Financial Fraud Prevention: Protecting Assets, Data and Customer Trust
Proactive financial fraud prevention not only helps minimize losses but also plays a critical role in maintaining seamless customer experiences and improving overall operational efficiency. As fraud schemes become increasingly sophisticated, faster, and larger in scale, traditional control measures are no longer sufficient. Financial fraud prevention is therefore no longer merely a matter of compliance or security – it has become a strategic priority that enables organizations to optimize processes and ensure sustainable growth. 1. Benefits of Financial Fraud Prevention Implementing robust fraud prevention measures not only safeguards customers and organizations but also supports long-term, sustainable business growth. a. Minimizing financial losses Fraud can cause significant damage even when incidents occur on a small scale. Effective preventive measures help organizations reduce the risk of loss, control costs, and build a solid financial foundation for long-term development. b. Optimizing revenue and transaction processing efficiency One direct benefit is the improvement of authorization rates by reducing false declines of legitimate transactions – a common challenge in online payments. When transactions are processed accurately and quickly, completion rates increase, enabling businesses to maximize revenue. c. Protecting customer data and digital assets In the financial and banking sector, protecting personal information and financial data is essential to maintaining customer trust. Account Takeover (ATO) attacks and card data theft not only result in financial losses but also severely damage an organization’s reputation. By proactively preventing fraud, organizations can detect and stop these threats early, before real damage occurs. d. Enhancing customer experience Customers increasingly expect transactions to be smooth, uninterrupted, and free from unnecessary verification steps. Reducing fraud also means reducing unnecessary transaction rejections, leading to better customer experiences while lowering operational pressure and costs for businesses. e. Preserving brand reputation As noted above, even minor fraud incidents can erode customer trust and negatively impact brand image. Investing in comprehensive fraud prevention demonstrates a strong commitment to security and customer protection, helping organizations build a trusted and credible brand over the long term. 2. Effective Fraud Prevention with Savyint Fraud Prevention and Risk Management With these benefits in mind, a comprehensive and effective fraud prevention system enables banks and financial institutions to minimize losses, strengthen transaction protection, ensure customer data security, and enhance long-term operational efficiency. This is precisely the objective of Savyint Fraud Prevention & Risk Management (FPRM). Built on a Zero Trust architecture, Savyint FPRM enables organizations to proactively prevent fraud while integrating risk management and transaction security. The solution leverages AI and Machine Learning for behavioral analysis, combined with strong authentication mechanisms such as SCA, multi-layer MFA, and biometrics, along with advanced security technologies including tokenization and Post-Quantum Cryptography (PQC). This enables: As a result, organizations can detect, prevent, and respond to fraud effectively before losses occur. Savyint Fraud Prevention & Risk Management (FPRM) also complies with global standards such as AML, KYC, KYB, PSD2, PSD3, and PCI-DSS, as well as local regulatory requirements including Circulars 64 and 50 (Vietnam), BSP 1213 (Philippines), and regulations in Malaysia. Connect with Savyint experts today for detailed consultation on a fraud prevention roadmap tailored to your organization’s business model!
