AI/ML-Based Banking Transaction Fraud Prevention
As digital transformation accelerates, detecting and preventing banking transaction fraud through advanced technologies such as AI and machine learning (AI/ML) has become a top strategic priority for financial institutions, as cybercrime continues to grow in both scale and sophistication. According to the latest data from the U.S. Federal Trade Commission (FTC), total consumer-reported fraud losses in 2024 reached approximately USD 12.5 billion, representing an increase of nearly 25% compared to 2023. This highlights the rapidly escalating severity of fraudulent activities. Beyond direct financial losses, banks also incur substantial additional costs related to investigations, legal proceedings, incident response, and reputation recovery – often making the actual cost several times higher than the initial monetary loss. More critically, fraud incidents significantly erode customer trust, negatively impacting customer retention and the ability to attract new users. Investing in advanced fraud detection systems and proactive prevention measures is therefore not merely an operational requirement, but a strategic imperative for banks to protect assets and maintain credibility in the digital era. What Is Banking Fraud Prevention? Banking fraud prevention refers to the use of multiple, layered protection methods by banks to detect early signs of fraud, reduce risk exposure, and prevent financial fraud before it causes serious damage. Today, modern fraud prevention strategies no longer focus solely on incident response after fraud has occurred. Instead, they emphasize proactive prevention from the outset. These approaches integrate advanced data analytics, real-time monitoring, and AI-driven risk assessment, enabling banks to stay ahead of increasingly complex financial threats. As fraud types become more sophisticated, fraud detection technologies are more critical than ever to maintaining the security and integrity of banking data and transactions. Using AI/ML to Detect and Prevent Banking Fraud By deploying a flexible and adaptive defense system against financial fraud threats, banks and financial institutions can effectively prevent and minimize the impact of fraudulent activities. At the core of this defense system is the application of advanced data analytics, artificial intelligence, and machine learning to detect fraud patterns in real time and provide early warnings of potential risks. In parallel, banks deploy phishing-resistant Strong Customer Authentication (SCA) and Multi-Factor Authentication (MFA), incorporating FIDO2 security keys, passkeys, transaction signing, device-bound cryptographic keys, and biometric factors. Together, these mechanisms create a flexible, adaptive and resilient defense against financial fraud, ensuring that only authorized users can access accounts and sensitive information. Real-time transaction monitoring serves as a foundational component of financial fraud prevention systems. Beyond supporting compliance with KYC and anti-money laundering requirements, continuous AI/ML-driven monitoring enables large-scale data analysis to identify abnormal behaviors as soon as they occur, thereby mitigating risks before fraud results in actual losses. Periodic risk assessments involve analyzing emerging fraud trends, reviewing vulnerabilities in existing systems, and adjusting prevention strategies accordingly. This allows banks to continuously refine and enhance the effectiveness of fraud detection over time. Beyond detection and assessment, AI/ML enables the prediction of future fraud risks. By learning from past fraud incidents, systems can identify individuals or groups with a higher likelihood of committing fraud, helping organizations allocate preventive resources more precisely and effectively. Strong Customer Authentication and Multi-Factor Authentication enhance the security of user access and transaction approval by moving beyond traditional password-based mechanisms. When implemented with phishing-resistant authentication methods such as FIDO2 security keys, passkeys, transaction signing, device-bound cryptographic keys, and biometrics, SCA/MFA provides a flexible, adaptive, and resilient security layer. This method ensures that only legitimate users can access accounts and authorize transactions, effectively mitigating risks such as phishing, credential theft, account takeover, and financial fraud, while meeting stringent regulatory and security requirements. Alongside technology, customers play an increasingly important role. Proactively raising customer awareness of common scam techniques and providing guidance on safe transaction practices empowers users to protect themselves against fraud and social engineering attacks. Financial fraud prevention is a continuous journey that requires banks and financial institutions to constantly update and adopt new technologies to enhance prevention capabilities and minimize fraud-related losses. Savyint delivers a comprehensive Fraud Prevention and Risk Management solution suite designed to help banks and financial institutions detect fraud early, prevent incidents promptly, and manage fraud risks effectively. Connect with Savyint’s experts today to strengthen your defenses and minimize financial fraud risks. Source:
