Savyint wins two Sao Khue 2026 Awards, with Savyint Digital Trust rated 5 stars
In its second year participating in the Sao Khue Awards, Savyint continues to stay committed to its mission of strengthening cybersecurity and digital trust, with two technology solutions honored at the Sao Khue Awards 2026: Savyint Digital Trust and SAM Appliance. Notably, Savyint Digital Trust received a 5-star rating in the Application and Data Security category. On May 28, the Sao Khue Awards 2026 Ceremony was solemnly held in Hanoi by the Vietnam Software and IT Services Association (VINASA), under the patronage of the Ministry of Science and Technology. Entering its 23rd year, Sao Khue 2026 marks an important transformation as it is redesigned under the “new-generation Sao Khue” model—not only as an event honoring outstanding digital technology products and services, but also as a system for evaluating, validating and positioning the digital technology capabilities of Vietnamese enterprises. After rigorous assessment rounds, the Final Jury of the Sao Khue Awards 2026 selected 123 outstanding digital platforms, services and solutions. These recognized solutions clearly reflect the strong shift in technology trends toward platforms capable of solving practical problems, optimizing operations, protecting data, enhancing transaction security and building trust in the digital environment. This year, Savyint’s award-winning solutions at Sao Khue demonstrate the company’s research, development and mastery of core technologies in cybersecurity, cryptography, electronic identification, digital signatures and online fraud prevention through Savyint Digital Trust and SAM Appliance. In particular, Savyint Digital Trust received a 5-star rating for its relevance and ability to keep pace with global fraud prevention trends. Savyint Digital Trust – A comprehensive security and fraud prevention platform In response to the growing need for proactive fraud prevention and increasingly stringent international regulatory requirements, Savyint Digital Trust is a unified security platform designed to protect the entire digital journey of users and transactions. Built on a Zero Trust security architecture powered by cryptography, Savyint Digital Trust helps organizations strengthen security, enhance user experience and build sustainable digital trust. The solution integrates key capabilities, including: With high scalability and flexible integration with internal enterprise systems, Savyint Digital Trust is suitable for various sectors, including digital banking, fintech, e-wallets, payments, e-commerce, enterprises, government, public services and systems that process sensitive data. SAM Appliance – An all-in-one solution for data encryption, digital signature authentication and mobile identification Alongside Savyint Digital Trust, SAM Appliance is also one of SAVYINT’s two solutions honored at Sao Khue 2026. It is an all-in-one solution for data encryption, digital signature authentication and mobile identity, built on a Cloud HSM platform. The solution ensures compliance with standards for remote signing, blockchain, crypto assets, mobile payment, data encryption, transaction encryption, timestamping, security, system authentication, IoT, Car2X and more. SAM Appliance includes: SAM Appliance confidently complies with regional technical standards as well as international legal and regulatory requirements such as FIPS 140-2 Level 3, ISO 9001:2015, ISO 14001:2015, ISO 27001:2022, GDPR, SOC 2 Type II, HIPAA and PCI DSS. Notably, SAM Appliance supports Post-Quantum algorithms such as ML-KEM, ML-DSA and SLH-DSA, helping shape organizations’ security strategies in the quantum era. The Sao Khue Awards 2026 are not only a recognition of SAVYINT’s innovation efforts, but also a motivation for the company to continue researching, improving and bringing to market more comprehensive solutions for security, identity and digital trust, contributing to the development of a safe, reliable and sustainable digital infrastructure for Vietnam and international markets. Two consecutive years of participation and two consecutive awards at Sao Khue stand as proof of the steadfast journey the company has pursued from the very beginning: strengthening security and building digital trust. Savyint will continue contributing to the development of a secure, trusted and sustainable digital infrastructure for Vietnam and the global market. Some snapshots from the event:
From PSD3 and eIDAS 2.0 to Zero Trust: A New Security Strategy for the Finance and Banking Sector
The financial sector is entering a period of profound transformation. Amid the rapid increase in both the frequency and financial impact of scams and payment fraud – alongside emerging risks from quantum computing and tighter regulatory requirements under PSD3 and eIDAS 2.0, financial institutions need a well-structured, proactive, flexible, and future-ready security strategy. From PSD1, PSD2 to PSD3: A new standard for digital payments and fraud prevention In 2007, the European Union’s first Payment Services Directive, PSD1, established a unified payments market, improved transparency, and enabled cross-border e-commerce. A decade later, PSD2 was introduced, driving competition through open banking, requiring Strong Customer Authentication (SCA), and creating a legal foundation for third-party access to payment accounts. By November 2025, the European Parliament and