SAM Appliance Wins Asia-Pacific ICT Award (APICTA) 2025
On December 8, at the announcement and awarding ceremony of the Asia-Pacific ICT Awards (APICTA) 2025, SAVYINT’s SAM Appliance was honored as the Second Runner-up in the category Security Solution – Business Service. APICTA is the most prestigious ICT award in the Asia-Pacific region, held annually since 2001 by the Asia Pacific ICT Alliance. This year, APICTA 2025 took place in Kaohsiung, Taiwan, celebrating and recognizing outstanding software products, IT solutions, digital applications, and innovative startup projects from 17 member countries and economies. SAM Appliance by SAVYINT excellently achieved the Second Runner-up title in the Security Solution – Business Service category. This accomplishment is particularly meaningful as it marks SAVYINT’s first participation in APICTA, demonstrating the innovative capabilities and solution quality of Vietnamese technology enterprises on an international stage. SAM Appliance – An all-in-one solution for data encryption, digital signature authentication and mobile identification SAM Appliance is a solution for all-in-one data encryption, digital signature authentication and mobile identification, ensure compliance with standards for remote digital signature, blockchain, crypto currency, mobile payment, data encryption, transaction encryption, timestamp, security, system authentication, IoT, Car2X… SAM Appliance includes a FIPS 140-2 Level 3–certified Server Appliance combined with Hardware Security Module (HSM) devices, integrated with SAM Software, Key Management Software (KMS), and digital signing software, creating a comprehensive and flexible security platform for any deployment needs and sectors such as Finance and Banking, Healthcare, Education, Telecommunications, Broadcasting, Media,… With its compact design and all-in-one hardware architecture, the solution enables fast installation and operation, optimal performance, unlimited integration with existing information systems, and maximum minimization of security vulnerabilities. It ensures system safety thanks to its independent and specialized operating environment, eliminating reliance on third parties, while significantly reducing investment costs compared to traditional specialized security infrastructures. More than just a platform for signing invoices, contracts, documents, certificates, or payment records, SAM Appliance is built on the Cryptographic Security Platform (CSP). It integrates SCA and MFA authentication, PKI-based passwordless authentication, tokenization, transaction signing with end-to-end encryption, advanced mobile security with Cryptography, and supports Post-Quantum Cryptography (PQC) — ready for the new security era. It also supports data and transaction encryption, blockchain and cryptocurrency integration, mobile payment and digital wallet capabilities, timestamped digital signatures, and long-term electronic archiving for 5, 10, and 20 years. SAM Appliance fully complies with regional technical standards and international legal regulations, including FIPS 140-2 Level 3, ISO 9001:2015, ISO 14001:2015, ISO 27001:2022, GDPR, SOC 2 Type II, HIPAA & PCI DSS. During the event, Brad Palmer, COO & EVP of Savyint, shared: “SAM Appliance is a breakthrough technology solution designed to address the core challenges of security, data encryption, and digital identity in today’s era of rapid digital transformation. We developed SAM Appliance as a unified security platform where any organization or enterprise can deploy digital signatures, strong authentication, and secure data and transaction encryption on a single hardware device that meets the highest international standards.” Being honored at APICTA 2025 is a powerful affirmation of Savyint’s technological capabilities. Along with SAM Appliance, Savyint’s solutions will continue to accompany global organizations and enterprises on their journey toward safe, sustainable, and fully compliant digital transformation. Photos from the event:
Deadline March 2026: UAE’s Mandatory Roadmap for Implementing New Authentication Methods to Replace SMS and Email OTPs
The Central Bank of the United Arab Emirates (CBUAE) has issued a comprehensive directive requiring all financial institutions to completely discontinue the use of OTPs sent via SMS and email by 31 March 2026. This is considered one of the most significant shifts in user authentication in the Middle East in the past decade. Compliance Roadmap and New Authentication Requirements According to the CBUAE directive, the transition will occur in two phases. Beginning July 2025, banks must gradually phase out SMS/email OTPs and introduce stronger authentication mechanisms for critical transactions and logins. Specifically: + Passkeys based on global FIDO standards, protected by biometric authentication on smartphones. + Fingerprint or facial recognition, some banks, such as United Arab Bank, have partnered with the national facial recognition system to support mobile banking login. + Integration with UAE Pass, part of the country’s broader digital identity framework, also supported by private-sector providers. + Risk-based authentication: For low-risk actions like balance checks, quick biometric scans may