC 6749, RFC 6750), and is a pioneer in providing Financial API protocols with secure JSON Data Schema structures that ensure: Strong Customer Authentication (SCA) – Identity and Access Management (IAM) This solution enables financial institutions and enterprises to quickly and securely identify and authenticate end-users across multiple platforms, minimizing risks in electronic transactions: Customized API Design Services The SAVYINT Open Banking Platform provides financial institutions and enterprises with a solution to optimize API resources. It offers a comprehensive, end-to-end solution tailored to the diverse needs of financial institutions and banks in Vietnam. Open Banking is the key for Vietnamese banks to accelerate growth and lead the digital transformation of the banking industry. Beyond preparing for potential input risks, banks need to research and select suitable partners with the highest international security standards. Contact SAVYINT’s experts today for immediate support!
Open API – The key to promoting open banking
The Open API has changed the way banks serve their customers, in order to improve the user experience and increase competitiveness in the market. This promotes the development of new operating models in the Finance – Banking industry, typically Open Banking. Why is Open API key to Open Banking? Currently, users are using too many applications for payment, financial management, shopping, authentication,etc. In other words, having to load a series of different applications at the same time causes users a lot of trouble and complexity in sharing data, managing reports or retrieving information. So, that has led to the increasingly widespread use of APIs as well as integrated applications namely Open Banking. The main purpose of the Open Banking API is to create a unified model that allows financial data to be shared between two or more third parties. Widespread use of Open APIs, banking institutions form a true API ecosystem; providing the best customer experiences thanks to the ability to combine the digital services of multiple providers in one application. Users can access a variety of financial products and services directly connected to the financial databases of banks. Along with the development of the Industrial Revolution 4.0, more and more consumers use products and services from Fintech. Therefore, instead of competing, cooperation with Fintech companies is essential for the bank to stay ahead of new technologies to provide attractive services to its customers. This approach forces banks to establish an open API architecture that facilitates the plug-and-play integration of banking and Fintech services, ultimately creating banking app stores with multiple utilities and services. “Open Banking” – Open Banking using Open APIs is becoming a new trend. Open banking creates opportunities to form diverse integrated financial and non-financial services, generate new revenue sources for financial institutions, and expand customer base with a secure ecosystem of data sharing applications. Open API application for Savyint Open Banking Solutions: A comprehensive solution system for Open Banking Pioneering and accelerating strongly on the digital transformation race, SAVYINT has been ahead of the Open Banking trend. In addition to launching Savyint Open Banking Solutions specifically designed for the Finance – Banking industry, meeting the legal – technological needs to connect and build a digital financial ecosystem, SAVYINT also connects and cooperates with prestigious organizations and enterprises on Open API in Vietnam and around the world to develop an open ecosystem with Open API such as DX Open Healthcare Platform (Open Health), DX Open Gov (Open Government),… Some of SAVYINT’s leading partners in providing Open API and Open Banking solutions: With a solid technology foundation and infrastructure and partners with experience in implementing and operating the world’s leading Open API, SAVYINT will provide customers with the most advanced technologies and optimal user experience. Contact SAVYINT today to help your organization lead the way with Open Banking!
