How does data work in open banking?
Open banking is a new financial ecosystem that allows users to securely share their personal financial data with third-party organizations, which can be fintech companies or other financial institutions. By sharing data, these organizations can provide personalized financial services to users. So how is open banking data being processed and what is it used for? Open banking: Managing user consent for data access (consent management) To provide and develop quality products and services, third-party providers (TPPs) need user consent to access their financial data, which is then filtered and processed for research purposes, and to build new financial products and services. Consent management is a sensitive issue that requires caution and understanding of legal and technical aspects. Contrary to popular belief, consent management is not simply clicking or checking the “Agree” box; it is a structured process that complies with regulations and directives in each region and country, such as the PSD2 directive or GDPR regulations in the EU. The approval management process in banking usually proceeds as follows: Some organizations may have different ways of expressing the agreement to access data, but this will be the most common mechanism, often used in: Understanding how data and information flow during the consent request process is a key factor in the transparency and success of organizations in open banking. The process of managing the approval of open banking data sharing The approval management process is typically divided into three stages: a. Agreement stage b. Verification stage c. Authorization stage Throughout the process, users are always aware of who they are granting data access to, for how long, and for what purpose. In particular, users can withdraw consent at any time. The information users are aware of typically includes: Open banking data sharing: How does it work? Open banking allows third-party financial service providers to access information with the user’s permission. Technically, this process is carried out through open APIs. Legally, the data sharing process is monitored and regulated according to current government regulations, such as the Payment Services Directive PSD2 in the EU or the Open Banking Act in the UK. However, these regulations vary by region, so the types of data shared through open banking services also differ. Typically, to ensure transparency and integrity, there will be multiple layers of security and verification in the data exchange process between financial institutions and third-party providers. The transmission of data from one side to the other is done in “an instant” thanks to APIs to ensure seamless, safe, and efficient communication. Who can access open banking data? Not everyone can access data in open banking. To view this data, consent from the user is required, and the third-party provider must also be licensed. Third-party providers must meet specific requirements before being granted access to the user’s financial information. Regulatory authorities will be responsible for granting access to user data for third-party providers, such as in Australia, where the Australian Competition and Consumer Commission (ACCC) is responsible for licensing open banking data. These authorities are responsible for ensuring that the sharing of personal financial data does not violate the law and can grant, modify, or revoke data collection licenses. What data is collected in open banking? The data collected by open banking service providers may vary depending on the regulations of each country/region as well as the type of services provided. Regulatory authorities often impose strict regulations on the type of information that can be collected, limiting the scope of data collection to ensure that third-party providers only access what is necessary. The most commonly collected data includes: How do open banks protect user data? In fact, data protection in open banking is a matter of great concern to regulatory agencies and financial institutions. Security measures implemented include: However, alongside protective measures, there are still some risks that developers and users are concerned about, such as: In summary, while it is impossible to completely eliminate risks, current security measures have been established to ensure that user data is safely protected in open banking systems. However, users should also protect themselves by using strong passwords, regularly updating software, and being vigilant against phishing attacks. Additionally, allowing users to manage open banking data is also a great way for users to take responsibility for when and how they want to provide their information. Third-party providers need to clearly inform about the purpose and the data that will be collected to ensure transparency and the privacy of open banking data. About SAVYINT and the SAVYINT Open Banking solution SAVYINT is a trusted service provider leading the market and is in the TOP 10 leading IT companies in Vietnam. SAVYINT has successfully developed the SAVYINT Open Banking solution – a specialized system dedicated to the Finance – Banking sector, meeting legal and technological requirements to create connections and build a digital financial ecosystem. With a solid technological infrastructure and experience in deployment and operation, SAVYINT provides customers with advanced technology and the best user experience. The SAVYINT Open Banking solution encompasses all the features to become a reputable standard platform in the Finance – Technology field: Open banking applications are the key to accelerating growth in the financial sector. Connect with SAVYINT now to leverage and experience the features and benefits of open banking today!
Open Banking: A driving force for small and medium enterprises
SMEs are an indispensable component in the economic development of a country, playing an important role in creating jobs for the workforce, increasing state budget revenue, etc. However, the story of access to finance for SMEs remains a difficult knot to untie in many countries. The emergence of open banking is expected to remove many financial barriers that SMEs are facing. The outstanding benefits that SMEs receive when participating in the open banking ecosystem Not only does it create a positive impact on banks, third parties, and users in the ecosystem, but open banking also brings significant benefits to SMEs. Better access to credit Small and medium-sized enterprises often face difficulties in accessing credit from traditional banks due to: lack of transparent and accurate financial data, lack of collateral, no audited financial reports… However, with open banking, small and medium-sized enterprises can share financial data with third-party providers – organizations capable of assessing credit history. As a result, these enterprises have the opportunity to access better credit sources from various financial institutions, especially suitable in the case of startups or those with limited credit history. Better financial management Open banking allows small and medium-sized enterprises to access multiple financial products and services simultaneously on a single platform. In addition, these enterprises can view all accounts, transactions, and financial data on one screen, one application. This way, small and medium-sized business owners can make better financial decisions and manage cash flow more effectively. More competitive prices Another positive impact that the open banking ecosystem brings is the competition in pricing of financial products and services. By leveraging the financial data of small and medium-sized enterprises, credit institutions can offer financial products that match the specific needs, scale, and sector of each business, meaning that businesses can access the best loan packages within their capabilities. Improved security and privacy To participate in the open banking ecosystem, an important requirement is that banks and third-party providers must comply with strict security standards according to international policies or the laws of each country. Therefore, the financial data of small and medium-sized enterprises is ensured to be safe, private, and protected from unauthorized access. Experience for small and medium enterprises when participating in the open banking ecosystem Understanding open banking Before participating in the open banking ecosystem, understanding the nature and operation of open banking is extremely important. Small and medium enterprises can start by reading articles, watching explanatory videos, and attending online seminars, then exchanging with other business owners who have participated in the open banking ecosystem and learning from their experiences. The more knowledge about open banking, the better equipped businesses will be to make smart and correct decisions. Choosing a reliable third-party provider When participating in the open banking ecosystem, small and medium enterprises will need to choose a third-party provider to manage financial data. Choose based on criteria: Check the list of partners, customers who have accompanied, projects that these providers have implemented,… You can start right now by looking for information on websites, customer reviews, and suggestions from businesses that have previously collaborated. Data security should be a priority When participating in the open banking ecosystem, data security should be the top priority. Small and medium-sized enterprises need to ensure that their financial data is protected from unauthorized access and theft by verifying whether third-party organizations have the right to audit, assess credit history in compliance with data protection and information security regulations. Start small and gradually expand When participating in the open banking ecosystem, small and medium-sized enterprises may feel overwhelmed by the integration requirements, the infrastructure – technical needs to be equipped, the data that needs to be shared, etc. Therefore, it is advisable to start with basic services such as payment solution integration and then gradually expand to more complex services like loans and credit. This will help businesses easily control and gradually familiarize themselves before comprehensive integration. Joining the open banking ecosystem is a turning point for small and medium-sized enterprises. Not only do they gain access to better financial products and services, but small and medium-sized enterprises can also manage their finances more effectively. However, to fully leverage the benefits that open banking brings, these businesses also need to equip themselves with knowledge about open banking, choose a reliable provider, prioritize data security, etc. By following these experiences, small and medium-sized enterprises can take advantage of the benefits that open banking offers while ensuring that the business can develop steadily without worrying about capital sources. About SAVYINT and the SAVYINT Open Banking solution SAVYINT is a trusted service provider leading the market and is in the TOP 10 leading IT companies in Vietnam. SAVYINT has successfully developed the SAVYINT Open Banking solution – a specialized system dedicated to the Finance – Banking sector, meeting legal and technological requirements to create connections and build a digital financial ecosystem. With a solid technological infrastructure and experience in deployment and operation, SAVYINT provides customers with advanced technology and the best user experience. The SAVYINT Open Banking solution encompasses all the features to become a reputable standard platform in the Finance – Technology field: Connect immediately with SAVYINT experts to start building an open banking strategy today!
Security challenges in Open Banking and solutions
The development of Open Banking brings many opportunities but also presents challenges, particularly in the area of security. So what is the solution to security issues in Open Banking? Let’s explore with SAVYINT in the article below. According to predictions by The Financial Brand, Open Banking is one of the eight fintech trends set to transform the banking industry. In Vietnam, Open Banking is becoming an inevitable trend and a key growth direction for banks. Open Banking is a unified model that enables the sharing of financial data between two or more third parties through Open API (Application Programming Interface) technology. In this model, banks collaborate with technology partners that offer innovative services and provide technology platforms to build a digital financial ecosystem that meets customer needs. Security Risks in Open Banking The openness of the Open API model raises significant challenges for the banking sector, with privacy and data security being the most prominent. Incomplete Legal Framework Open Banking is rapidly growing within Vietnamese banks. However, the legal framework for Open Banking is incomplete and lags behind the pace of technological development. Currently, there are no specific regulations guiding Open API usage (e.g., what data can be shared, how partners can use the data, under what standards, etc.), and there is no unified standard for IT infrastructure, storage, or security. As a result, commercial banks are applying different API security protocols. In this ecosystem, if any party uses an API protocol that is not robust enough, the risk of data leaks or theft is very high. Moreover, customers cannot be certain how their personal and financial information is being secured and used. Risks from Non-Banking Partners Open Banking allows third-party service providers to access users’ financial data. To expand their service ecosystems, banks will partner with technology companies offering innovative products and services. These partners often propose security measures to collaborate with banks, but in reality, few provide viable solutions. Strong infrastructure, technological expertise for implementation, and risk control capabilities are essential criteria that technology partners must meet. However, not every technology company can fulfill all of these standards. SAVYINT Open Banking Platform – Vietnam’s First Comprehensive Open Banking Solution Choosing a reliable and promising partner is a crucial issue for banks. Understanding the challenges faced by the banking sector, SAVYINT has developed the SAVYINT Open Banking Platform, a solution that addresses both legal and technological needs to connect and build a digital financial ecosystem. Financial-Grade API Security Standards The SAVYINT Open Banking Platform applies advanced security solutions, such as OAuth (RFC 6749, RFC 6750), and is a pioneer in providing Financial API protocols with secure JSON Data Schema structures that ensure: Strong Customer Authentication (SCA) – Identity and Access Management (IAM) This solution enables financial institutions and enterprises to quickly and securely identify and authenticate end-users across multiple platforms, minimizing risks in electronic transactions: Customized API Design Services The SAVYINT Open Banking Platform provides financial institutions and enterprises with a solution to optimize API resources. It offers a comprehensive, end-to-end solution tailored to the diverse needs of financial institutions and banks in Vietnam. Open Banking is the key for Vietnamese banks to accelerate growth and lead the digital transformation of the banking industry. Beyond preparing for potential input risks, banks need to research and select suitable partners with the highest international security standards. Contact SAVYINT’s experts today for immediate support!
Open API – The key to promoting open banking
The Open API has changed the way banks serve their customers, in order to improve the user experience and increase competitiveness in the market. This promotes the development of new operating models in the Finance – Banking industry, typically Open Banking. Why is Open API key to Open Banking? Currently, users are using too many applications for payment, financial management, shopping, authentication,etc. In other words, having to load a series of different applications at the same time causes users a lot of trouble and complexity in sharing data, managing reports or retrieving information. So, that has led to the increasingly widespread use of APIs as well as integrated applications namely Open Banking. The main purpose of the Open Banking API is to create a unified model that allows financial data to be shared between two or more third parties. Widespread use of Open APIs, banking institutions form a true API ecosystem; providing the best customer experiences thanks to the ability to combine the digital services of multiple providers in one application. Users can access a variety of financial products and services directly connected to the financial databases of banks. Along with the development of the Industrial Revolution 4.0, more and more consumers use products and services from Fintech. Therefore, instead of competing, cooperation with Fintech companies is essential for the bank to stay ahead of new technologies to provide attractive services to its customers. This approach forces banks to establish an open API architecture that facilitates the plug-and-play integration of banking and Fintech services, ultimately creating banking app stores with multiple utilities and services. “Open Banking” – Open Banking using Open APIs is becoming a new trend. Open banking creates opportunities to form diverse integrated financial and non-financial services, generate new revenue sources for financial institutions, and expand customer base with a secure ecosystem of data sharing applications. Open API application for Savyint Open Banking Solutions: A comprehensive solution system for Open Banking Pioneering and accelerating strongly on the digital transformation race, SAVYINT has been ahead of the Open Banking trend. In addition to launching Savyint Open Banking Solutions specifically designed for the Finance – Banking industry, meeting the legal – technological needs to connect and build a digital financial ecosystem, SAVYINT also connects and cooperates with prestigious organizations and enterprises on Open API in Vietnam and around the world to develop an open ecosystem with Open API such as DX Open Healthcare Platform (Open Health), DX Open Gov (Open Government),… Some of SAVYINT’s leading partners in providing Open API and Open Banking solutions: With a solid technology foundation and infrastructure and partners with experience in implementing and operating the world’s leading Open API, SAVYINT will provide customers with the most advanced technologies and optimal user experience. Contact SAVYINT today to help your organization lead the way with Open Banking!
QTSP and Remote Signing bring great competitive advantages to Vietnamese Financial – Banking organizations
With QTSP certification for remote signing models, HSM digital signatures, and electronic authentication services provided by a QTSP in Vietnam, digital signatures and electronic certificates will be widely recognized in all 27 EU countries. This will bring a great advantage to domestic organizations and businesses, especially in the finance and banking sector. QTSP and the challenge of secure electronic authentication in transactions One of the most difficult challenges in the digital finance and economy is the process of secure electronic identification and authentication in transactions. Previously, banks operated their own specialized CA systems for parties to register for services. However, this system quickly became overloaded when third parties or multiple financial institutions registered and authenticated each other, leading to an increasingly complex and difficult-to-control identity database, not ensuring interoperability according to an international standard for system security operations. This issue contradicts the purpose of expanding the digital finance ecosystem of the Payment Services Directive 2 (PSD2) and, more recently, the Open Banking strategy of countries worldwide, hindering the development of the financial market in particular and the digital transformation of the economy and society in general. To solve this difficulty for banks and financial institutions, the Common Technical Standards (RTS) for the Payment Services Directive 2 (PSD2) issued by the European Banking Authority (EBA) has accepted the use of qualified electronic signatures (QES) and qualified electronic seals (QSeal) issued by a Qualified Trust Service Provider (QTSP) for the identification and authentication process under the Open Banking model. This opens up a trusted, legal, and widely recognized authentication method for banks and financial institutions participating in the global digital economy. The eIDAS regulation applies QTSP certification as the highest standard of security, reliability, and confidentiality in electronic transactions. Currently, only QES qualified electronic signatures for individuals and QSeal qualified electronic seals for organizations provided by a Qualified Trust Service Provider (QTSP) are recognized throughout the EU with the same legal effect as handwritten signatures or seals without the need for any other assessment or explanation procedures. Without using the electronic identification and authentication services of a QTSP, organizations participating in the digital financial market cannot perform electronic authentication processes with regulatory authorities. Failure to comply with the QTSP’s assured identification and authentication service standards will lead to numerous potential risks for organizations participating in the digital finance and economy: In addition, the financial market is one of the most sensitive markets to constant security risks and the risk of document forgery. Along with the Payment Services Directive 2 (PSD2), the Open Banking strategy in Europe also allows the trusted services of QTSPs to be the only method to ensure trust between payment service providers, customers, and financial institutions. Competitive advantages of Vietnamese financial institutions and banks from QTSP and remote signing models In July 2021, SAVYINT officially became the first trusted QTSP service provider for digital signatures, electronic seals, remote signing models, and HSM digital signatures in Vietnam, in accordance with EU eIDAS regulations. This means that all 27 European countries fully recognize the digital signature and electronic seal services provided by SAVYINT under the remote signing model. Operating under the SCAL2 security authentication mechanism, the system ensures that only the signer has the right to activate the signing key stored securely on the HSM encryption device, uniquely controlling the signing key, and fully complying with the requirements for the SAM module with CC EAL4+ certification with EN 419 241-2. This will open up opportunities for Vietnamese organizations and businesses to conquer the European market, promote the development of cross-border electronic transactions and e-commerce, and enter the common playground of Vietnam with EU partners in the context of the Vietnam-EU Comprehensive Partnership Agreement and the EVFTA. For providers of electronic payment and transaction services such as financial institutions and banks, having a QTSP in Vietnam will help solve a major bottleneck in the digital finance ecosystem, digital banking, and open banking, aiming to expand the market and integrate into the international arena. This is the unification and interconnection in the process of secure electronic identification and authentication, creating a synchronized electronic transaction market according to a common technical standard, reducing congestion and transaction interruptions due to rejections by the parties involved. Quick application and full utilization of the advantages of electronic authentication and digital signature services from a trusted QTSP service provider will help financial institutions and banks modernize and comprehensively digitize electronic transactions, promote e-commerce, build digital banking and open banking systems, and aim to attract more new customers, new markets, and increase revenue and profits. Connect with SAVYINT now to get advice on specialized solutions for developing Digital Banking and Open Banking!
SAVYINT and Konsentus accelerate open banking in Vietnam
Hanoi and London, 8 March 2024, SAVYINT and Konsentus have created an operational structure for open banking in Vietnam. SAVYINT, one of the country’s leading providers of digital capabilities, and a key supplier of technology services to the Vietnamese financial services community, engaged Konsentus, a global provider of open banking advisory services and trust infrastructure, to collaboratively create a legal and operational framework for open banking. In support of the country’s vision to develop an advanced and high-quality connected digital society for all individuals by 2030, SAVYINT sought support from Konsentus to create a framework for an innovative and cutting-edge open banking infrastructure to enable further growth and development. Konsentus has worked collaboratively with SAVYINT to: This open banking framework will provide the foundational bedrock for open banking in Vietnam and will allow the market to take the next step towards an open data-sharing ecosystem It puts the nation amongst other market leaders in the region. Konsentus, advisors to central banks, regulators, and market infrastructures, is renown internationally for providing expert support to help jurisdictions shape the future direction of open finance. They work with, and for, the local market to champion accessibility to financial services and drive competition, innovation and financial inclusion. SAVYINT provides trusted digital products, solutions, platforms and services in strict compliance with Vietnamese and international standards. Their transformation solutions support all industry verticals ranging from government and healthcare to BFSI and telco. Mr. Van Hoang Nguyen – Chairman of the Board of SAVYINT “Open banking can enable economic growth and social development. It provides a comprehensive view of all financial data to customers and enables businesses to access a wider range of financial services. Banks cooperate with third-party providers to optimise the user experience when using financial products and services. With open banking ecosystem, consumers can execute direct payments to merchants from their bank accounts, eliminating the necessity for card-based transactions. Konsentus has been a crucial partner in understanding global best practice and defining the appropriate structure for the Vietnamese market. We are sure that what we’ve delivered together is tailored for the market and will set the country up for future success.” Jim Wadsworth, EVP Strategic Market Development, Konsentus “Our international footprint and in-depth understanding of global open banking ecosystems has enabled us to streamline processes and develop a framework tailored to local Vietnamese market requirements. Vietnam is a burgeoning economy but 44% are still unbanked and 70% still live in rural or remote areas. Open banking can support financial inclusion and the broader digital transformation agenda. Konsentus looks forward to supporting Vietnam on its open banking journey.” About SAVYINT SAVYINT is a leading provider of trusted digital products, solutions, and services with deep expertise in PKI systems, digital signature solutions, data encryption/privacy, open banking, blockchain & key management, cybersecurity services and AI and cloud applications… Committed to international standards, SAVYINT delivers top-tier solutions designed to meet the highest security and compliance requirements. Its advanced technical infrastructure supports digital transformation across diverse sectors such as government, healthcare, finance, education, logistics, transportation, telecommunications, and broadcasting. With a strong focus on innovation and security, SAVYINT is a reliable partner for organizations seeking to enhance operational efficiency and data security in the digital era. About Konsentus Konsentus provides specialist advisory services and technology solutions to support the national implementation of open finance ecosystems. Subject matter experts, Konsentus advisors have a proven track record in navigating complex, multi-stakeholder ecosystems and understanding individual regulatory and market requirements. Konsentus’ award-winning technology powers national open finance infrastructures. Modular and scalable by design, our solutions are tailored to individual market requirements, enabling ecosystem participants seamlessly to identify each other and interact within a safe and trusted environment. Founded in 2018, Konsentus is active across 37 markets and counts many of the largest global financial institutions as clients. Konsentus is ISO 27001 certified.
SAVYINT Presents at the “Hanoi – Smart City and Open Banking Ecosystem” Symposium
On the morning of October 2nd, Mr. Hoang Nguyen Van, Vice Director of the Institute of Innovation and Digital Transformation (VIDTI) and Chairman of the Board of SAVYINT, delivered a presentation on the topic “The Benefits and Challenges of Implementing the Open Banking Ecosystem” at the symposium. The “Hanoi – Smart City and Open Banking Ecosystem” symposium was part of the 2024 Vietnam Card Day event series. It saw the participation of the Hanoi City leadership, Deputy Governor of the State Bank of Vietnam, and leading representatives from the financial and banking sectors, coming together to discuss and exchange ideas for a smart, clean, and digital Hanoi. Speaking at the symposium, Mr. Ha Minh Hai, Vice Chairman of the Hanoi People’s Committee, emphasized that in the context of international integration and the development of the fourth industrial revolution, building a smart Hanoi is both essential and urgent. This forms the foundation for improving residents’ quality of life, optimizing urban management, and achieving sustainable, green, inclusive development. Mr. Pham Tien Dung, Deputy Governor of the State Bank of Vietnam, shared similar views, stating that the transition to a smart city and digital transformation in the banking system are closely intertwined, with the emergence of the open banking ecosystem being a key factor. This transformation is linked to the integration of technology platforms, payment solutions, and data sharing to develop a strong digital and open banking ecosystem. Following this, Mr. Hoang Nguyen Van elaborated on the advantages open banking brings and the challenges faced in its implementation in Vietnam. According to Mr. Van, in recent years, as the trend of digital banking has grown, banks have increasingly sought to acquire new customers, reduce operational costs, and foster innovation. These needs have given rise to a new ecosystem—open banking. Third parties have emerged to help banks solve challenges related to increasing customer acquisition, improving service quality, and optimizing ecosystem integration at the most efficient costs. In the open banking ecosystem, all participants benefit. Banks and third parties gain new revenue streams by leveraging each other’s strengths, which in turn fosters the development of innovative products and services. Individual users enjoy personalized services and enhanced data security, while businesses benefit from easier access to banking services, expanded customer and partner networks, and optimized operational efficiency. Despite the numerous benefits, implementing open banking in Vietnam still presents challenges. While Vietnam has introduced personal data protection regulations (Decree 13/2023/ND-CP) and the State Bank of Vietnam’s regulations (Decision 2345/QD-NHNN), there is still a lack of clear standards on technical requirements, open API connectivity, and operational guidelines. After highlighting countries like India, Singapore, and South Korea, which have successfully implemented open banking through strong legal frameworks, Mr. Van stressed, “Only a clear legal framework can create favorable conditions for the open banking ecosystem to thrive and benefit all stakeholders.” Concluding his presentation, Mr. Van proposed a four-step implementation model for banks, starting with initial analysis and assessment, deployment models (legal framework, service models, templates), application of rules and processes, and finally, design and technical standards. This model serves as a guide for banks participating in the open banking ecosystem. Throughout the two working sessions, SAVYINT representatives and experts discussed various issues related to urban management, technology solutions, and enhancing the legal framework for the open banking ecosystem. Building a smart city requires more than technology and expertise—it also demands government support in terms of institutions, laws, and management methods. Particularly in a large city like Hanoi, with its extensive economy and population, these challenges must be carefully considered to ensure comprehensive development. With a wealth of experience both domestically and internationally, SAVYINT continues to research and provide cutting-edge technology solutions in the fields of digital transformation, information security, and fintech. In the emerging field of open banking, SAVYINT offers specialized Open Banking Solutions and Services tailored to the financial sector, meeting both legal and technological requirements while fostering connectivity and building a digital financial ecosystem. With its expertise and technological capabilities, SAVYINT is confident in supporting and advancing open banking in Vietnam.