the Council of the European Union reached a provisional political agreement on PSD3, addressing emerging challenges in digital payments, open banking, and fraud prevention. One of the most notable aspects of PSD3 is the strengthened requirement for Strong Customer Authentication. SCA is no longer limited to payment authentication, but is also extended to a wider range of customer actions, such as changing transaction limits, updating contact information, restoring devices, setting up authorization, or changing authentication methods. Strong authentication is becoming an integral layer across the entire customer journey. Under the latest directive, PSD3 also reinforces the responsibility of payment service providers in fraud prevention. When incidents occur involving authentication failures or suspicious transactions, legal liability must be clearly defined. This is a key driver for financial institutions to invest more heavily in multi-layered authentication, risk analytics, transaction monitoring, and digital identity protection. In addition, PSD3 continues to promote API standardization in open banking, compliance with FAPI, and greater consistency, interoperability, and service quality among banks, fintech companies, and third-party providers. If PSD3 raises the question of how to strengthen customer authentication, reduce fraud, and ensure accountability in digital payments, then eIDAS 2.0 provides part of the answer – by positioning digital identity and electronic identity wallets as a trusted, standardized, and cross-border foundation for user verification. eIDAS 2.0: Digital identity as the foundation of digital trust While PSD3 focuses heavily on payments and financial services, eIDAS 2.0 places electronic identity and trust services at its core. One of the most prominent elements of eIDAS 2.0 is the European Digital Identity Wallet, or EUDI Wallet. The EU DI Wallet enables individuals and businesses to store, manage, and use their digital identity across a wide range of services. When integrated into the financial sector, digital identity wallets can become a powerful authentication method, helping customers access banking services, verify their identity, and conduct transactions more securely. Beyond promoting the EUDI Wallet, eIDAS 2.0 also introduces stricter requirements for Trust Service Providers, or TSPs, in areas such as governance, risk management, and auditability. In particular, crypto-agility and readiness for Post Quantum Cryptography, or PQC, are identified as critical factors to ensure the long-term resilience of trust services. The requirements under PSD3 and eIDAS 2.0 reflect a clear trend: financial security is becoming inseparable from digital identity. A secure transaction requires not only a protected payment system, but also a trusted and verifiable identity authentication foundation. For banks and fintech companies, this creates an urgent need to prepare modern authentication infrastructure that can integrate with digital identity wallets, support passwordless authentication, manage the identity lifecycle, and provide compliance evidence when required. Zero Trust Security Architecture: Never trust by default, always verify Zero Trust is one of the most widely discussed security architectures today, thanks to its strong security posture and core principles: Instead of assuming that users, devices, or applications inside the system are secure, the Zero Trust model starts from the principle that no user, device, or application should be trusted by default. As a result, every access request must be continuously verified, rather than checked only once at login. For the Finance and Banking sector – where sensitive data, high-value transactions, and multiple third-party connection points are involved – a well-implemented Zero Trust security architecture can help organizations reduce the risk of unauthorized access, minimize potential damage when incidents occur, and strengthen control over activities across the entire system. Further reading on Zero Trust: Savyint Group: A trusted partner in building digital trust Bringing together leading experts in open banking, data encryption, and payment security, Savyint is ready to accompany enterprises and global partner ecosystems throughout the journey – from assessment and roadmap consulting to testing and implementation of Zero Trust-aligned security solutions. These solutions are designed to meet stringent international standards such as PSD3, eIDAS 2.0, PCI DSS,… and to prepare organizations for the Post Quantum era. Savyint’s comprehensive security and fraud prevention solution suite, built on a Zero Trust architecture, addresses multiple critical challenges at once: Notably, Savyint is also the first organization to announce a PQC Lab in Vietnam. The lab enables organizations to explore NIST-approved PQC algorithms, address real-world challenges in the Finance sector, and assess compatibility, performance, and impact – without disrupting existing infrastructure or operational systems. Through this testing environment, organizations can reduce migration risks, select suitable technologies, and systematically build internal capabilities. In addition to its deep expertise, Savyint is also a global technology partner of major industry leaders such as Entrust, Keyfactor, Crypto4A, Kryptus, Futurex, Thales,… Connect with Savyint’s experts today to stay ahead of the next wave of security innovation.
RMiT 2025 Tightens Strong Authentication Requirements in Malaysia and Savyint’s Compliance Solutions for Financial Institutions
In November 2025, Bank Negara Malaysia (BNM) officially issued an updated version of its Risk Management in Technology (RMiT) policy, introducing stricter requirements for enhanced identity verification, device binding, and fraud prevention across Malaysia’s financial sector. 1. About BNM’s RMiT Policy Risk Management in Technology (RMiT) is Bank Negara Malaysia’s central policy framework for managing technology risk and cybersecurity risk in the financial sector. The policy sets out minimum requirements for financial institutions to strengthen governance, cybersecurity, technology operations, digital services, third-party risk management, cloud adoption, fraud detection, and customer protection. Its objective is to ensure that financial institutions can maintain secure, stable, and trusted digital services amid increasingly complex cyber threats. RMiT applies to all financial institutions regulated by BNM, ranging from banks to insurers and reinsurers, electronic money issuers, payment system operators, financial institutions, and money transfer intermediaries. 2. The November 2025 RMiT Update The RMiT policy issued in June 2023 introduced several authentication-related requirements, including multi-factor authentication, access management, and digital service controls. However, these requirements remained largely guidance-based rather than mandatory standards. In November 2025, the updated RMiT policy was issued, marking a significant turning point in strong authentication by introducing clearer mandatory requirements on how organizations must authenticate users and protect digital services. Below are the key changes. a. One Device per User by Default One of the most important changes is the default requirement to use only one device, aimed at preventing SIM-swap fraud and account takeover. Financial institutions must ensure secure device binding and unbinding processes, while limiting digital service transaction authentication by default to one mobile device per account holder. Users may register additional devices, but they must actively request this and accept the associated risks. Financial institutions are not allowed to make multiple devices the default option. The process must include: b. Stronger Verification for Mobile Number Changes Previously, many banking applications allowed users to update their mobile phone numbers by confirming an OTP sent to the existing number. However, this approach is no longer considered secure if the number has already been compromised or affected by SIM swapping. Therefore, under the latest RMiT update, organizations are required to adopt stronger authentication mechanisms, such as: c. Cooling-Off Periods and Transaction Limits for Newly Registered Devices RMiT requires appropriate verification and cooling-off periods in the following cases: Accordingly, newly registered devices should not be granted full transaction privileges immediately. Organizations need to establish time-based limits and transaction frequency controls. Transaction rights should be gradually expanded as the device and user behavior build a trusted history. Combined with fraud detection standards that require behavioral analytics and real-time risk scoring, RMiT requires the authentication layer to understand context, not merely verify login credentials. d. Multi-Factor Authentication and Passwordless Authentication to Reduce Dependence on SMS OTP The most important change in the RMiT update is the requirement to use MFA and passwordless authentication methods. MFA must be resistant to interception or manipulation by third parties throughout the authentication process. Examples of passwordless authentication methods include biometric authentication, device binding, cryptographic key-based authentication, and risk-based step-up authentication. In addition, “transaction linking” requires the authentication code to be bound to specific transaction details, including the recipient and transaction amount, rather than being linked only to the login session. 3. Savyint – A Global Expert in Strong Payment Authentication and Risk Prevention Amid rising security requirements, Savyint provides a comprehensive security ecosystem that helps banks and financial institutions comply with BNM’s RMiT regulations while enhancing their overall security and risk management capabilities. Built on a Zero Trust architecture and centered around four key pillars – Secure Payment, Open Banking, Secure Data, and Digital Trust – Savyint’s RMiT compliance solution enables financial institutions to: This solution is designed in strict compliance with international standards such as FIDO2, PSD2/PSD3 eIDAS, GDPR, PCI DSS,… ensuring rapid deployment, compatibility with existing infrastructure, and the highest level of security. Connect with Savyint experts today to build a secure and compliant payment ecosystem.
Top 6 Benefits of Zero Trust Security Architecture
As cyberattacks become increasingly sophisticated, traditional security models such as firewalls, VPNs, or trusted internal networks are no longer sufficient to protect modern enterprises. Zero Trust Architecture has emerged as a critical approach in today’s cybersecurity landscape, helping organizations strengthen protection across users, devices, applications, data, and digital transactions. What is Zero Trust Architecture? Zero Trust Architecture is a modern security model built on the principle of “never trust, always verify.” It is designed for today’s complex, distributed, and increasingly cloud-based IT environments. Unlike traditional security models, Zero Trust requires every access request to be continuously verified, whether it originates from inside or outside the organization. Zero Trust Architecture typically combines multiple security technologies, including: Key Benefits of Zero Trust Security Architecture Implementing Zero Trust can bring significant benefits to enterprises and organizations, including: 1. Strengthening Comprehensive Security Against Advanced Threats Zero Trust helps organizations defend against threats such as ransomware, phishing, compromised accounts, and insider risks. By enforcing least-privilege access and continuous verification, businesses can significantly reduce the risk of attackers exploiting exposed credentials to access sensitive systems and data. 2. Reducing the Risk of Data Breaches Since every access request must be verified, attackers cannot easily reach sensitive data even if they manage to compromise an account or device. This helps limit unauthorized access, reduce lateral movement within the system, and minimize the potential impact of security incidents. 3. Improving Monitoring and Incident Detection Zero Trust enables organizations to monitor user behavior, devices, applications, and access activities in real time. With stronger visibility across the digital environment, businesses can detect unusual activities earlier, respond to risks more quickly, and improve their overall incident response capability. 4. Supporting Remote Work, Cloud, and Hybrid Infrastructure With Zero Trust, users can securely access enterprise resources from anywhere, as long as their identity, device, and access permissions are properly verified. This is especially valuable for remote and hybrid work models, where employees may access corporate systems from different locations, networks, and personal devices. 5. Enhancing Regulatory Compliance Zero Trust provides a unified governance framework for enforcing security policies, authenticating users, managing access rights, and maintaining activity logs. This allows organizations to better meet data protection and information security requirements in highly regulated sectors such as finance, banking, healthcare, telecommunications, and government. 6. Optimizing Long-Term Security Costs While Zero Trust implementation may require initial investment, it can help optimize security costs in the long run. By consolidating security controls, reducing the likelihood of data breaches, and limiting damage when incidents occur, Zero Trust helps organizations build a more sustainable and cost-effective cybersecurity strategy. A Comprehensive Zero Trust-Based Security and Fraud Prevention Solution for BFSI Organizations With deep experience in the Finance and Banking sector and a proven track record of implementing projects for major banks, SAVYINT introducs e a comprehensive security and fraud prevention solution built on Zero Trust Architecture. Aligned with the core pillars of modern Zero Trust, SAVYINT’ solution enables end-to-end protection across users, devices, applications, data, and digital transactions: + Identity verification and user access control + Establish device trust + Real-time application protection with RASP+ + API security and third-party connectivity + Consent management and personal data protection + AI/ML integration, transaction risk assessment, and real-time fraud prevention + Automated compliance reporting + Support compliance with Vietnamese regulations, including Circular 50, Circular 64, Circular 77 of the State Bank of Vietnam, Decree 356, the Data Protection Law, and the Cybersecurity Law,…; international standards such as eIDAS, GDPR, and PCI-DSS…; and regional regulations such as Malaysia’s PDPA and RMiT, and the Philippines’ AFASA and BSP 1213–1215… Connect with SAVYINT experts today to take the lead in enterprise-wide security and fraud prevention! Read more: Zero Trust – A Next-Gen Security Architecture for Vietnamese Banks Amid Increasingly Stringent Regulations
Savyint Advances Cooperation in Cybersecurity, Artificial Intelligence and High Technology in India
May 6, 2026, Savyint Group participated in the Vietnam – India Innovation Forum in New Delhi, India. The event was jointly organized by Vietnam’s Ministry of Science and Technology and India’s Ministry of Electronics and Information Technology, as part of the State visit to India by H.E. To Lam, The General Secretary, President of the Socialist Republic of Viet Nam. Taking place from May 5 to 7, 2026, the State visit by General Secretary, President To Lam was made at the invitation of Indian Prime Minister Narendra Modi, with the participation of a high-level Vietnamese delegation and a business delegation. The visit also coincided with the 10th anniversary of the elevation of Viet Nam-India relations to a Comprehensive Strategic Partnership, while opening new momentum for cooperation in areas that are fundamental to future growth, including science and technology, innovation, digital transformation, cybersecurity, artificial intelligence, semiconductors, energy and high-quality human resource development. Under the theme “Cooperation in Human Resource Development, Science and Technology, Innovation and Digital Transformation,” the Vietnam-India Innovation Forum brought together senior leaders, ministries, government agencies, research institutes, universities, associations, digital technology corporations, and innovation-driven enterprises from both countries. At the forum, General Secretary and President To Lam emphasized the need for Viet Nam and India to strengthen strategic information sharing and expand cooperation in cybersecurity, digital infrastructure protection, the prevention of high-tech crime, and capacity building to respond to non-traditional security challenges. The forum served as an important platform to promote substantive cooperation between the Vietnamese and Indian technology communities, particularly in fast-growing sectors across the Asia-Pacific region. Amid the rapid growth of the digital economy, data security, digital identity protection, and cyber resilience have become strategic requirements for governments, financial institutions, large enterprises, and critical infrastructure operators. As a Vietnamese technology company focused on digital safety, data protection, digital trust, and risk governance in digital environments, Savyint joined the forum with the aim of expanding international cooperation, connecting Vietnamese technology capabilities with India’s technology ecosystem, and supporting the development of platforms and solutions that meet the increasingly demanding requirements of regional markets. At the event, Savyint Group and Vantageo Pvt. Ltd. exchanged a technology cooperation agreement, opening new directions for collaboration in development, integrated design, joint research and co-production. The partnership aims to combine the strengths of both companies to deliver solutions and products in areas such as cybersecurity, AI Security, Data Safe, Quantum Safe, Zero Trust Network, HPC platforms, AI accelerators, and GPU platforms for Viet Nam, India, the APAC region and SAARC region. The cooperation agreement goes beyond connecting the capabilities of the two companies. It also reflects a shared orientation toward co-developing secure technology platforms that can be localized to meet the requirements of each market, while aligning with international standards for security, compliance, and operational reliability. Mr. Steve Huang, Executive Chairman of Savyint Group, shared: “India is one of the world’s fastest-growing technology hubs. By participating in the Vietnam-India Innovation Forum, Savyint aims to connect with like-minded partners and jointly develop secure, trusted, and widely applicable technology solutions for enterprises and organizations in Viet Nam, India, and the wider region.” As Viet Nam-India relations enter a new phase of deeper and broader cooperation, Savyint’s presence at the forum affirms its commitment to accompanying Viet Nam’s national digital transformation journey, while promoting “Make-in Vietnam” technology solutions to regional and global markets. The event through media coverage:
Zero Trust – A Next-Gen Security Architecture for Vietnamese Banks Amid Increasingly Stringent Regulations
Vietnam’s financial and banking sector is entering a phase of significantly tightened requirements for security, data protection, and fraud prevention. From Circular 50, Circular 77, and Circular 64 issued by the State Bank of Vietnam, to the Personal Data Protection Law, Decree 356, and the Cybersecurity Law 2025, financial institutions are no longer required to simply have security systems – they must prove that these systems are reliable, secure, and capable of real-time risk control. Over the past five years, regulations in Vietnam’s financial and banking sector have clearly shifted – from system-level security requirements to comprehensive control and enhanced protection across the entire digital customer journey. Notably, since 2024, the Vietnamese government has introduced a series of policies to strengthen information security, data protection, and cybersecurity. Online Service Security Circular 50/2024/TT-NHNN establishes a comprehensive foundation for securing online banking services, covering customer authentication, transaction data protection, and responsibilities for guiding users about risks. However, the real tightening comes with Circular 77/2025/TT-NHNN, which amends Circular 50 and takes effect from March 1, 2026. Accordingly, financial institutions must place strong emphasis on endpoint security (Mobile Apps). Mobile banking applications are required to automatically log out or stop functioning if detecting: rooted/jailbroken devices, emulators, debuggers, etc. Server systems must implement version control mechanisms, prevent users from downgrading versions, and ensure software is protected against the top 10 common vulnerabilities (OWASP). Stronger identity verification is required in high-risk scenarios, mandating biometric authentication combined with high-level verification when customers change identity documents or authentication methods. Circular 64/2024/TT-NHNN sets strict technical standards for open system connectivity architecture, requiring data structures using JSON or XML via REST APIs. APIs must be digitally signed (JWS) and encrypted. It also mandates identity and access management between banks, customers, and third parties (TPPs) based on OAuth 2.0 standards. Personal Data Protection The Personal Data Protection Law No. 91/2025/QH15, effective from January 1, 2026, marks a significant milestone in privacy protection in Vietnam. The law requires technical controls embedded directly into system architecture, including mandatory encryption/decryption of sensitive data, implementation of data anonymization processes to prevent re-identification, and compulsory impact assessments for data processing and cross-border data transfers. Systems involving Big Data, AI, Blockchain, and Cloud must integrate appropriate security measures with strict access controls. Additionally, the law requires the establishment of identity governance mechanisms based on user consent, with features allowing customers to monitor, view, modify, or withdraw their consent. Decree 356/2025/NĐ-CP, which guides the implementation of the law and replaces Decree 13/2023, establishes a robust technical and legal “barrier,” requiring organizations to implement dual verification mechanisms in personal data processing. Systems must support verifiable consent logging (e.g., OTP, voice recordings, SMS). Access to sensitive data requires strong authentication methods, at minimum multi-factor authentication (MFA), combining passwords with OTP, digital signature devices, or biometrics. These requirements exceed the capabilities of most existing identity and access management systems. Cybersecurity The Cybersecurity Law 2025, effective July 1, 2026, establishes a framework for protecting information systems based on five risk levels. It clearly defines the responsibility of online service providers to verify user information during digital account registration and secure user account data. This compels financial institutions to treat digital security as a core capability rather than a supporting technical function. Zero Trust Architecture Zero Trust is a modern security architecture based on the principle “Never trust, always verify,” designed for complex and distributed systems. Instead of inherently trusting users or devices within the network, Zero Trust continuously verifies five key pillars: user identity, devices, networks, applications, and data. Every access request must be authenticated, authorized, and continuously monitored. This model enforces strict control over identity, device posture, applications, data, and user behavior in real time. The three core principles of Zero Trust include: By applying these principles, Zero Trust helps organizations reduce cyberattack risks, limit lateral movement within systems, and protect digital assets across cloud, mobile, IoT, and remote working environments. Comprehensive Security and Fraud Prevention Solution for Banks With extensive experience in the financial and banking sector, Savyint introduces a comprehensive security and fraud prevention solution based on Zero Trust architecture. This solution enables financial institutions to comply with stringent legal requirements both domestically and internationally while addressing key challenges including user authentication, device and application protection, API security, consent management, fraud prevention, transaction risk control, and compliance: Beyond compliance with Vietnamese regulations, Savyint’s security and fraud prevention solutions also strictly adhere to international standards such as eIDAS, GDPR, PCI-DSS, as well as regional regulations in countries like Malaysia (PDPA, RMiT) and the Philippines (AFASA, BSP 1213-1215). Connect with Savyint experts today to ensure secure operations and full compliance with both domestic and international regulations.
Savyint Trains Strategic Partner Vietnet: Leveling Up On Digital Trust, Open Banking & Next-gen Security
With data security, digital authentication, and legal compliance getting stricter by the day, Savyint recently held a training session for the strategic partner, Vietnet, to help Vietnet level up their consulting, deployment, and business development skills around next gen security, Digital Trust, and Open Banking – all fully aligned with Vietnam’s State Bank Circulars 50, 77, and 64. The program took place over two days (April 16–17, 2026) in Hanoi. It’s part of our long term strategic partnership to equip Vietnet with deep expertise and real world implementation skills – so they can bring world class security solutions to customers right here in Vietnam and across the ASEAN region. SAM Appliance – All in one data encryption, digital signature & mobile identity On the first training day, Savyint’s experts walked everyone through today’s biggest security challenges: the explosion of connected devices, tough compliance rules (GDPR, PCI DSS, eIDAS…), and the pressure to move toward post quantum cryptography (PQC). That’s where SAM Appliance comes in. It’s a complete package for data encryption, digital signatures, and mobile identity – fully compliant with standards for remote digital signatures, blockchain, cryptography, mobile payments, transaction encryption, time stamping, system security, IoT, Car2X, and more. But SAM Appliance isn’t just about signing invoices, contracts, certificates, or payment files. Built on a Cryptographic Security Platform (CSP), it also includes SCA & MFA, passwordless PKI based authentication, tokenization, end to end transaction signing, advanced mobile cryptography, and support for Post Quantum Cryptography (PQC) algorithms – ready for the next era of security. Plus, it integrates blockchain and cryptocurrency, enables mobile payments and digital wallets, and supports long term digital preservation with timestamps for 5, 10, even 20 years. SAM Appliance proudly meets regional technical standards and international regulations, including FIPS 140 2 Level 3, ISO 9001:2015, ISO 14001:2015, ISO 27001:2022, GDPR, SOC 2 Type II, HIPAA, and PCI DSS. Alongside all the technical details, the Vietnet team also got to explore real life use cases from banking, finance, and government – so they can see exactly how the solution fits each customer’s unique challenges. Digital Trust & Compliance Beyond SAM Appliance, Savyint offers a full Digital Trust solution stack designed to strictly follow local and international legal requirements. It’s built on four pillars: Risk Management & Compliance, Cyber Security & App Protection, SCA/MFA Identity, and FMS AI Fraud. On top of strong authentication (passwordless with FIDO2/Passkey, biometrics, contextual auth, Smart OTP, push notifications…), the solution adds AI and Machine Learning. This helps banks and financial institutions detect, assess, and stop fraud across the entire user journey – from login behavior and device fingerprints to access context and transaction details. Combine that with RASP+ (runtime app protection) and TrustShield – a mobile fraud prevention platform using device fingerprinting, behavior analysis, and AI – and you get a seriously robust defense. These pillars form a complete, end to end architecture that protects devices, behavior, identity, and transactions all at once. This is Savyint’s real strength: building high value, long term solutions that keep customers safe while staying compliant across multiple markets – like Vietnam (SBV Circulars 50, 64, 77), the Philippines (AFASA Act, Circulars 1213–1215), Malaysia (MRiT, PDPA), and beyond. Expanding capabilities with Open Banking Day two of the training focused on the Open Banking Tech Stack – fully compliant with Circular 64/2024/NHNN. It includes: • Savyint Open Banking Portal, Savyint API Management, Savyint Consent Management • Savyint CIAM/SCA (PSD2), eKYC • Savyint TPP Management, Fraud Prevention & Risk Management Savyint is positioned not just as a tech vendor, but as an end to end Digital Trust platform – providing the security and compliance layer for the entire Open Banking ecosystem. Sprinkled throughout the technical sessions were open Q&A discussions where Savis and Savyint could talk through real world scenarios, challenges, and implementation tips. This training is part of Savyint’s long term strategy to build a strong partner ecosystem in Southeast Asia – and to cement our position as a leader in Digital Trust, Open Banking, and next gen data security. Some snapshots from the training program:
PIONEERING THE NEXT GENERATION OF SECURITY: QUANTUM AND AI HORIZON
On March 26, Savyint welcomed a student delegation from the University of San Agustin, Philippines. During the visit, the students got a first-hand look at leading technology trends such as Post-Quantum Cryptography (PQC), the Digital Trust platform, AI in fraud prevention, and especially Agentic AI – fields that are shaping the future of global digital security and transformation. 1. Post-Quantum Cryptography (PQC) – Ready for the New Era As quantum computing gets closer to a breakthrough, traditional encryption methods are at risk of being broken. PQC (Quantum-Resistant Cryptography) has emerged as a vital solution, designed to protect data infrastructure against the massive computing power of this new era. Savyint is a pioneer in integrating advanced PQC standards (like ML-KEM and ML-DSA) into its core systems to secure devices. Furthermore, Savyint has established the Quantum AI Lab – a leading lab in Vietnam for researching and testing these quantum-resistant algorithms. Here, they simulate real-world attacks from “AI hackers” to test how strong their security layers really are. 2. AI Fraud & Digital Trust – Protecting Finance in the AI Age Beyond the pressure from quantum computers, threats like Deepfakes and automated malware are making financial security more urgent than ever. Savyint shared an overview of the 2025 threat landscape, where fraud not only causes financial loss but also creates legal risks for organizations. To fight this, Savyint introduced its Digital Trust platform. This platform uses AI to analyze user behavior, detect unusual activity, and make decisions in real-time. The system is built on four pillars: device security, advanced authentication, AI-based fraud detection, and risk management. 3. Agentic AI – Toward Self-Operating Security Systems Savyint also introduced Agentic AI – AI systems capable of making decisions and taking action on their own, rather than just creating content or analyzing data. In fraud prevention, Agentic AI is used to simulate complex attack scenarios to “train” defense systems, helping them react and adapt faster over time. Additionally, these AI agents can: This approach marks a shift from “reactive” systems to “autonomous” (self-operating) systems, where AI acts as an active partner in the security ecosystem. The visit gave the University of San Agustin students a practical look at how cutting-edge tech is used in real businesses. It was more than just a learning experience; it was inspiration for the younger generation to join the journey of global innovation. See more photos from the event below:
Biometrics, Smart OTP, Smart Token, Passkey/FIDO2: Passwordless Authentication for Stronger Financial Fraud Prevention
As digital banking and mobile banking make payments and account management more convenient, financial fraud is also increasing at a rapid pace. Technologies such as biometrics, Smart OTP, Smart Token, and Passkey/FIDO2 are emerging as next-generation authentication methods. These passwordless authentication technologies help banks and financial institutions strengthen transaction security while significantly improving fraud prevention. Traditional authentication methods are no longer secure enough For many years, banking transactions have mainly relied on traditional authentication methods such as passwords, SMS OTP, and security questions. However, these methods are increasingly showing critical security weaknesses: In response, financial regulators around the world are tightening requirements for strong authentication and encouraging banks and financial institutions to adopt more secure authentication technologies. Some notable regulations include: These regulations clearly reflect a global trend: passwordless authentication methods such as biometrics, Smart OTP, and Smart Token are becoming the new standard for financial security. Why are biometrics, Smart OTP, and Smart Token more secure than traditional authentication? Smart OTP Smart OTP has become a widely adopted authentication method in digital banking. Unlike SMS OTP, Smart OTP is generated directly inside the banking application, tied to the user’s device and protected by cryptographic keys. Key advantages of Smart OTP: As a result, Smart OTP provides a critical additional security layer to protect digital banking transactions. Smart Token Alongside Smart OTP, Smart Token is another strong authentication method widely used by banks for high-value transactions. Smart Tokens can exist in different forms: Unlike standard OTP mechanisms, Smart Tokens use cryptographic algorithms to generate dynamic authentication codes tied to specific transactions. This provides several security benefits: Because of their strong security capabilities, Smart Tokens are often deployed as an additional authentication layer in electronic banking systems. Biometrics Biometric authentication verifies a user based on biological or behavioral characteristics. Common biometric technologies used in digital banking include: Unlike passwords or OTP codes, biometric traits are unique to each individual and extremely difficult to replicate or forge, ensuring that the person performing the transaction is truly the legitimate account holder. Another major advantage of biometrics is user convenience. Customers no longer need to remember passwords or wait for OTP codes. A simple fingerprint scan or facial recognition can authenticate a transaction instantly. A growing trend in fraud prevention is behavioral biometrics. Instead of relying on physical traits, this technology analyzes how users interact with their devices, such as: Typing speed, Screen swipe patterns, App usage behavior,…Users do not need to perform any additional authentication step, yet the system can still detect suspicious behavior in real time. Passkey / FIDO2 Another rapidly growing passwordless authentication trend is Passkey/FIDO2. A passkey is a FIDO-based credential that allows users to sign in to apps and websites using the same method they use to unlock their devices – biometrics, PIN, or device pattern – without entering a username, password, or additional authentication factors. Passkey/FIDO2 offers extremely strong protection against phishing and credential theft because: A passkey works only with the specific domain or website where it was registered. If users visit a phishing or fake website, the passkey simply will not work. Passkeys are device-bound credentials, meaning authentication requires the registered device and user verification (biometrics or PIN). In the digital banking era, security is no longer just a technical defense layer – it has become a core foundation for building digital trust between financial institutions and their customers. The combination of biometrics, Smart OTP, device-based authentication, and modern technologies such as Passkey/FIDO2 is paving the way for more secure authentication models, stronger fraud prevention, and seamless user experiences. If your bank or financial institution is looking for modern passwordless authentication solutions, from biometrics, Smart OTP, Smart Token, and Passkey/FIDO2 to AI-powered behavioral analytics and fraud detection. Connect with Savyint’s experts today to explore how we can support your digital security transformation. Read more: