Can Central Bank Digital Currency Work Offline?
A Central Bank Digital Currency (CBDC) is being envisioned to replace a major percentage of cash transactions across the world. China, for example, is very close to being a cashless society1. As a result, banks are shutting down their branches and discouraging cash deposits and withdrawals in China, to encourage the use of the Chinese Digital Yuan. As and when the CBDCs across the countries launch and start replacing cash transactions, the dependency of a country’s trade and economy shall increase on retail CBDC transactions, and in such a case, a power outage or loss of contact with the ledger, can bring the economy to a still. Therefore, as a backup, CBDCs should also have the capability to transact offline. This functionality shall make Retail CBDC transactions similar to cash transactions. Problem Statement – What is Exactly an Offline Retail CBDC Payment? A transaction is defined as an offline transfer if: An offline CBDC ecosystem consists of a Central Authority, a bank, a merchant, and a spender. The model proposed by VISA3, works on a Two-Tier Hierarchical Model where the Central Bank, authorizes a bank or a financial institution to provide a cryptographic key to the digital wallets held by the payee and payor. These digital wallets hold balance that is either transferred from the bank account or Central Bank directly. Accessing a digital wallet and moving money from one digital wallet to another requires an individual to be present online. However, to move money offline, in the absence of an intermediary bank, and during a temporary network outage, an Offline Payment System (OPS) is required. To put it in simpler terms, Individual A holding Digital Wallet A should be able to transfer money to Individual B holding Digital Wallet A/B (Where A and B are different Digital Wallet Providers), without having to involve Bank or Digital Wallet provider, when the network is temporarily not available. Before understanding the offline retail CBDC transfer, it is important to understand how retail CBDC works. Offline CBDC transfer works best with Token Based Retail CBDC transfer, where the actual movement of tokens takes place from the spender/payor to merchant/payee. How Does Offline CBDC Transfer Work? The smartphone and tablet’s secure hardware has the capability to store authentication keys and is next to impossible to tamper with the information saved in it. It can only be accessed using strong authentication techniques like biometrics. Therefore VISA in its study4, recommends the use of Mobile/Tablet’s hardware as a store for CBDC funds, offline. Further, as per IMF5 Giesecke+Devrient is working on storing offline CBDC in an offline smart card. Steps Involved in Offline CBDC Transfer Initialization The first step to facilitate an Offline CBDC transfer is to register and get an authentication key for the digital wallet, smartphone/tablet’s secured hardware, or smart card. The user shall need to share his/her documents for KYC with the financial institution authorized by the Central bank to issue the authentication certificate key for the digital wallet, smartphone/tablet’s secured hardware, or smart card. These, thereafter become, trusted entities and can participate in the offline CBDC transfer. This is a one-time process. Withdrawal The user then needs to transfer the retail CBDCs from his/her digital wallet to a smartphone/tablet’s secured hardware, or smart card. This means, that the user is transferring retail CBDC from his online digital wallet balance to the smartphone/tablet’s secured hardware, or smart card’s offline CBDC balance. Payment When the user goes to a merchant to purchase, the merchant using the Mobile app or POS creates a payment request for the user. Since the network is not available, the payment request generated by the merchant, using Near Field Communication (NFC) or with the help of POS, presents the payment amount and merchant’s certificate to the user’s smart card or smartphone/tablet’s secured hardware. The Offline Payment System Protocol (built-in smart card and smartphone/tablet’s secured hardware), checks the user’s offline CBDC balance and thereby deducts it and creates a Payment Message for the merchant which contains: On presenting the Payment Message to the merchant’s mobile application or POS, the validity of the user’s certificate, CBDC coin unique identification number, the unique transaction number, and payment amount are validated. If all checks are successful and authenticated, the Payment Message is stored in the merchant’s smartphone/tablet’s secured hardware, or offline smart card. Deposit After the Payment Message is stored in the merchant’s smartphone/tablet’s secured hardware, or offline smart card, he/she can thereafter transfer it to their digital wallet, when the network is resumed. While initiating the transfer, the digital wallet shall check if the payment message is new and was not previously encashed. On successful verification, the amount gets transferred to the merchant’s digital wallet and starts reflecting as an online CBDC balance. In case, if the network outage is for a longer duration, and the merchant, has huge offline Payment Messages stored with him, he/she can use already stored Payment Messages to make offline payments for his purchases. This shall act as an incentive for the merchant to remain cashless even during a network outage What are the Challenges of Offline CBDC Payment in Absence of a Network? Double Spend In the absence of a network, while doing an offline retail CBDC transfer, the transactions rely on the transfer of messages. If a single retail CBDC coin, is mischievously used simultaneously for 2 transactions for two different merchants, it is referred to as a ‘double spend’. The problem with ‘double spend’ is that when the network resumes, and the merchant tries to settle the offline retail CBDC coin, it makes the CBDC coin unavailable for the second merchant as it is already settled by the 1st merchant and hence fails the purpose of the offline payment. How to tackle the problem? When the merchant sends a payment request to the payor, on successful verification, the offline CBDC balance is deducted from the payor’s smart card or smartphone/tablet’s secured hardware, and a log is created with the CBDC coin’s unique identification number
Embracing the Quantum era with Post-Quantum Cryptography (PQC)
In the near future, quantum computers are expected to become powerful enough to break traditional asymmetric cryptographic algorithms—the backbone of data security for messages, documents, and online transactions. Post-Quantum Cryptography (PQC) is being developed to counter this immense computational power. Post-Quantum Cryptography (PQC), also referred to as Quantum Safe Cryptography (QSC), encompasses encryption algorithms designed to withstand attacks from quantum computers. What is Quantum Computing? Quantum computing leverages principles of quantum physics to solve mathematical problems exponentially faster than classical computers. Tasks that would take today’s most powerful supercomputers years to complete could be reduced to mere days by quantum computers. This unprecedented computational power heralds a new era for applications like artificial intelligence. However, alongside its benefits, quantum computing poses significant security threats. Why Are Quantum Computers a Security Threat? Once sufficiently advanced quantum computers emerge, traditional asymmetric cryptographic algorithms will become vulnerable. For instance, widely used algorithms like RSA and ECC, which rely on mathematically complex problems such as integer factorization and discrete logarithms, are employed globally to secure bank accounts, medical records, and other critical data. However, quantum algorithms like Shor’s algorithm could easily break RSA and ECC. Governments and global tech corporations have acknowledged this threat, issuing warnings to protect critical infrastructure against potential quantum attacks. The U.S. National Security Memorandum of May 2022 states: “A sufficiently large and sophisticated quantum computer capable of breaking cryptography (CRQC) could compromise most public-key cryptographic algorithms used in digital systems across the U.S. and worldwide. A CRQC could endanger civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most internet-based financial transactions.” What is Post-Quantum Cryptography (PQC)? To counter quantum attacks, global research efforts are underway to develop stronger algorithms to replace RSA and ECC, capable of resisting attacks from both classical and quantum computers. These algorithms are collectively known as Post-Quantum Cryptography (PQC). Why Act Now? While quantum computers capable of such feats may not yet exist, data collection is already occurring. Sensitive or private data, valuable for years or even decades, is at risk. Hackers may be storing encrypted data now, waiting for future quantum computers to decrypt it—a strategy termed “harvest now, decrypt later.” Additionally, devices like chips have long development cycles, requiring years of security testing and certification before deployment in existing infrastructure. Therefore, transitioning to PQC sooner rather than later is highly advantageous. Global Progress in PQC Development The most significant PQC research is led by the U.S. National Institute of Standards and Technology (NIST). NIST launched a global competition, inviting researchers worldwide to propose, evaluate, and validate new algorithms for resilience. On July 5, 2022, NIST announced the first set of standardized algorithms, including: Key encapsulation mechanism (KEM) CRYSTALS-Kyber and Digital signature algorithms such as CRYSTALS-Dilithium, FALCON, SPHINCS+. In 2022, the U.S. National Security Agency (NSA) released an updated Commercial National Security Algorithm Suite (CNSA 2.0), mandating that national security systems (NSS) fully transition to PQC algorithms by 2033, with some cases required as early as 2030. CNSA 2.0 specifies CRYSTALS-Kyber and CRYSTALS-Dilithium as key quantum-resistant algorithms, alongside hash-based signature algorithms like XMSS (Extended Merkle Signature Scheme) and LMS (Leighton-Micali Signatures). By August 2024, NIST published its first three standardized PQC algorithms to ensure proper implementation: NIST also outlined a roadmap to phase out classical cryptographic algorithms like RSA-2048 and ECC-256 starting in 2030, with complete discontinuation by 2035. How should businesses prepare for the quantum era? To be ready for the transition to post-quantum cryptographic algorithms, the first step for businesses is to review their entire systems and technology infrastructure to identify where RSA and ECC algorithms are currently being used. Next, they should assess the potential impact on speed and performance when switching to more secure Post-Quantum Cryptography (PQC) algorithms. Based on this assessment, businesses can then develop a step-by-step transition plan, while engaging with customers and partners to align on the migration approach and begin the transition. Savyint PQC Lab: Vietnam’s First Post Quantum Crytography Platform for Digital Signatures, PKI, and Data Encryption As an international technology group with extensive expertise in PKI, Cryptography, Blockchain, Electronic Identification, Authentication, and Open Banking/Finance, Savyint proudly introduces the Savyint PQC Lab – Vietnam’s first post-quantum cryptography platform tailored for digital signatures, PKI, blockchain, and cryptographic solutions. This testing platform enables organizations to explore NIST-approved PQC algorithms, assess compatibility, performance, and impact without disrupting existing infrastructure. This is critical for financial institutions and fintech organizations aiming to comply with international standards such as FIDO2, PSD2, eIDAS, and PCI DSS. Key features of Savyint PQC Lab: Connect with Savyint’s experts today to lead the way into the post-quantum era!
Savyint Officially Launches Open Banking Tech Stack, Driving Open and Inclusive Finance Ecosystems
Savyint has officially announced the launch of its Open Banking Tech Stack, marking a significant milestone in the journey of building an open and inclusive financial ecosystem in Vietnam and across the region. As the global financial industry undergoes a strong transformation towards open finance models, implementing open banking is no longer just a trend but a strategic imperative for financial institutions to maintain competitiveness. The growing demand for connectivity between financial ecosystems – including banks, enterprises, and end-users – requires an infrastructure that not only complies strictly with regulatory frameworks but also ensures the highest level of data security and privacy. With this vision, Savyint introduces the Open Banking Tech Stack – a comprehensive solution designed to help banks, financial institutions, and enterprises accelerate digital transformation, foster innovation, and contribute to shaping an open and inclusive financial ecosystem. Open Banking Tech Stack – Bridging Technology and Compliance The Open Banking Tech Stack is designed to strictly meet both regulatory and technological requirements, enabling banks and financial institutions to enhance connectivity, collaboration, and innovation within a globally integrated system. Key Advantages of the Open Banking Tech Stack: The Open Banking Tech Stack equips organizations with a complete set of tools to implement a modern open banking system, including: In addition, the Tech Stack integrates seamlessly with secure online payment gateways, creating a complete end-to-end process for banks and third-party providers – from registration, identification, authentication, integration, and data sharing to payments. Strategic Partnerships with Global Technology Leaders Savyint’s Open Banking Tech Stack is built on strategic collaborations with world-leading names in Open API and Open Banking, including Red Hat, Axway, Tyk.IO, Kong, Curity, Salt Group, IBM, Google Cloud, Gravitee, Fiorano, and Open Banking Exchange. Through these partnerships, Savyint not only delivers cutting-edge technology solutions but also provides customized adaptability to meet the specific needs of each market – ensuring reliability, optimal security, and exceptional scalability. The Open Banking Tech Stack is expected to break down traditional barriers, enabling intelligent data sharing and close collaboration among stakeholders. This fosters healthy competition, drives innovation, and lays the foundation for a new era of inclusive finance. Don’t stand outside the open banking movement, connect with Savyint experts TODAY!