Remote Signing – An irreversible trend
Since the COVID-19 pandemic, the need for remote work, online shopping, and digital communication has skyrocketed. As a result, the demand for secure digital signatures has grown exponentially. Remote Signing has emerged as a game-changer, transforming the way we sign and manage electronic documents. Digital signing with USB Token is no longer an optimal choice Digital signatures, akin to personal signatures or company seals, hold legal weight and significantly enhance efficiency. However, USB token-based digital signatures have several drawbacks, including limited compatibility, device dependency, and lack of mobility and scalability. Remote signing is the perfect alternative Remote Signing offers a superior solution, providing efficient, flexible, and secure electronic transactions. Unlike traditional methods, the private key for Remote Signing is securely stored in a service provider’s data center. Nevertheless, activation processes are rigorous, ensuring that even the service provider cannot activate or sign on behalf of the customer. In addition, Remote Signing offers numerous advantages, such as: Sign anytime, anywhere Remote Signing allows users to sign documents anytime, anywhere, without relying on physical devices like USB tokens or SIM cards. Users can sign directly on any mobile device, such as laptops, smartphones, or tablets. High security Remote Signing provides an exceptionally high level of security and reliability. The mechanism ensures that only the authorized user can activate and use the digital signature. Even the service provider cannot intervene in the activation or signing process without the customer’s authorization. Moreover, seamless integration with timestamping and long-term validation technologies (LTV, LTANS) enables the detection of any changes to the document, maximizing data integrity and preventing fraud and forgery in electronic transactions. Batch and bulk signing Users can sign multiple documents simultaneously through automated processes, eliminating the need for manual signing of each page. Easy integration with advanced digital signature technologies SavyintTimestamp, long-term validation, and long-term archiving (LTV, LTANS) can be easily integrated into this model. SAVYINT is proud to be the first trusted service provider in Vietnam to comply with the eIDAS regulation for remote signing services, setting the highest standard for security, reliability, and confidentiality in electronic transactions. This means that SAVYINT’ remote signing services are widely recognized in 27 European Union countries and are the first to provide a full range of services, from basic digital signatures to advanced and long-term validation signatures. In October 2021, we were granted a license by the Ministry of Information and Communications to provide remote signing services and became the only entity to fully comply with all mandatory technical standards and advanced digital signature standards, including long-term validation (AdES) as stipulated in Circular 16/2019/TT-BTTTT on remote signing models. QTSP Remote Signing – The perfect solution for individuals and businesses for electronic document signing. Contact SAVYINT today to own a quality remote signing solution!
eKYC solution using HyperLedger Fabric
The Central Bank of Bahrain (“CBB”) has has launched the eKYC by financial institutions in the Kingdom as part of its initiatives for digital transformation in the sector. The eKYC solution built by Bahrain BENEFIT utilizes hyperledger Fabric Blockchain platform. The platform was built in collaboration with Avanza Innovation company. The national eKYC platform, which was the first of its kind in the region targeting retail banks, financial services providers and money exchange networks, is operated by BENEFIT in collaboration with the Information and eGovernment Authority (IGA) and under the supervision of the CBB. The platform provides a national digital identity database for financial institutions to securely verify the identities of their customers, validate their information and share data digitally before providing products and services. This includes retrieval of customer data from governmental entities including IGA. BENEFIT has also developed the Application Programming Interface (“API”) for the platform, which allows for seamless integration with financial institutions core systems, digital channels and mobile apps. With the introduction of Open Banking in Bahrain, this also provides an opportunity for fintech companies to verify customers identities through their online and mobile applications. Mr. Khalid Al Hamad, Executive Director of Banking Supervision at the CBB said “The CBB urges all licensed financial institutions to avail of this innovative and streamlined service and accelerate its efforts towards automating the maintenance of its customer data and reputation records, by implementing eKYC API integration with their core systems, digital channels and mobile apps. We continue to support technological advancement in the sector to minimize cost while also fostering innovation and integration between financial institutions and fintech companies. This is also in line with the CBB’s continuous efforts in developing the financial sector infrastructure in light of the Covid-19 repercussions to ensure appropriate solutions for electronic payment systems.” BENEFIT’s Chief Executive Officer Abdulwahid Janahi said “It gives us great pleasure to continue developing the eKYC platform in an effort to drive digital transformation in the Kingdom’s various sectors. We have succeeded in enabling the integration of this digital platform into core banking systems and smart phone applications, and we are pleased to announce that Bahrain Islamic Bank has successfully integrated this platform into its core banking services system, while “ila” Bank offers customer on-boarding in a completely digital and autonomous manner through its mobile app, both based on eKYC API integration. We look forward to the use of eKYC services on a larger scale during the coming period.” The Vice Chairman of eTransformation in the Information & eGovernment Authority (iGA), Dr.Zakareya Ahmed Alkhaja, confirmed that iGA cooperated with “BENEFIT” that implemented the technical development of the project, under the supervision of CBB. The project aims to provide an advanced comprehensive eSystem for financial entities to verify the identity of their customers and the validity of the information, before providing the financial services. He pointed out that the authority has started providing identity verification services to the government sector, and this project complements providing the services to the private sectors, especially the banking sector, as the project will allow the it to start providing innovative, high-quality, secure data services that keep the privacy of individuals. That will lead to enhance economic growth and expand commercial activities in the Kingdom. He expressed his pride that the (eKYC) project is the first of its kind in the region and the first at the level of global applications in terms of cooperation between the government and the banking sector, as the implementation of projects globally is limited to cooperation between banks in the private sector. This project is also one of the first Projects using Block Chain technology in the Kingdom of Bahrain. Source: https://www.unlock-bc.com/news/2021-02-01/central-bank-of-bahrain-launches-hyperledger-fabric-ekyc-platform-with-benefit/
TrustCA Remote Signing – A breakthrough in the digital signature “race”
With the digital transformation wave sweeping across all industries, the application of digital signatures in electronic transactions has become more urgent than ever. However, the traditional USB token method has become one of the causes of inconvenience for organizations and individuals. USB tokens are no longer a suitable digital signing method While USB token-based digital signatures are still widely used and meet the basic digital signing needs of many organizations, as the number of documents to be signed increases, the demand for digital signing also increases significantly, along with higher requirements for signing speed, convenience, security, and reliability. In this case, USB tokens have many inconveniences: TrustCA Remote Signing – A leap forward in the digital signature race Pioneering research and development in digital signature systems, SAVIS is one of the first units to be granted a license by the Ministry of Information and Communications to provide digital signature certification services under the remote signing model in October 2021, called TrustCA Remote Signing. Now, with TrustCA Remote Signing, users do not need to carry a computer or USB with them when signing documents, but can easily sign directly on their mobile phones or tablets. Another plus of remote signing is that users can sign multiple documents at the same time in a dynamic process, batch signing without having to manually sign each page. Convenient, fast and minimizing risks, TrustCA Remote Signing commits to superior security levels with a mechanism to ensure: the key pair is under the sole control of the user, only the user can activate the signing key, and the service provider cannot interfere in this process. At the same time, TrustCA Remote Signing can be integrated with TrustCA Timestamp and long-term validation signature technologies (LTV, LTANS), helping to prevent fraud and forgery to the highest degree in electronic transactions. Integrity is affirmed when any changes to the document after the signing time. Along with the EU QTSP certification for digital signature services and electronic seals under the remote signing model, SAVYINT’s TrustCA Remote Signing is widely recognized in 27 countries of the European Union, promoting cross-border electronic transactions between Vietnamese organizations and businesses and EU partners. In particular, TrustCA Remote Signing is more user-friendly for individuals thanks to its flexibility, low cost, ease of use, and signing operations. This promotes the digitization of documents and contracts signed between individuals and individuals, individuals and organizations – a bottleneck that USB tokens have not been able to solve. TrustCA Remote Signing has created a powerful leap forward in the digital signature race, digitizing processes, authentication, and electronic document storage. Contact SAVYINT today for detailed advice on services and solutions!
QTSP and Remote Signing bring great competitive advantages to Vietnamese Financial – Banking organizations
With QTSP certification for remote signing models, HSM digital signatures, and electronic authentication services provided by a QTSP in Vietnam, digital signatures and electronic certificates will be widely recognized in all 27 EU countries. This will bring a great advantage to domestic organizations and businesses, especially in the finance and banking sector. QTSP and the challenge of secure electronic authentication in transactions One of the most difficult challenges in the digital finance and economy is the process of secure electronic identification and authentication in transactions. Previously, banks operated their own specialized CA systems for parties to register for services. However, this system quickly became overloaded when third parties or multiple financial institutions registered and authenticated each other, leading to an increasingly complex and difficult-to-control identity database, not ensuring interoperability according to an international standard for system security operations. This issue contradicts the purpose of expanding the digital finance ecosystem of the Payment Services Directive 2 (PSD2) and, more recently, the Open Banking strategy of countries worldwide, hindering the development of the financial market in particular and the digital transformation of the economy and society in general. To solve this difficulty for banks and financial institutions, the Common Technical Standards (RTS) for the Payment Services Directive 2 (PSD2) issued by the European Banking Authority (EBA) has accepted the use of qualified electronic signatures (QES) and qualified electronic seals (QSeal) issued by a Qualified Trust Service Provider (QTSP) for the identification and authentication process under the Open Banking model. This opens up a trusted, legal, and widely recognized authentication method for banks and financial institutions participating in the global digital economy. The eIDAS regulation applies QTSP certification as the highest standard of security, reliability, and confidentiality in electronic transactions. Currently, only QES qualified electronic signatures for individuals and QSeal qualified electronic seals for organizations provided by a Qualified Trust Service Provider (QTSP) are recognized throughout the EU with the same legal effect as handwritten signatures or seals without the need for any other assessment or explanation procedures. Without using the electronic identification and authentication services of a QTSP, organizations participating in the digital financial market cannot perform electronic authentication processes with regulatory authorities. Failure to comply with the QTSP’s assured identification and authentication service standards will lead to numerous potential risks for organizations participating in the digital finance and economy: In addition, the financial market is one of the most sensitive markets to constant security risks and the risk of document forgery. Along with the Payment Services Directive 2 (PSD2), the Open Banking strategy in Europe also allows the trusted services of QTSPs to be the only method to ensure trust between payment service providers, customers, and financial institutions. Competitive advantages of Vietnamese financial institutions and banks from QTSP and remote signing models In July 2021, SAVYINT officially became the first trusted QTSP service provider for digital signatures, electronic seals, remote signing models, and HSM digital signatures in Vietnam, in accordance with EU eIDAS regulations. This means that all 27 European countries fully recognize the digital signature and electronic seal services provided by SAVYINT under the remote signing model. Operating under the SCAL2 security authentication mechanism, the system ensures that only the signer has the right to activate the signing key stored securely on the HSM encryption device, uniquely controlling the signing key, and fully complying with the requirements for the SAM module with CC EAL4+ certification with EN 419 241-2. This will open up opportunities for Vietnamese organizations and businesses to conquer the European market, promote the development of cross-border electronic transactions and e-commerce, and enter the common playground of Vietnam with EU partners in the context of the Vietnam-EU Comprehensive Partnership Agreement and the EVFTA. For providers of electronic payment and transaction services such as financial institutions and banks, having a QTSP in Vietnam will help solve a major bottleneck in the digital finance ecosystem, digital banking, and open banking, aiming to expand the market and integrate into the international arena. This is the unification and interconnection in the process of secure electronic identification and authentication, creating a synchronized electronic transaction market according to a common technical standard, reducing congestion and transaction interruptions due to rejections by the parties involved. Quick application and full utilization of the advantages of electronic authentication and digital signature services from a trusted QTSP service provider will help financial institutions and banks modernize and comprehensively digitize electronic transactions, promote e-commerce, build digital banking and open banking systems, and aim to attract more new customers, new markets, and increase revenue and profits. Connect with SAVYINT now to get advice on specialized solutions for developing Digital Banking and Open Banking!
QTSP certification– Differentiation of digital signing service according to Remote Signing model from a QTSP according to EU eIDAS regulations
QTSP certification – Distinguishing Remote Signing Services from a Trusted Service Provider under the EU eIDAS Regulations. QTSP certification is one of the most important certifications under the European Union’s eIDAS Regulation on electronic identification and trust services. It lays the foundation for legalizing electronic contracts, documents and certificates signed between Vietnamese individuals and organizations and their EU partners. Remote signing services provided by a QTSP offer numerous advantages. QTSP certification Regulation 910/2014 of the European Union (also known as the eIDAS Regulation) is the most comprehensive legal framework for electronic signatures, electronic seals, electronic timestamps, electronic delivery, and website authentication. Accordingly, eIDAS recognizes the legal validity of trusted services and electronic documents, enabling the cross-border use of trusted services, electronic signatures, electronic seals, and electronic timestamps among all EU member states. European individuals, organizations, and authorities cannot refuse the evidentiary value of evidence solely because it is in electronic form. To build trust among organizations and individuals in the European common market, the eIDAS Regulation mandates the Qualified Trust Service Provider (QTSP) certification as the highest standard for security, reliability, and confidentiality in electronic transactions. Currently, only Qualified Electronic Signatures (QES) for individuals and Qualified Electronic Seals (QSeal) for organizations, provided by QTSPs, are recognized throughout the EU with the same legal effect as handwritten signatures or organizational seals, without requiring any further evaluation or explanation. To become a Qualified Trust Service Provider (QTSP), organizations must undergo rigorous audits and assessments by the national Supervisory Body (SB) from the preparation phase to post-assessment monitoring and service maintenance. Full compliance with all eIDAS requirements is mandatory before providing services. To maintain trust, QTSPs are required to undergo compliance assessments by EU Conformity Assessment Bodies (CABs) at least every two years. The distinctiveness of Remote Signing services from a QTSP under EU eIDAS regulations – TrustCA Qualified Remote Signing In July 2021, SAVIS officially became the first Vietnamese QTSP providing remote signing, electronic seal, and HSM-based digital signature services, in compliance with EU eIDAS regulations. This means that all 27 EU countries fully recognize the remote signing and electronic seal services provided by SAVIS. Operating under the SCAL2 security authentication mechanism, the system ensures that only the signer can activate the private key securely stored on the HSM device, providing sole control over the key. It fully complies with the SAM Module requirements and holds a CC EAL4+ certificate with EN 419 241-2. Compared to Vietnamese regulations such as Decree 130/2018/ND-CP and Circular 16/2019/TT-BTTTT, SAVIS is fully capable of providing remote signing services, meeting all mandatory technical standards for electronic authentication and digital signature services. Furthermore, SAVIS surpasses these standards by adhering to the highest levels of the eIDAS Regulation and ISO/IEC 27001 in terms of management, operation, and system security. In 2024, SAVIS GROUP established SAVYINT with the mission of globalization. Therefore, digital signature services of SAVIS and SAVYINT are widely accepted not only in Vietnam but also in the EU for cross-border trade. For providers of electronic payment and transaction services, such as financial institutions and banks, the presence of a Vietnamese QTSP will address a major bottleneck in the digital finance ecosystem. It will facilitate market expansion and international integration by ensuring a unified and interoperable secure electronic identification and authentication process. This will create a synchronized electronic transaction market based on a common technical standard, reducing congestion and transaction disruptions caused by disputes between parties. Rapid adoption and full utilization of electronic authentication and digital signature services from a QTSP will enable organizations to modernize and fully digitize their electronic transactions, boost e-commerce, and build digital banking and open banking systems. This will attract new customers and markets, driving revenue and profit growth. Additionally, the shift to remote signing will provide an advanced digital signature solution, allowing users to sign documents anytime, anywhere, on any device with superior security and reliability, without the need to worry about storing key storage devices or finding suitable connection ports. Comparing SAVYINT digital signature service and other public digital signature services in Vietnam Criteria SAVYINT – Qualified Remote Signing &TrustCA Timestamp Other Public Digital Signature Service Providers Ensuring the security, reliability, and non-repudiation of digital signatures in electronic transactions Applying Advanced Electronic Signatures (AdES) with non-repudiation electronic timestamps to create reliable evidence of the timestamp of the formation of electronic transactions/documents.Supporting Longterm Validation (LTV) technology, which allows for the verification of the validity of digital signatures after 10, 20, or even indefinitely, without relying on the certificate’s lifecycle or service provider. Applying Basic Signatures without timestamps, there is no reliable evidence of the date and time of the formation of the electronic document/ transaction. The signing time can be modified, forged, disputed, repudiated, or subject to legal disputes without any protective evidence. Digital signatures fully comply with the technical specifications in Circular 06/2015/TT-BTTTT, requiring a key length of 2048 bits or more and the RSA algorithm with the SHA-256 hash function. Digital signatures that do not comply with the technical specifications stipulated in Circular 06/2015/TT-BTTTT, such as having a key length less than 2048 bits or using the compromised SHA-1 hash algorithm, pose a risk of undetectable forgery. Such digital signatures are no longer secure for electronic transactions. Ensuring document authenticity for 10, 20 years or even permanently, depending on specific regulations or the purpose of storing signed electronic documents Applying Advanced Electronic Signatures (AdES) and Qualified Electronic Signatures (QES) with electronic timestamps and Longterm Validation (LTV) technology to create reliable and verifiable evidence of the signature’s validity at the time of signing. The validity of the digital signature is independent of the validity of the individual or legal entity’s certificate, and can be independently verified for 10, 20 years, or even permanently. Therefore, users benefit from the highest level of security: no dependence on service providers, no need to maintain certificates, and no need to re-sign electronic documents. Applying Basic Signatures, which depend on the certificate’s lifecycle. Once the certificate expires, the signed document