SAM Appliance Wins Asia-Pacific ICT Award (APICTA) 2025
On December 8, at the announcement and awarding ceremony of the Asia-Pacific ICT Awards (APICTA) 2025, SAVYINT’s SAM Appliance was honored as the Second Runner-up in the category Security Solution – Business Service. APICTA is the most prestigious ICT award in the Asia-Pacific region, held annually since 2001 by the Asia Pacific ICT Alliance. This year, APICTA 2025 took place in Kaohsiung, Taiwan, celebrating and recognizing outstanding software products, IT solutions, digital applications, and innovative startup projects from 17 member countries and economies. SAM Appliance by SAVYINT excellently achieved the Second Runner-up title in the Security Solution – Business Service category. This accomplishment is particularly meaningful as it marks SAVYINT’s first participation in APICTA, demonstrating the innovative capabilities and solution quality of Vietnamese technology enterprises on an international stage. SAM Appliance – An all-in-one solution for data encryption, digital signature authentication and mobile identification SAM Appliance is a solution for all-in-one data encryption, digital signature authentication and mobile identification, ensure compliance with standards for remote digital signature, blockchain, crypto currency, mobile payment, data encryption, transaction encryption, timestamp, security, system authentication, IoT, Car2X… SAM Appliance includes a FIPS 140-2 Level 3–certified Server Appliance combined with Hardware Security Module (HSM) devices, integrated with SAM Software, Key Management Software (KMS), and digital signing software, creating a comprehensive and flexible security platform for any deployment needs and sectors such as Finance and Banking, Healthcare, Education, Telecommunications, Broadcasting, Media,… With its compact design and all-in-one hardware architecture, the solution enables fast installation and operation, optimal performance, unlimited integration with existing information systems, and maximum minimization of security vulnerabilities. It ensures system safety thanks to its independent and specialized operating environment, eliminating reliance on third parties, while significantly reducing investment costs compared to traditional specialized security infrastructures. More than just a platform for signing invoices, contracts, documents, certificates, or payment records, SAM Appliance is built on the Cryptographic Security Platform (CSP). It integrates SCA and MFA authentication, PKI-based passwordless authentication, tokenization, transaction signing with end-to-end encryption, advanced mobile security with Cryptography, and supports Post-Quantum Cryptography (PQC) — ready for the new security era. It also supports data and transaction encryption, blockchain and cryptocurrency integration, mobile payment and digital wallet capabilities, timestamped digital signatures, and long-term electronic archiving for 5, 10, and 20 years. SAM Appliance fully complies with regional technical standards and international legal regulations, including FIPS 140-2 Level 3, ISO 9001:2015, ISO 14001:2015, ISO 27001:2022, GDPR, SOC 2 Type II, HIPAA & PCI DSS. During the event, Brad Palmer, COO & EVP of Savyint, shared: “SAM Appliance is a breakthrough technology solution designed to address the core challenges of security, data encryption, and digital identity in today’s era of rapid digital transformation. We developed SAM Appliance as a unified security platform where any organization or enterprise can deploy digital signatures, strong authentication, and secure data and transaction encryption on a single hardware device that meets the highest international standards.” Being honored at APICTA 2025 is a powerful affirmation of Savyint’s technological capabilities. Along with SAM Appliance, Savyint’s solutions will continue to accompany global organizations and enterprises on their journey toward safe, sustainable, and fully compliant digital transformation. Photos from the event:
ONLY 1 DAY LEFT until the Workshop “Implementing Safe, Reliable Open Banking and Complying with Circulars 64 & 50/2024/TT-NHNN”
Co-organized by Savyint Group, IBM Vietnam, and Techdata, with the support of the Vietnam Institute for Innovation & Digital Transformation (VIDTI) and the Open Banking Forum, the Workshop “Implementing Safe, Reliable Open Banking and Complying with Circulars 64 & 50/2024/TT-NHNN” serves as a specialized platform gathering leading experts in Information Technology, Security & Legal Compliance, and Banking & Finance from Vietnam and the region. At the workshop, participants will gain comprehensive insights—from strategy and regulation to technological implementation—for building a successful Open Banking model: Only 1 day to go before the workshop officially begins! Register now to join and connect with top industry experts: https://openbankingforum.org/hoi-thao-ngan-hang-mo/ Workshop: “Implementing Safe, Reliable Open Banking and Complying with Circulars 64 & 50/2024/TT-NHNN” Time: 08:30 – 12:00, Friday, 21 November 2025 Venue: Hotel du Parc Hanoi, 84 Tran Nhan Tong, Hai Ba Trung District, Hanoi Register and view full workshop details: https://openbankingforum.org/hoi-thao-ngan-hang-mo/ Submit questions for speakers: https://openbankingforum.org/dat-cau-hoi-cho-dien-gia/
ONLY 2 DAYS LEFT until Workshop “Implementing Safe, Reliable Open Banking and Complying with Circulars 64 & 50/2024/TT-NHNN”
The workshop “Implementing Safe, Reliable Open Banking and Complying with Circulars 64 & 50/2024/TT-NHNN” is organized by Savyint Group, IBM Vietnam, and Techdata, with the support of the Vietnam Institute for Digital Transformation & Innovation (VIDTI) and the Open Banking Forum. Taking place on the morning of November 21, 2025, the event offers the banking and financial community an opportunity to access in-depth insights on the implementation of Open Banking in Vietnam and around the world. At the workshop, leading industry experts will share practical perspectives on key topics such as: With the participation of respected experts and highly relevant topics, the workshop is a must-attend event for banks, financial institutions, and technology enterprises seeking strategic insights into developing an Open Finance ecosystem. Only 2 days left until the workshop begins! Register now to join and connect with top industry experts: https://openbankingforum.org/hoi-thao-ngan-hang-mo/ Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN Time: 8:30 – 12:00, November 21, 2025Venue: Hotel du Parc Hanoi, 84 Tran Nhan Tong street, Hai Ba Trung ward, HanoiRegistration link: https://openbankingforum.org/hoi-thao-ngan-hang-mo/
Official Agenda of the Workshop “Implementing Open Banking Safely, Reliably, and in Compliance with Circulars 64 & 50/2024/TT-NHNN”
Taking place on November 21, 2025, the workshop “Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN” promises to be a gathering point for leading experts in Information Technology, Security – Legal, and Finance – Banking. As Open Banking becomes a crucial foundation in the digital transformation strategies of banks and financial institutions, understanding the latest regulations from the State Bank of Vietnam, especially Circular 64 and Circular 50/2024/TT-NHNN, is essential to ensure safe, reliable, and sustainable implementation. The workshop, co-organized by Savyint Group, IBM Vietnam, and Techdata, with the support of the Vietnam Institute for Innovation & Digital Transformation (VIDTI) and the Open Banking Forum, aims to help banks shape implementation strategies aligned with national standards while keeping pace with global trends. Below is the detailed agenda for the event on November 21. The workshop will begin from 8:30 – 9:00 with guest check-in and welcome activities. This is an opportunity for attendees and experts to meet, connect, and exchange insights before entering the in-depth discussion sessions. From 9:00 – 9:20, the event will officially open with a presentation on Circular 64/2024/TT-NHNN delivered by a specialist from the Information Technology Department of the State Bank of Vietnam. Continuing the program, from 9:20 – 9:50, Mr. Hoang Nguyen Van, Vice Chairman of the Vietnam Institute for Innovation and Digital Transformation (VIDTI), will present “Implementing Open Banking with Legal Compliance, Trusted Security, and Strong Authentication under Circulars 64 & 50/2024/TT-NHNN.” This session focuses on models, platforms, and technical frameworks that enable banks to implement Open Banking effectively, from preparation to full operation. From 9:50 – 10:20, Mr. Ngo Thanh Hien, Chief Technology Officer of IBM Vietnam, will provide a strategic perspective on “The API Economy in Banking Digital Transformation”—a trend reshaping the digital banking ecosystem. After the break, the workshop resumes with an essential session on “Ensuring Secure and Compliant Open Banking & Digital Banking Implementation under Circulars 64 & 50/2024/TT-NHNN”, presented by Mr. Brad Palmer, CEO & Vice Chairman of Savyint. From 11:00 – 11:30, attendees will delve into “Data Protection in the Era of AI and Quantum Computing,” presented by Mr. Nguyen Manh Linh, Data Security Specialist at IBM Vietnam. At 11:30, the event will transition into an open panel discussion, where leading experts in Technology, Legal, and Banking Finance will exchange insights, share practical lessons, and address questions directly from workshop participants. With a comprehensive program, reputable speakers, and highly practical, timely topics, the workshop “Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN” is set to be an unmissable event for banks, financial institutions, and technology enterprises seeking to advance their open finance ecosystem. This is an opportunity for organizations and businesses to update regulatory requirements, learn from real-world implementation experiences, and expand collaborative networks toward building safe, transparent, and sustainable Open Banking in the digital era. Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN Time: 8:30 – 12:00, November 21, 2025Venue: Hotel du Parc Hanoi, 84 Tran Nhan Tong street, Hai Ba Trung ward, HanoiRegistration link: https://openbankingforum.org/hoi-thao-ngan-hang-mo/
Meet Leading Experts at the Workshop “Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN”
With the goal of helping banks and financial institutions shape effective, secure, and sustainable Open Banking strategies, the workshop brings together leading experts in Information Technology, Security & Legal Compliance, and Banking–Finance. As Vietnam’s financial and banking sector enters a period of strong transformation, implementing Open Banking in alignment with the directions of Circulars 64 & 50/2024/TT-NHNN has become a key mission to ensure safety, compliance, and innovation. The workshop “Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN ” gathers top technology, legal, and data security experts from Savyint Group, the Vietnam Institute of Innovation & Digital Transformation (VIDTI), and IBM Vietnam. Combining strategic perspectives with practical experience, the speakers will share critical solutions that help banks meet new regulatory requirements, protect user data, and build Digital Trust in the era of open finance. Let’s explore the experts who will be joining this event with Savyint. Mr. Hoang Nguyen Van, Vice President, Vietnam Institute of Innovation & Digital Transformation (VIDTI) With many years of experience in digital transformation and policy development, and as a Senior Expert and Technical Standards & Compliance Director of the Open Banking Exchange, Mr. Hoang Nguyen Van will deliver comprehensive insights on security, strong customer authentication (SCA/MFA), and the regulatory framework for implementing Circulars 64 & 50/2024/TT-NHNN. He will also present end-to-end solutions enabling banks to simultaneously achieve innovation and compliance. Mr. Ngo Thanh Hien, Chief Technology Officer, IBM Vietnam As a leading technology expert in cloud security infrastructure, Mr. Ngo Thanh Hien will discuss the role of APIs, building the API economy, and how banks can leverage open platforms to innovate products, optimize operations, and expand collaboration with third-party providers. Mr. Brad Palmer, Chief Executive Officer & Vice President, Savyint Group With extensive experience in identity management, strong authentication (MFA/SCA), and data security, Mr. Brad Palmer will present approaches to ensuring safety and compliance in the Open Banking model—supporting banks in meeting regulatory standards under Circulars 64 & 50/2024/TT-NHNN. Mr. Nguyen Manh Linh – Data Security Expert, IBM Vietnam Mr. Nguyen Manh Linh will share in-depth insights into data protection strategies, encryption, and security risk prevention in the context of rapid advancements in AI and quantum computing—opening new pathways for banks to safeguard digital assets and customer trust. With the participation of leading experts from the State Bank of Vietnam, VIDTI, and global technology enterprises such as Savyint Group and IBM Vietnam, the workshop promises to deliver multidimensional, insightful, and practical perspectives on the journey of implementing Open Banking in Vietnam. This will be a valuable opportunity for banks, financial institutions, and technology partners to discuss, connect, and shape the future of Vietnam’s digital finance landscape. Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN Time: 8:30 – 12:00, November 21, 2025Venue: Hotel du Parc Hanoi, 84 Tran Nhan Tong street, Hai Ba Trung ward, HanoiRegistration link: https://forms.office.com/e/TZvYePQqCB Event Details: https://savyint.com/implementing-safe-reliable-open-banking-and-complying-with-circular-64-50-2024-tt-nhnn/
SAM Auth Server – Next-Gen Digital Identity & Authentication Compliant with Philippines BSP Circular No. 1213
The Philippines BSP Circular No. 1213 introduces specific changes that will reshape authentication policies across financial institutions in the Philippines, with a one-year compliance window starting June 2025. The pressing question now is how to adapt effectively Bangko Sentral ng Pilipinas (BSP) Circular No. 1213, issued in June 2025, is a regulation mandating stricter, phishing-resistant, device-bound authentication for financial institutions in the Philippines to combat digital fraud. The circular aims to enhance security in digital customer onboarding, transactions, and session management by replacing insecure methods like SMS/email OTPs with stronger tools such as passkeys and biometrics. The requirements apply to all BSP-supervised financial entities, including banks, fintech companies, payment providers, and lending firms, and cover critical areas such as: Financial institutions have one year from June 2025 to fully comply with all the requirements of this Circular. 1. Specific regulations BSP Circular No. 1213 highlights the growing security risks of traditional OTP methods – particularly those delivered via SMS or email—and advises against their use. This stance reflects global recognition that such channels are highly vulnerable to phishing, SIM swap attacks, and other forms of social engineering. Biometric authentication, Behavioral biometrics, Passwordless authentication (biometrics, hardware tokens and cryptographic keys, FIDO), Adaptive authentication, considered perfectly aligned with BSP Circular No. 1213 because they directly address the circular’s core security objectives: preventing phishing, eliminating interceptable authentication, and binding user access to a secure device. Fundamentally, the provisions of BSP Circular No. 1213 adopt a similar approach to those of other countries around the world, as cyberattacks are a global issue. 2. Comprehensive Compliance Solution – SAM Auth Server With over 20 years of experience in developing encryption, identity, and authentication solutions, Savyint offers one of the most comprehensive authentication platforms, fully meeting and even exceeding the requirements of BSP Circular No. 1213. SAM Auth Server is an all-in-one strong authentication solution that enables system authentication, data encryption, transaction encryption, multi-layer authentication, multi-level security, and integration with hardware security devices as well as software functional modules, ensuring maximum safety for electronic transactions. 2.1 Key features of the solution Transaction Authentication Features Access Control Token Types Data Encryption – Transaction Encryption Encrypt data and transactions, ensuring that all information cannot be stolen or tampered with during initiation, storage, and transmission. Integration with AML monitoring systems and Fraud Management Systems (FMS) 2.2 Full compliance with international standards With a flexible design and high scalability, SAM Auth Server can be easily deployed across various system models (on-premise, cloud), supports multiple platforms, and delivers the most advanced authentication methods available today. Contact us now for a consultation HERE!
Philippines BSP Circular No. 1213 and Compliance Solutions for Financial Institutions
In June 2025, BSP Circular No. 1213 was issued as a regulatory instrument amending the IT Risk Management Regulations to implement Section 6 of the Anti-Financial Account Scamming Act (AFASA) in the Philippines. This Circular provides a detailed set of mandatory compliance actions for financial institutions to safeguard users’ financial transactions and accounts. The Philippines government has demonstrated that it is taking bold action to ensure the safety and protection of online financial transactions. Cybercrime in the Philippines is rising at a staggering rate. Cybercrime complaints surged by 71.9% in the first quarter of 2025 compared with the same period the previous year, increasing from 1,891 to 3,251 cases, according to the Cybercrime Investigation and Coordinating Center (CICC). This sharp rise underscores how cybercriminals are evolving faster than conventional security models can keep pace with. Financial institutions are a popular target. According to the Bangko Sentral ng Pilipinas (BSP), supervised institutions reported losses of P5.82 billion due to cyber incidents in 2024, up from P5.67 billion in 2023. Most of these were due to phishing, card-not-present fraud, and ATOs. In addition to financial repercussions, these cyber incidents also undermine consumer trust and confidence in digital systems. 1. About the Anti-Financial Account Scamming Act (AFASA) Before delving into the specifics of BSP Circular No. 1213, issued in June 2025, it’s important to first understand the broader regulatory framework it falls under — the Anti-Financial Account Scamming Act (AFASA). The AFASA is a landmark Philippine law passed July 20, 2024, aims to prevent the misuse of financial accounts in fraud and scams like phishing and vishing. It also defines and penalizes social engineering schemes, money muling activities, and related offenses. These include those committed using advances in technology, which were previously not covered by existing cybercrime laws in the Philippines. The BSP has issued three circulars to implement AFASA: BSP Cir. No. 1213, series of 2025: https://www.bsp.gov.ph/Regulations/Issuances/2025/1213.pdf BSP Cir. No. 1214, series of 2025: https://www.bsp.gov.ph/Regulations/Issuances/2025/1214.pdf BSP Cir. No. 1215, series of 2025: https://www.bsp.gov.ph/Regulations/Issuances/2025/1215.pdf 2. About the Bangko Sentral ng Pilipinas (BSP) Circular No. 1213 Bangko Sentral ng Pilipinas (BSP) Circular No. 1213, issued in June 2025, is a regulation mandating stricter, phishing-resistant, device-bound authentication for financial institutions in the Philippines to combat digital fraud. The circular aims to enhance security in digital customer onboarding, transactions, and session management. We can further explore the specific changes introduced by the new Circular and examine how these changes will affect the authentication policies of financial institutions in the Philippines. a. Broader Scope: The requirements apply to all BSP-supervised financial entities, including banks, fintech companies, payment providers, and lending firms. b. Focus Areas: The enhanced authentication requirements cover critical areas such as: 3. Limitation on the use of interceptable authentication mechanism Limitation on the use of interceptable authentication mechanism (e.g. One-Time Pins [OTPs] via SMS and email). With the increasing prevalence of social engineering attacks aimed at obtaining login credentials, BSFIs should limit the use of authentication mechanisms that can be shared to, or intercepted by, third parties unrelated to the transaction. The Philippines is one of many countries, such as the United Arab Emirates and Singapore, that are making the move to retire SMS and email OTPs and adopt more secure forms of authentication. Fundamentally, the provisions of BSP Circular No. 1213 adopt a similar approach to those of other countries around the world, as cyberattacks are a global issue. To gain a broader perspective, let’s compare BSP Circular No. 1213 with regulatory frameworks from a few other jurisdictions. 5.1 PSD3/PSR (EU, proposed 2023–2025) Aspect BSP Circular No. 1213 (Philippines, 2025) PSD3/PSR (EU, proposed 2023–2025) Objectives / new focus Strengthen technology security, combat digital account scamming; require BSFIs to implement Fraud Management System (FMS), strong authentication, and account protection. Upgrade of PSD2: enhance security, expand user rights, impose PSP liability for impersonation fraud, improve SCA, refunds, and fraud data sharing. Fraud requirements / fraud detection Mandatory implementation of real-time FMS: velocity checks, blacklists, geo-location, bot, and anomaly detection. Proposed transaction monitoring before execution (pre-execution monitoring), push for real-time anti-fraud. Authentication & SCA Move away from SMS/email OTP, require phishing-resistant MFA (passkeys, FIDO2). Tighten & expand SCA: clarify mandatory cases, support new methods (biometric, device binding). Liability & compensation Mainly technical requirements; no clear rules on liability/compensation for customers in case of fraud. Introduces liability shift: PSPs must refund when customers suffer impersonation fraud (except in cases of gross negligence). Data sharing & cooperation No emphasis on fraud data sharing among institutions. Opens path for PSPs to share fraud intelligence within GDPR framework. Account & device protection 24h pause after account info changes, kill switch, restrictions on root/jailbreak, monitoring device/geo anomalies. Adds confirmation of payee, protection against impersonation, clearer liability rules. Timeline & entry into force Effective June 2025, BSFIs have 1 year to comply. Still in proposal stage, expected adoption 2025–2026 after EU approval. Limitations / unclear points Focused on large BSFIs, not yet extended to smaller fintechs; lacks clear compensation mechanism; weak on data sharing. Details still evolving due to EU legislative process; challenges in defining impersonation and compliance costs for smaller PSPs. 5.2 Aspect BSP Circular No. 1213 (Philippines, 2025) Circular 50/2024/TT-NHNN (Vietnam) Basis & objectives Adds IT Risk Management requirements under Section 6 AFASA (RA 12010) to combat scamming/digital account attacks. Regulations on safety and security for online services, replacing Circulars 35/2016 + 2018; aligned with the Law on Cyberinformation Security & E-Transactions Law. Scope of application All BSP-supervised financial entities, including banks, fintech companies, payment providers, and lending firms Credit institutions, foreign bank branches, payment intermediaries, credit information companies providing online services. Fraud / FMS / Fraud detection Requires high-transaction BSFIs to implement real-time Fraud Management System: velocity checks, blacklist, geo, device, bot, anomaly detection. No requirement for real-time FMS; focus on IT security, encryption, access control, periodic testing. Authentication & transaction protection Push for stronger authentication, reducing SMS/email OTP; encourage passkeys, FIDO, phishing-resistant MFA. Requires electronic transaction confirmation via PIN, OTP, or secret key; mandatory re-authentication when identity information
Embracing the Quantum era with Post-Quantum Cryptography (PQC)
In the near future, quantum computers are expected to become powerful enough to break traditional asymmetric cryptographic algorithms—the backbone of data security for messages, documents, and online transactions. Post-Quantum Cryptography (PQC) is being developed to counter this immense computational power. Post-Quantum Cryptography (PQC), also referred to as Quantum Safe Cryptography (QSC), encompasses encryption algorithms designed to withstand attacks from quantum computers. What is Quantum Computing? Quantum computing leverages principles of quantum physics to solve mathematical problems exponentially faster than classical computers. Tasks that would take today’s most powerful supercomputers years to complete could be reduced to mere days by quantum computers. This unprecedented computational power heralds a new era for applications like artificial intelligence. However, alongside its benefits, quantum computing poses significant security threats. Why Are Quantum Computers a Security Threat? Once sufficiently advanced quantum computers emerge, traditional asymmetric cryptographic algorithms will become vulnerable. For instance, widely used algorithms like RSA and ECC, which rely on mathematically complex problems such as integer factorization and discrete logarithms, are employed globally to secure bank accounts, medical records, and other critical data. However, quantum algorithms like Shor’s algorithm could easily break RSA and ECC. Governments and global tech corporations have acknowledged this threat, issuing warnings to protect critical infrastructure against potential quantum attacks. The U.S. National Security Memorandum of May 2022 states: “A sufficiently large and sophisticated quantum computer capable of breaking cryptography (CRQC) could compromise most public-key cryptographic algorithms used in digital systems across the U.S. and worldwide. A CRQC could endanger civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most internet-based financial transactions.” What is Post-Quantum Cryptography (PQC)? To counter quantum attacks, global research efforts are underway to develop stronger algorithms to replace RSA and ECC, capable of resisting attacks from both classical and quantum computers. These algorithms are collectively known as Post-Quantum Cryptography (PQC). Why Act Now? While quantum computers capable of such feats may not yet exist, data collection is already occurring. Sensitive or private data, valuable for years or even decades, is at risk. Hackers may be storing encrypted data now, waiting for future quantum computers to decrypt it—a strategy termed “harvest now, decrypt later.” Additionally, devices like chips have long development cycles, requiring years of security testing and certification before deployment in existing infrastructure. Therefore, transitioning to PQC sooner rather than later is highly advantageous. Global Progress in PQC Development The most significant PQC research is led by the U.S. National Institute of Standards and Technology (NIST). NIST launched a global competition, inviting researchers worldwide to propose, evaluate, and validate new algorithms for resilience. On July 5, 2022, NIST announced the first set of standardized algorithms, including: Key encapsulation mechanism (KEM) CRYSTALS-Kyber and Digital signature algorithms such as CRYSTALS-Dilithium, FALCON, SPHINCS+. In 2022, the U.S. National Security Agency (NSA) released an updated Commercial National Security Algorithm Suite (CNSA 2.0), mandating that national security systems (NSS) fully transition to PQC algorithms by 2033, with some cases required as early as 2030. CNSA 2.0 specifies CRYSTALS-Kyber and CRYSTALS-Dilithium as key quantum-resistant algorithms, alongside hash-based signature algorithms like XMSS (Extended Merkle Signature Scheme) and LMS (Leighton-Micali Signatures). By August 2024, NIST published its first three standardized PQC algorithms to ensure proper implementation: NIST also outlined a roadmap to phase out classical cryptographic algorithms like RSA-2048 and ECC-256 starting in 2030, with complete discontinuation by 2035. How should businesses prepare for the quantum era? To be ready for the transition to post-quantum cryptographic algorithms, the first step for businesses is to review their entire systems and technology infrastructure to identify where RSA and ECC algorithms are currently being used. Next, they should assess the potential impact on speed and performance when switching to more secure Post-Quantum Cryptography (PQC) algorithms. Based on this assessment, businesses can then develop a step-by-step transition plan, while engaging with customers and partners to align on the migration approach and begin the transition. Savyint PQC Lab: Vietnam’s First Post Quantum Crytography Platform for Digital Signatures, PKI, and Data Encryption As an international technology group with extensive expertise in PKI, Cryptography, Blockchain, Electronic Identification, Authentication, and Open Banking/Finance, Savyint proudly introduces the Savyint PQC Lab – Vietnam’s first post-quantum cryptography platform tailored for digital signatures, PKI, blockchain, and cryptographic solutions. This testing platform enables organizations to explore NIST-approved PQC algorithms, assess compatibility, performance, and impact without disrupting existing infrastructure. This is critical for financial institutions and fintech organizations aiming to comply with international standards such as FIDO2, PSD2, eIDAS, and PCI DSS. Key features of Savyint PQC Lab: Connect with Savyint’s experts today to lead the way into the post-quantum era!