SAVYINT is an Official Member of the Quantum Technology Network and Innovation and Cybersecurity Development Network
On August 25, at the Launch Ceremony of three Strategic Technology Innovation Networks organized by the Ministry of Finance, under the chairmanship of Deputy Prime Minister Nguyen Chi Dung, SAVYINT, as an official member of two out of three networks, introduced its Cybersecurity and Information Security Solution System, featuring two core components: PQC Lab – Vietnam’s first post quantum cryptography platform – and SAM Auth Server. To realize the objectives outlined in Resolution No. 57-NQ/TW dated December 22, 2024, by the Politburo, and Decision No. 1131/QĐ-TTg dated June 12, 2025, by the Prime Minister, the Ministry of Finance tasked the National Innovation Center (NIC) with collaborating with experts, scientists, and businesses to establish Strategic Technology Innovation Networks. Under the leadership of Deputy Prime Minister Nguyen Chi Dung, the Ministry of Finance organized the launch of three Innovation Networks, with key highlights: During the ceremony, Deputy Prime Minister Nguyen Chi Dung emphasized that Vietnam is entering a new development phase and must proactively seize the immense opportunities brought by the Fourth Industrial Revolution. The three Strategic Technology Innovation and Expert Networks will work alongside the Government, ministries, and businesses to shape strategies, develop policies, and promote research, development, and application of new technologies, transforming the country’s “challenges” into “great opportunities” for the future. SAVYINT is an official member of both the Quantum Technology Network and the Cybersecurity Innovation and Development Network. With over 20 years of research and experience, SAVYINT aims to serve as a catalyst, driving the growth of these alliances and their respective fields in Vietnam. At the event, SAVYINT unveiled its comprehensive Cybersecurity and Information Security Solution System, with SAM Auth Server and PQC Lab – Vietnam’s first post quantum cryptography platform for digital signatures, PKI, blockchain, and data encryption – garnering significant attention from attendees. Pioneering Post-Quantum Technology with SAVYINT PQC Lab As quantum technology advances rapidly, traditional encryption methods face the risk of being compromised. SAVYINT PQC Lab was developed to pioneer the application of posy-quantum technologies and algorithms, safeguarding digital signature systems, PKI, blockchain, and data encryption against threats from quantum computers. This platform not only meets current security requirements but also prepares for the future when quantum technology becomes widespread. It enables organizations to adopt NIST-approved Post-Quantum Cryptography (PQC) algorithms, test compatibility, performance, and impacts of PQC without affecting existing infrastructure or systems. This is particularly critical for financial and fintech organizations that must comply with international standards such as FIDO2, PSD2, eIDAS, and PCI DSS. SAVYINT PQC Lab utilizes Hardware Security Modules (HSMs) supporting NIST-standard PQC algorithms: ML-KEM (FIPS-203), ML-DSA (FIPS-204), and SLH-DSA (FIPS-205). It manages and automates the issuance of PQC digital certificates, scans and alerts for certificates requiring replacement per NIST and new security standards, and provides a flexible and secure sandbox environment for rapid testing, isolated from operational systems. With SAVYINT PQC Lab, businesses and organizations can ensure long-term data protection, prevent “Harvest Now, Decrypt Later” attacks, comply with NIST’s PQC standards, and adhere to the highest global data security regulations. This builds customer trust, enhances global competitiveness, and solidifies leadership in cybersecurity. SAM Auth Server – All-in-One Identity, Authentication and Security Solution SAM Auth Server is an all-in-one identity, authentication, and security solution developed by SAVYINT, leveraging advanced security technologies to address the growing complexity of securing information in digital environments. SAM Auth Server offers multi-layer authentication and security, integrating dedicated hardware and software, as well as smart biometric cards, while strictly adhering to domestic and international security standards such as FIPS 140-3, eIDAS, PSD2/PSD3, GDPR, FIDO2, and OIDC/OAuth2. It is a pioneering solution that applies Post-Quantum Cryptography (PQC) algorithms and tokenization technology, ensuring absolute security for data and transactions amid increasingly sophisticated cyber threats. With rapid integration, independent operation, and unlimited scalability, SAM Auth Server enables organizations and businesses to proactively manage digital identities, protect systems, data, and critical digital content, while optimizing costs, enhancing efficiency, and ensuring security across all digital operations. Comprehensive Cybersecurity and Information Security Ecosystem In addition, SAVYINT introduced a comprehensive Cybersecurity and Information Security Solution System designed to meet the diverse needs of organizations and businesses in protecting sensitive information, ensuring data security, and complying with international regulations. This system includes a range of standout solutions: The application of advanced cybersecurity and information security technologies serves as a robust shield for organizations and businesses in the digital era. Contact us today to start preparing for a sustainable and secure digital future. Event highlights:
Savyint launches the first PQC Lab in Vietnam, pioneering the post-quantum security era
Savyint officially announces the Savyint PQC Lab – the first post-quantum cryptography (PQC) security platform in Vietnam dedicated to digital signature, PKI, cryptography infrastructure, and data encryption solutions. Post-Quantum Security – No Time to Delay With the rapid rise of technology, quantum computers are approaching the ability to break traditional cryptographic algorithms such as RSA and ECC, which have safeguarded global data for decades. To counter this challenge, Post-Quantum Cryptography (PQC) has emerged, leveraging entirely new and complex mathematical problems, such as code-based, lattice-based, hash-based methods, and others, to ensure resilience against both classical and quantum computers. Recognizing the serious threat quantum computing poses to current security systems, in 2024, the U.S. National Institute of Standards and Technology (NIST) announced the first three standardized PQC algorithms to ensure proper adoption of new cryptography: ML-KEM (FIPS-203), ML-DSA (FIPS-204), and SLH-DSA (FIPS-205). NIST also published a roadmap: starting in 2030, classical algorithms such as RSA-2048 and ECC-256 will begin to be phased out, and by 2035, they will be fully retired. This means that organizations and enterprises worldwide must develop roadmaps to adapt and transition their security infrastructures to PQC algorithms, in order to defend against financial data breaches via “Harvest Now, Decrypt Later” attacks. Moreover, implementing PQC standards is a complex process that may take 5–10 years, requiring organizations to prepare not only in terms of technical infrastructure, but also through long-term strategy, workforce training, and safe sandbox testing before large-scale adoption. Therefore, preparing today is the foundation for organizations to proactively defend against attacks targeting sensitive data and to build a sustainable security ecosystem for the post-quantum era. Savyint officially launches the first PQC Lab in Vietnam As an international technology group with extensive expertise in PKI, cryptography, blockchain, digital identity, electronic authentication, and open banking/finance, Savyint proudly introduces the Savyint PQC Lab – the first post-quantum security lab in Vietnam, dedicated to digital signature, PKI, blockchain, and advanced cryptography solutions. The Lab provides a testing environment that enables organizations to familiarize themselves with NIST-approved PQC algorithms, while evaluating compatibility, performance, and impact – without disrupting existing infrastructure or operational systems. This is particularly vital for financial institutions and fintech companies that must ensure compliance with international standards such as FIDO2, PSD2, eIDAS, and PCI DSS. Key features of Savyint PQC Lab: Mr. Steve Hoang, CTO & Chairman of Savyint Group, emphasized: “Transitioning to PQC is a 5–10-year journey that demands strategic vision and persistent execution. The Savyint PQC Lab is the tool that enables enterprises to embark on this journey safely, swiftly, and proactively.” Currently, Savyint is collaborating with leading global technology and security partners such as Entrust, Kryptus, and FutureX to develop large-scale quantum-safe solutions applicable to critical sectors, including PKI and digital certificates, data security, network and telecommunications infrastructure, and industrial and defense applications. The launch of the Savyint PQC Lab is not only a technological milestone but also a bold statement of Savyint’s pioneering role in the post-quantum era, partnering with global enterprises to build a secure, sustainable, and trustworthy digital future.
Security in Online Payments in the New Era
Online payments have rapidly become a preferred payment method in many countries worldwide. Alongside this trend, the demand for authentication and security has never been higher, aiming to protect transactions from increasingly sophisticated threats, ensure absolute safety, and maintain a seamless user experience. Over the past decade, the world has witnessed a powerful surge in e-commerce, smartphones, and high-speed connectivity infrastructure. Cashless payment habits have become an integral part of daily life. Bank cards, digital wallets, Apple Pay, Google Pay, QR codes, and cross-border payment platforms like Alipay+, WeChat Pay (China), and UPI (India) are used daily by millions for shopping, bill payments, and personal financial transactions. However, alongside this growth comes a downside: increasingly sophisticated cyberattacks. Cybersecurity reports highlight a significant rise in advanced attack methods, from phishing scams and malware on mobile devices to OTP theft, creating an urgent need for financial service providers, banks, and payment organizations to enhance authentication and transaction security measures. Popular Authentication Methods Today Currently, many countries employ Multi-Factor Authentication (MFA), which applies at least two of three factors: Something you have (e.g., a device or OTP), Something you know (e.g., a password or PIN), and Something you are (e.g., biometric data like fingerprints, facial recognition, or iris scans). For example, in India, the Reserve Bank of India (RBI) mandates two-factor authentication (2FA) for all online transactions, typically combining OTP with a PIN. In the UAE, OTPs delivered via SMS or email are a common authentication method for financial transactions. However, OTPs and PINs are increasingly vulnerable, becoming prime targets for cyberattacks, paving the way for new, more secure, and efficient authentication trends. Trends in Online Payment Security Biometrics is considered a significant advancement in authentication security today. When a user registers, their device generates a pair of security keys: a private key stored on the device, unlocked only through biometric authentication, and a public key stored on the payment network. During a transaction, the device signs the request with the private key, the network verifies it with the public key, and the result is sent to the bank. This process shifts authentication from the bank to the payment network or a third party, reducing the risk of OTP theft and providing a smoother user experience. In addition to biometrics, securing payment applications on mobile devices is another critical piece of the security puzzle. For instance, Google Play Protect, Android’s default security layer, can scan apps and detect known malware at the operating system level. However, it lacks the ability to identify sophisticated in-app fraud, such as fake keyboards, unauthorized access, or zero-day attacks. Advanced app-level security solutions enable real-time detection and response to threats, from blocking suspicious transactions to adjusting security policies based on the usage environment. As online payments continue to thrive, biometrics and mobile payment protection technologies are emerging as inevitable trends, strengthening transaction security, reducing cyber risks, and delivering a seamless, reliable payment experience. This marks a significant step toward a future where every online transaction is comprehensively protected, providing absolute peace of mind for both users and businesses. Savyint – Setting New Standards for Strong Authentication and Payment Security Amid increasingly stringent requirements for payment security and user authentication, Savyint—a global technology company specializing in open banking, data security, and advanced security solutions—is ready to deliver authentication and payment security solutions that meet rigorous national and international standards. With a focus on passwordless strong authentication (Passwordless FIDO2, PKI Passwordless, SmartOTP Passwordless), Savyint builds a comprehensive, easily integrated ecosystem of solutions, enabling financial institutions, fintech companies, and service providers to optimize user experience while meeting international standards. These include: All solutions are designed to strictly comply with international standards such as FIDO2, PSD2, eIDAS, GDPR, and PCI DSS, offering rapid deployment, compatibility with existing infrastructure, and the highest level of security. Connect with Savyint’s experts today to start building a secure payment ecosystem
Tourist e-Wallet and Digital Dirham: Great Potential but Significant Challenges
To meet the operational demands of the digital economy and enhance the efficiency of payment systems, the Central Bank of the UAE (CBUAE) has introduced the national digital currency, the Digital Dirham. Recently, the CBUAE discussed four potential use cases for the Digital Dirham, with the development of an electronic wallet for tourists being a particularly prominent topic. The CBUAE recently released the Digital Dirham Primer, a policy report outlining the design principles, policy framework, and initial development steps for the Digital Dirham. In addition to highlighting benefits, challenges, and implementation processes, the report details four use cases for the digital currency, including: Among these, the concept of an electronic travel wallet for tourists has garnered significant attention, given that the UAE attracts millions of international visitors annually, who collectively spend vast amounts on accommodation, shopping, dining, and entertainment. Theoretically, even if just 10% of tourism spending shifts to the Digital Dirham wallet, it could create a substantial economic impact and promote the adoption of the digital national currency. However, launching a tourist e-wallet is not as simple as introducing it to the market and expecting adoption. Most tourists in the UAE rely on Apple Pay, Google Pay, international credit/debit cards, or digital wallets from their home countries, such as UPI (India) or Alipay and WeChat Pay (China). For tourists to adopt a new payment method like the Digital Dirham, it must offer superior value and address inconveniences that existing infrastructure fails to resolve. Key considerations include: The electronic travel wallet scenario is a complex challenge involving multiple factors, including user experience, cost, widespread payment acceptance across various locations, and integration with diverse payment methods. If these elements are effectively addressed, capturing 10% of the tourism spending market share is entirely feasible. Banks and wallet developers must carefully strategize to turn this potential into tangible success.
UAE’s Payment Authentication Revolution: The End of SMS OTP
On July 25, 2025, the Central Bank of the UAE (CBUAE) issued a landmark directive mandating all UAE banks to phase out SMS and email OTPs by March 2026. This pivotal move signals a major overhaul of the payment infrastructure, aiming to standardize in-app biometric authentication across the entire banking ecosystem. For years, SMS and email OTPs have been the go-to method for authenticating financial transactions. However, this approach has increasingly revealed vulnerabilities, including OTP leaks and delays due to inconsistent telecommunications infrastructure. Globally, fraud related to SMS OTPs caused a staggering $6.7 billion in losses in 2021. In the UAE alone, scams surged by 43% year-on-year, impacting over 40,000 individuals in 2023, making SMS OTPs an easy target for cybercriminals. To mitigate risks and enhance the user experience in payments and transactions, the CBUAE has directed the banking sector to adopt safer and more advanced authentication mechanisms integrated into mobile banking applications. The directive mandates all UAE banks to: This means that within the first eight months of implementation, financial institutions must develop a transition roadmap, test, and roll out new authentication systems to fully replace traditional OTPs. Users will no longer receive OTPs via SMS or email; instead, they will approve transactions directly within banking apps using fingerprints, facial recognition, or push notifications. This shift reduces transaction latency, enhances user experience, and strengthens security. Currently, banks like Emirates NBD and ADIB have already adopted biometric login and soft tokens, while many others still rely on traditional OTPs and must urgently upgrade before the deadline. This bold move by the UAE is expected to ripple across the GCC, particularly Saudi Arabia, within the next 12 months. A unified standard for secure payment authentication across the MENA region is likely to emerge, fundamentally transforming the current payment infrastructure. Savyint – Pioneering Strong Authentication Solutions for MENA Payments Amid increasingly stringent payment security and user authentication requirements, particularly with the CBUAE’s new regulations, SAVYINT – a global technology leader in open banking, data security, and authentication solutions – is poised to partner with financial institutions and payment service providers across the MENA region. SAVYINT delivers a comprehensive ecosystem of advanced strong authentication solutions, fully compliant with international standards and leveraging cutting-edge passwordless technologies to elevate user experience: SAVYINT offers a robust suite of authentication solutions for payments and transactions: By combining robust authentication technologies with strict adherence to international security standards such as FIDO2, PSD2, eIDAS, GDPR, and PCI DSS, Savyint’s solutions enable banks, fintechs, and service providers in MENA to rapidly deploy modern, flexible authentication platforms that integrate seamlessly with existing systems and fully comply with CBUAE regulations. Connect with Savyint’s experts today to build a secure and compliant payment ecosystem.
Savyint Group attends Entrust UNRIVALED APAC Partner Bootcamp FY26
From July 22-24, 2025, Savyint Group joined leading technology partners from the Asia-Pacific region in Da Nang, Vietnam, to participate in the UNRIVALED APAC Partner Bootcamp FY26, Entrust’s annual in-depth training program. The APAC Partner Bootcamp FY26, hosted by Entrust – a global pioneer in security and PKI – aims to provide comprehensive training for strategic partners across the Asia-Pacific region. This year, event brought together numerous IT experts, strategic partners and senior Entrust leaders from across the Asia-Pacific (APAC) region. The bootcamp served not only as a platform for exchanging expertise in cybersecurity but also as an opportunity for Savyint Group to reinforce its leadership position, expand its data security and PKI solutions in Vietnam and strengthen international partnerships. Through various sessions, Entrust experts shared insights on critical cybersecurity topics, including: Crypto Security – Unified cryptography management to support compliance and risk management; PKI & CLM – Public Key Infrastructure and Certificate Lifecycle Management; Cyber Risk Prevention – Centralized security and identity verification; nShield5 HSM – Next-generation hardware security modules, enhancing performance and meeting the highest security standards. Notably, the topic “Data Security in the AI and Quantum Era” provided deep insights into challenges and solutions for enhancing data security in the age of artificial intelligence and quantum computing – an area where Savyint Group is actively advancing and holds a strong market position. At the event, Mr. Steve Hoang, CTO of Savyint Group, stated: “Participating in the UNRIVALED APAC Partner Bootcamp FY26 alongside Entrust enables Savyint Group and regional strategic partners to stay ahead of 2026 data security trends and expand our ecosystem of comprehensive security solutions. This is also an opportunity for us to enhance our capabilities to serve clients and increase our influence in the region.” With over 20 years of experience in consulting and deploying PKI, HSM, and digital identity and signing platforms for government, finance, banking, healthcare, and education sectors, Savyint Group is committed to partnering with Entrust to build a secure and sustainable digital ecosystem, meeting the growing demands of customers in the digital era. Event hilights: Day 1: Day 2: Day 3: