Consent Managemnet in Open Banking
Open Banking is a new financial ecosystem that allows users to securely share their personal financial data with third-party providers, such as fintech companies or other financial institutions. By sharing this data, these organizations can provide personalized financial services to users. So, how is Open Banking data processed, and for what purposes is it used? Open Banking: Consent Management To provide and develop high-quality products and services, Third-Party Providers (TPPs) require user consent to access their financial data. From there, they filter and process this data for research purposes and to build new financial products and services. Consent management is a sensitive matter that requires caution and expertise in both legal and technical aspects. Contrary to popular belief, consent management is not just a simple click or checking an “I Agree” box; it is a structured process implemented in compliance with regional and national regulations and directives, such as PSD2/PSD3 or GDPR in the EU. The consent management process in banking typically unfolds as follows: While different organizations may present data access agreements differently, this is the most common mechanism, often used in: Understanding how data and information flow during the consent request process is a decisive factor for transparency and the success of organizations in Open Banking. The Process of Managing Consent for Open Banking Data Sharing The consent management process is generally divided into three stages: a. Consent Stage b. Authentication Stage c. Authorization Stage Throughout every process, users always know who they are granting access to, for how long, and for what purpose. Most importantly, users can revoke consent at any time. The information available to users typically includes: Open Banking Data Sharing: How Does It Work? Open Banking allows third-party financial service providers to access information with user permission. Technically, this process is facilitated via Open APIs. Legally, the data-sharing process is overseen and governed by existing government regulations, such as the Payment Services Directive (PSD2) in the EU or the Open Banking Act in the UK. However, as these regulations vary by region, the types of data shared through open banking services also differ. Typically, to ensure transparency and integrity, there are multiple layers of security and verification during the data exchange between financial institutions and TPPs. Data transmission is executed in a “heartbeat” thanks to APIs, ensuring a seamless, secure, and efficient experience. Who Can Access Open Banking Data? Not everyone can access data in Open Banking. To view this data, user consent is mandatory, and the TPP must be licensed. TPPs must also meet specific requirements before being authorized to access a user’s financial information. Dedicated competent authorities are responsible for licensing TPPs to access user data. For example, in Australia, the Australian Competition and Consumer Commission (ACCC) is responsible for Open Banking data licensing. These agencies ensure that personal financial data sharing does not violate the law while having the power to grant, modify, or revoke data collection licenses. What Data is Collected in Open Banking? The data collected by open banking service providers may vary depending on the regulations of each country/region and the type of service provided. Regulators often set strict rules on the type of information that can be collected, limiting the scope to ensure TPPs only access what is strictly necessary. The most commonly collected data includes: How Does Open Banking Protect User Data? Protecting data in Open Banking is a top priority for regulators and financial institutions. Security measures applied include: However, alongside these protections, certain risks remain of concern to developers and users: In summary, while risks cannot be entirely eliminated, current security measures are established to ensure user data is protected within the open banking system. Nevertheless, users should also protect themselves by using strong passwords, updating software regularly, and staying vigilant against phishing attacks. Furthermore, empowering users to manage their open banking data is an excellent way for them to take responsibility for when and how they wish to provide their information. TPPs must clearly communicate the purpose and the data to be collected to ensure transparency and Open Banking data privacy. Savyint and Savyint Consent Management As an global technology company with extensive expertise in PKI, Cryptography, Blockchain, Electronic Identification, Authentication, Savyint proudly introduces Savyint Consent Management, specifically designed for the collection, storage, and transparency of user data rights. As an international technology group with extensive expertise in PKI, Cryptography, Blockchain, Electronic Identification, Authentication, and Open Banking/Finance, Functioning as a central “Trust Engine,” this solution automates 100% of the processes for collecting, storing, and verifying data rights across the entire customer journey. Savyint Consent Management enables enterprises to process sensitive data with total transparency, ensuring full compliance with global and local regulations such as Vietnam’s Personal Data Protection Law (No. 91/2025/QH15), Circular 64/2024/TT-NHNN, GDPR, FAPI 2.0… Advanced Technologies of Savyint Consent Management: Connect with Savyint’s experts today to lead the way in the data security era and build sustainable digital trust!
SAVYINT successfully implemented the electronic contract and electronic signature system for VietCredit
Digital transformation is an inevitable trend for financial institutions and banks striving to adapt proactively, overcome challenges, and achieve sustainable growth. VietCredit, recognizing this early, embarked on its digital transformation journey ahead of the curve. With SAVYINT’s support, VietCredit successfully implemented an electronic contract and e-signature system, providing customers with satisfaction through enhanced experiences utilizing a data-driven technology platform. The final puzzle piece in VietCredit’s digital transformation journey With the goal of developing an innovative business model driven by digitization, VietCredit not only focuses on fostering new technologies in management and operations but also heavily invests in digitizing the products and services offered to customers. VietCredit identified that the “final puzzle piece” for creating a seamless and complete digital experience for users is the electronic contract and e-signature system. Given the unique challenges in the financial sector, the bank’s electronic contract and e-signature system must ensure legal compliance, security, and long-term data storage, providing a safe experience and protecting customer rights. VietCredit sought a solution that offers simple, fast e-signing with strong security and cost efficiency, particularly for loan contracts with individuals and organizations. However, VietCredit faced difficulties in finding an optimal solution, as the concepts of e-signatures and digital signatures were still unclear, and distinguishing between various types of e-signatures was not well defined. This challenge is not unique to VietCredit but is shared by many organizations in Vietnam, hindering them from adopting digital signatures and e-signatures on a larger scale. SAVYINT’s solution for VietCredit’s challenge After thorough research, VietCredit decided to partner with SAVYINT, Vietnam’s leading provider of digital signature solutions. With over 17 years of experience implementing national digital transformation projects, SAVYINT was able to address VietCredit’s challenge by offering a comprehensive solution featuring secure e-signatures with timestamping for individuals signing smaller loan contracts. SAVYINT’s secure e-signature solution uses multi-factor authentication to provide identity verification for signers. Additionally, the timestamp feature, synchronized with the national time source, is appended to the e-signature, preventing denial of the signing time and ensuring document integrity. Any changes made to the document after signing would be detected. The secure e-signatures are validated for the long term, based on the timestamp’s validity period (ranging from 3 to 5 years). This ensures maximum fraud prevention and document security, providing legal protection in case of disputes. The launch of VietCredit’s electronic contract and e-signature system After six months of implementation, supported by SAVYINT’s dedicated team, VietCredit’s electronic contract and e-signature system was officially rolled out across all branches nationwide, with nearly 100,000 e-signatures processed annually. This milestone marks a significant leap in VietCredit’s digital transformation strategy, aiming to optimize the customer experience. The system is fully integrated into the VietCredit app, enabling customers to sign card-opening contracts anytime, anywhere, via mobile devices or tablets, reducing costs and travel time. At the system’s launch event, Mr. Hoang Nguyen Van, Chairman of SAVIS, emphasized: “VietCredit’s electronic contract and e-signature system is a pioneering platform that meets the demand for transitioning from paper contracts to electronic contracts, in full compliance with Vietnamese regulations and European standards. In Vietnam, SAVYINT is the leading and only provider of the most complete digital signature and e-signature services. We believe this partnership will enhance VietCredit’s competitive advantage in the consumer finance market, ushering in new waves of technology and delivering the best convenience for customers.” VietCredit is a financial institution offering transparent and reliable financial services, heavily investing in technology solutions to ensure the highest transaction quality for its customers. The electronic contract and e-signature system has created a strong foundation for VietCredit’s continued growth and breakthroughs in the future, further strengthening customer trust in the products and services that SAVYINT provides.