suffice; high-value transactions may require additional verification layers. + Behavioral biometrics: For example, monitoring typing patterns, swipe gestures, or how a user holds a device to provide an additional “invisible” security layer. + Other modern protection mechanisms may include AI-powered deepfake detection, decentralized identity systems, hardware security keys, post-quantum cryptography (PQC) to prepare for future threats, and real-time fraud monitoring capable of suspending active sessions when suspicious activity is detected. This decision follows a sharp rise in digital banking fraud across the UAE in early 2025. Complaints related to digital banking scams increased by 73%, largely due to vulnerabilities in SMS/email OTP delivery. Any institution that fails to meet the deadline or cannot demonstrate adequate risk management may face administrative penalties, with fines reaching up to 250,000 AED (approx. 68,000 USD) for serious violations of the regulation. Benefits of the UAE Directive for Financial Institutions and Banks For financial institutions and banks, this directive represents one of the most significant technological transformations in UAE banking in decades. Banks will need to make substantial investments in new authentication infrastructure and transition toward passwordless strong authentication, which aligns with global trends. In the long term, this shift will result in massive cost savings – particularly by eliminating millions of SMS messages sent each month, along with customer support costs tied to OTP issues. Additionally, stronger authentication methods drastically reduce fraud risks through enhanced anti-fraud, anti-spoofing, and anti-SIM-swap mechanisms, thereby reinforcing security. At the same time, providing fast, seamless, and secure authentication experiences helps banks build competitive advantages, increase customer loyalty, and affirm their leadership in the UAE’s digital financial transformation. For customers, instead of typing OTP codes, they will log in or approve payments using fingerprint scans, facial recognition, or built-in device security features. This results in faster interactions, fewer errors, and greater peace of mind, as users no longer fear OTP interception through fraud or impersonation attacks. Most importantly, the CBUAE mandate strengthens consumer trust in digital banking and encourages broader adoption of online financial services. Financial experts view this as not merely a regulatory change but a strategic turning point for the entire UAE banking ecosystem. Savyint – Global Expert in Strong Payment Authentication Amid increasing security demands, Savyint – a global expert in strong payment authentication, introduces the SAM Auth Server – an all-in-one strong authentication solution. SAM Auth Server is built on an advanced authentication platform powered by the Cryptographic Security Platform (CSP), featuring SCA/MFA authentication, Passkey/FIDO integration, biometric authentication combined with SmartOTP, PKI-based passwordless authentication, data encryption, Smart Token, Tokenization, transaction signing with E2E2E, mobile cryptography security, post-quantum cryptography (PQC), enabling system authentication, data encryption, transaction encryption, multi-layer authentication, and multi-tier security at the highest level. SAM Auth Server is also a pioneering solution that simultaneously complies with major global standards (AML, KYC/KYB, PSD2/PSD3, MAS TRM, NIST, CIBA, API security…) as well as regulatory frameworks in multiple countries such as Circular 64 and Circular 50 (Vietnam), BSP 1213 (Philippines), and Malaysia’s regulatory requirements. Connect with Savyint experts today to build a secure and compliant payment ecosystem.
5 Common Global Financial Fraud Types
Financial fraud is rising at an unprecedented rate worldwide. The explosion of digital payments, e-commerce, online banking, and e-wallets, combined with advancements in technologies such as AI and deepfake, has made financial fraud more complex and difficult to detect. According to the Federal Trade Commission (FTC), consumer-reported losses due to fraud increased by 25% in 2024 compared to the previous year, reaching $12.5 billion. Simultaneously, Coinlaw.io predicts that global losses from online payment fraud will exceed $50 billion in 2025, with approximately 3.3% of global digital payment transactions involving fraudulent activity. 1. What is Financial Fraud? Financial fraud refers to the act of deceiving victims in order to unlawfully seize their assets or sensitive information. This often involves tricking the victim into acting quickly, such as entering an OTP, scanning biometric data, or transferring funds fraudulently. Along with financial theft, personal information, such as bank account numbers, identification numbers, or passwords, is also targeted to facilitate asset theft. The growth of artificial intelligence (AI), e-commerce, digital payments, and other technologies has opened the door to more sophisticated and damaging financial fraud schemes. 2. Common Types of Financial Fraud While there is no exact report on the total number of types of financial fraud, they can generally be classified into several prevalent forms: 2.1. Identity Theft Identity theft occurs when fraudsters illegally acquire and use another person’s sensitive information, such as ID numbers, bank account details, credit card information, email addresses, or biometric data, for fraudulent purposes. Common identity theft methods include: 2.2. Payment Fraud Payment fraud is one of the most widespread forms of financial crime, affecting both individuals and businesses around the globe every day. Criminals manipulate payment systems to steal money, defraud sellers, or exploit banking system vulnerabilities, often causing severe consequences. In the third quarter of 2024, U.S. consumers reported losses of $58 million, according to industry estimates. Common methods include: 2.3. Account Takeover (ATO) ATO occurs when fraudsters gain control over a victim’s online account, such as a bank account, email, or social media account. Criminals typically gain access through brute force attacks, credential stuffing, phishing, malware, or by purchasing stolen data. Once they have access, they can withdraw or transfer money without authorization, change account details (such as phone numbers or email addresses) to maintain long-term control, or impersonate the victim to defraud others. According to reports from Experian & TransUnion, the APAC region has seen a 70% increase in ATO cases between 2023 and 2024. Common signs of ATO include: 2.4. Investment Fraud Investment fraud schemes often involve sophisticated tactics designed to deceive individuals into believing they are making legitimate, low-risk investments offering high returns. In 2024, the FTC reported that consumers lost over $5.7 billion to investment fraud, a $1 billion increase compared to the previous year. Fraudsters use various techniques, including AI-generated content for convincing advertisements and deepfake technology to impersonate celebrities in fraudulent campaigns. Regulatory bodies predict that AI will be increasingly exploited for fraud in 2025 and 2026. 2.5. Mobile App Fraud The widespread use of digital banking has facilitated the rise of fraud involving mobile apps. Common methods include: Financial fraud is becoming an increasingly serious global issue. The development of advanced technologies has made it easier for fraudsters to carry out sophisticated and complex schemes, resulting in enormous financial losses. Both organizations and individuals must adopt advanced security solutions and raise awareness to prevent these attacks. Savyint offers a comprehensive Fraud Management System (FMS) platform that integrates real-time fraud detection, enhancing the security of transactions. This system helps businesses build strong customer trust by minimizing fraud risks, protecting sensitive customer data, and strengthening security in all transactions. Connect with Savyint experts today to mitigate all financial fraud risks! Sources:
Savyint Proudly Sponsors World Financial Innovation Series (WFIS) 2025 Philippines as Bronze Sponsor
Savyint is honored to be a Bronze Sponsor of the World Financial Innovation Series (WFIS) 2025 Philippines, the premier fintech event in the ASEAN region, organized by Tradepass. The event will bring together over 600 leaders and experts from the finance, banking, and insurance sectors, representing more than 200 organizations across the region. The Philippines is at the forefront of the digital financial transformation, with the online lending market projected to reach USD 1.68 billion by 2027 and over 65 million e-wallet users expected by 2025. Additionally, electronic payments account for 52.8% of total retail transactions, reflecting the widespread adoption of digital technologies in financial services. This surge is driven by three key factors: supportive government policies, the rapid rise of fintech, and the growing demand for a comprehensive financial ecosystem. Initiatives led by the Bangko Sentral ng Pilipinas (BSP), such as the Open Finance pilot program and Project Nexus for enhanced cross-border payments, underscore the country’s commitment to fostering financial inclusion and sustainable development. Against this backdrop, WFIS 2025 Philippines, hosted by Tradepass, serves as a pivotal platform, uniting over 600 industry leaders and experts from 200 organizations. Under the theme “Bridging Financial Gaps for a Digitally Smart Philippines,” WFIS 2025 is more than an event—it is a hub for strategic collaboration and discussions on critical topics such as Open Finance, Central Bank Digital Currency (CBDC), and the application of AI and blockchain in financial services. With over 300 active fintech companies and online payments comprising 52.8% of retail transactions, WFIS 2025 is the ideal stage to shape the future of fintech in the Philippines and drive financial innovation. Over the course of two days, WFIS 2025 Philippines will feature a robust lineup of activities, including: As a Bronze Sponsor, Savyint is represented at the event by Mr. Steve Hoang, Chief Technology Officer, and Mr. Brad Palmer, Chief Operating Officer and Executive Vice President. Savyint’s leadership will engage with top regional executives, investors, and strategic partners, sharing insights on secure digital transformation, electronic identity, and building digital trust within the financial ecosystem. Mr. Brad Palmer stated: “WFIS 2025 is a vital platform for Savyint to connect with strategic partners in the region while reaffirming our long-term commitment to delivering advanced security, identity, and digital finance solutions. This event provides an opportunity to showcase our latest technologies, engage with banking and fintech leaders, and contribute to the secure and sustainable growth of the Philippines’ and ASEAN’s financial ecosystems.” With over 20 years of expertise in developing encryption, identity, and authentication solutions, Savyint offers the market’s most comprehensive authentication platforms, fully compliant with BSP Circular No. 1213. The company is dedicated to supporting the Philippines’ financial sector by implementing modern security standards, combating fraud, and fostering digital trust. Images from the event:
SAM Auth Server – Next-Gen Digital Identity & Authentication Compliant with Philippines BSP Circular No. 1213
The Philippines BSP Circular No. 1213 introduces specific changes that will reshape authentication policies across financial institutions in the Philippines, with a one-year compliance window starting June 2025. The pressing question now is how to adapt effectively Bangko Sentral ng Pilipinas (BSP) Circular No. 1213, issued in June 2025, is a regulation mandating stricter, phishing-resistant, device-bound authentication for financial institutions in the Philippines to combat digital fraud. The circular aims to enhance security in digital customer onboarding, transactions, and session management by replacing insecure methods like SMS/email OTPs with stronger tools such as passkeys and biometrics. The requirements apply to all BSP-supervised financial entities, including banks, fintech companies, payment providers, and lending firms, and cover critical areas such as: Financial institutions have one year from June 2025 to fully comply with all the requirements of this Circular. 1. Specific regulations BSP Circular No. 1213 highlights the growing security risks of traditional OTP methods – particularly those delivered via SMS or email—and advises against their use. This stance reflects global recognition that such channels are highly vulnerable to phishing, SIM swap attacks, and other forms of social engineering. Biometric authentication, Behavioral biometrics, Passwordless authentication (biometrics, hardware tokens and cryptographic keys, FIDO), Adaptive authentication, considered perfectly aligned with BSP Circular No. 1213 because they directly address the circular’s core security objectives: preventing phishing, eliminating interceptable authentication, and binding user access to a secure device. Fundamentally, the provisions of BSP Circular No. 1213 adopt a similar approach to those of other countries around the world, as cyberattacks are a global issue. 2. Comprehensive Compliance Solution – SAM Auth Server With over 20 years of experience in developing encryption, identity, and authentication solutions, Savyint offers one of the most comprehensive authentication platforms, fully meeting and even exceeding the requirements of BSP Circular No. 1213. SAM Auth Server is an all-in-one strong authentication solution that enables system authentication, data encryption, transaction encryption, multi-layer authentication, multi-level security, and integration with hardware security devices as well as software functional modules, ensuring maximum safety for electronic transactions. 2.1 Key features of the solution Transaction Authentication Features Access Control Token Types Data Encryption – Transaction Encryption Encrypt data and transactions, ensuring that all information cannot be stolen or tampered with during initiation, storage, and transmission. Integration with AML monitoring systems and Fraud Management Systems (FMS) 2.2 Full compliance with international standards With a flexible design and high scalability, SAM Auth Server can be easily deployed across various system models (on-premise, cloud), supports multiple platforms, and delivers the most advanced authentication methods available today. Contact us now for a consultation HERE!
Philippines BSP Circular No. 1213 and Compliance Solutions for Financial Institutions
In June 2025, BSP Circular No. 1213 was issued as a regulatory instrument amending the IT Risk Management Regulations to implement Section 6 of the Anti-Financial Account Scamming Act (AFASA) in the Philippines. This Circular provides a detailed set of mandatory compliance actions for financial institutions to safeguard users’ financial transactions and accounts. The Philippines government has demonstrated that it is taking bold action to ensure the safety and protection of online financial transactions. Cybercrime in the Philippines is rising at a staggering rate. Cybercrime complaints surged by 71.9% in the first quarter of 2025 compared with the same period the previous year, increasing from 1,891 to 3,251 cases, according to the Cybercrime Investigation and Coordinating Center (CICC). This sharp rise underscores how cybercriminals are evolving faster than conventional security models can keep pace with. Financial institutions are a popular target. According to the Bangko Sentral ng Pilipinas (BSP), supervised institutions reported losses of P5.82 billion due to cyber incidents in 2024, up from P5.67 billion in 2023. Most of these were due to phishing, card-not-present fraud, and ATOs. In addition to financial repercussions, these cyber incidents also undermine consumer trust and confidence in digital systems. 1. About the Anti-Financial Account Scamming Act (AFASA) Before delving into the specifics of BSP Circular No. 1213, issued in June 2025, it’s important to first understand the broader regulatory framework it falls under — the Anti-Financial Account Scamming Act (AFASA). The AFASA is a landmark Philippine law passed July 20, 2024, aims to prevent the misuse of financial accounts in fraud and scams like phishing and vishing. It also defines and penalizes social engineering schemes, money muling activities, and related offenses. These include those committed using advances in technology, which were previously not covered by existing cybercrime laws in the Philippines. The BSP has issued three circulars to implement AFASA: BSP Cir. No. 1213, series of 2025: https://www.bsp.gov.ph/Regulations/Issuances/2025/1213.pdf BSP Cir. No. 1214, series of 2025: https://www.bsp.gov.ph/Regulations/Issuances/2025/1214.pdf BSP Cir. No. 1215, series of 2025: https://www.bsp.gov.ph/Regulations/Issuances/2025/1215.pdf 2. About the Bangko Sentral ng Pilipinas (BSP) Circular No. 1213 Bangko Sentral ng Pilipinas (BSP) Circular No. 1213, issued in June 2025, is a regulation mandating stricter, phishing-resistant, device-bound authentication for financial institutions in the Philippines to combat digital fraud. The circular aims to enhance security in digital customer onboarding, transactions, and session management. We can further explore the specific changes introduced by the new Circular and examine how these changes will affect the authentication policies of financial institutions in the Philippines. a. Broader Scope: The requirements apply to all BSP-supervised financial entities, including banks, fintech companies, payment providers, and lending firms. b. Focus Areas: The enhanced authentication requirements cover critical areas such as: 3. Limitation on the use of interceptable authentication mechanism Limitation on the use of interceptable authentication mechanism (e.g. One-Time Pins [OTPs] via SMS and email). With the increasing prevalence of social engineering attacks aimed at obtaining login credentials, BSFIs should limit the use of authentication mechanisms that can be shared to, or intercepted by, third parties unrelated to the transaction. The Philippines is one of many countries, such as the United Arab Emirates and Singapore, that are making the move to retire SMS and email OTPs and adopt more secure forms of authentication. Fundamentally, the provisions of BSP Circular No. 1213 adopt a similar approach to those of other countries around the world, as cyberattacks are a global issue. To gain a broader perspective, let’s compare BSP Circular No. 1213 with regulatory frameworks from a few other jurisdictions. 5.1 PSD3/PSR (EU, proposed 2023–2025) Aspect BSP Circular No. 1213 (Philippines, 2025) PSD3/PSR (EU, proposed 2023–2025) Objectives / new focus Strengthen technology security, combat digital account scamming; require BSFIs to implement Fraud Management System (FMS), strong authentication, and account protection. Upgrade of PSD2: enhance security, expand user rights, impose PSP liability for impersonation fraud, improve SCA, refunds, and fraud data sharing. Fraud requirements / fraud detection Mandatory implementation of real-time FMS: velocity checks, blacklists, geo-location, bot, and anomaly detection. Proposed transaction monitoring before execution (pre-execution monitoring), push for real-time anti-fraud. Authentication & SCA Move away from SMS/email OTP, require phishing-resistant MFA (passkeys, FIDO2). Tighten & expand SCA: clarify mandatory cases, support new methods (biometric, device binding). Liability & compensation Mainly technical requirements; no clear rules on liability/compensation for customers in case of fraud. Introduces liability shift: PSPs must refund when customers suffer impersonation fraud (except in cases of gross negligence). Data sharing & cooperation No emphasis on fraud data sharing among institutions. Opens path for PSPs to share fraud intelligence within GDPR framework. Account & device protection 24h pause after account info changes, kill switch, restrictions on root/jailbreak, monitoring device/geo anomalies. Adds confirmation of payee, protection against impersonation, clearer liability rules. Timeline & entry into force Effective June 2025, BSFIs have 1 year to comply. Still in proposal stage, expected adoption 2025–2026 after EU approval. Limitations / unclear points Focused on large BSFIs, not yet extended to smaller fintechs; lacks clear compensation mechanism; weak on data sharing. Details still evolving due to EU legislative process; challenges in defining impersonation and compliance costs for smaller PSPs. 5.2 Aspect BSP Circular No. 1213 (Philippines, 2025) Circular 50/2024/TT-NHNN (Vietnam) Basis & objectives Adds IT Risk Management requirements under Section 6 AFASA (RA 12010) to combat scamming/digital account attacks. Regulations on safety and security for online services, replacing Circulars 35/2016 + 2018; aligned with the Law on Cyberinformation Security & E-Transactions Law. Scope of application All BSP-supervised financial entities, including banks, fintech companies, payment providers, and lending firms Credit institutions, foreign bank branches, payment intermediaries, credit information companies providing online services. Fraud / FMS / Fraud detection Requires high-transaction BSFIs to implement real-time Fraud Management System: velocity checks, blacklist, geo, device, bot, anomaly detection. No requirement for real-time FMS; focus on IT security, encryption, access control, periodic testing. Authentication & transaction protection Push for stronger authentication, reducing SMS/email OTP; encourage passkeys, FIDO, phishing-resistant MFA. Requires electronic transaction confirmation via PIN, OTP, or secret key; mandatory re-authentication when identity information
Savyint launches the first PQC Lab in Vietnam, pioneering the post-quantum security era
Savyint officially announces the Savyint PQC Lab – the first post-quantum cryptography (PQC) security platform in Vietnam dedicated to digital signature, PKI, cryptography infrastructure, and data encryption solutions. Post-Quantum Security – No Time to Delay With the rapid rise of technology, quantum computers are approaching the ability to break traditional cryptographic algorithms such as RSA and ECC, which have safeguarded global data for decades. To counter this challenge, Post-Quantum Cryptography (PQC) has emerged, leveraging entirely new and complex mathematical problems, such as code-based, lattice-based, hash-based methods, and others, to ensure resilience against both classical and quantum computers. Recognizing the serious threat quantum computing poses to current security systems, in 2024, the U.S. National Institute of Standards and Technology (NIST) announced the first three standardized PQC algorithms to ensure proper adoption of new cryptography: ML-KEM (FIPS-203), ML-DSA (FIPS-204), and SLH-DSA (FIPS-205). NIST also published a roadmap: starting in 2030, classical algorithms such as RSA-2048 and ECC-256 will begin to be phased out, and by 2035, they will be fully retired. This means that organizations and enterprises worldwide must develop roadmaps to adapt and transition their security infrastructures to PQC algorithms, in order to defend against financial data breaches via “Harvest Now, Decrypt Later” attacks. Moreover, implementing PQC standards is a complex process that may take 5–10 years, requiring organizations to prepare not only in terms of technical infrastructure, but also through long-term strategy, workforce training, and safe sandbox testing before large-scale adoption. Therefore, preparing today is the foundation for organizations to proactively defend against attacks targeting sensitive data and to build a sustainable security ecosystem for the post-quantum era. Savyint officially launches the first PQC Lab in Vietnam As an international technology group with extensive expertise in PKI, cryptography, blockchain, digital identity, electronic authentication, and open banking/finance, Savyint proudly introduces the Savyint PQC Lab – the first post-quantum security lab in Vietnam, dedicated to digital signature, PKI, blockchain, and advanced cryptography solutions. The Lab provides a testing environment that enables organizations to familiarize themselves with NIST-approved PQC algorithms, while evaluating compatibility, performance, and impact – without disrupting existing infrastructure or operational systems. This is particularly vital for financial institutions and fintech companies that must ensure compliance with international standards such as FIDO2, PSD2, eIDAS, and PCI DSS. Key features of Savyint PQC Lab: Mr. Steve Hoang, CTO & Chairman of Savyint Group, emphasized: “Transitioning to PQC is a 5–10-year journey that demands strategic vision and persistent execution. The Savyint PQC Lab is the tool that enables enterprises to embark on this journey safely, swiftly, and proactively.” Currently, Savyint is collaborating with leading global technology and security partners such as Entrust, Kryptus, and FutureX to develop large-scale quantum-safe solutions applicable to critical sectors, including PKI and digital certificates, data security, network and telecommunications infrastructure, and industrial and defense applications. The launch of the Savyint PQC Lab is not only a technological milestone but also a bold statement of Savyint’s pioneering role in the post-quantum era, partnering with global enterprises to build a secure, sustainable, and trustworthy digital future.
Security in Online Payments in the New Era
Online payments have rapidly become a preferred payment method in many countries worldwide. Alongside this trend, the demand for authentication and security has never been higher, aiming to protect transactions from increasingly sophisticated threats, ensure absolute safety, and maintain a seamless user experience. Over the past decade, the world has witnessed a powerful surge in e-commerce, smartphones, and high-speed connectivity infrastructure. Cashless payment habits have become an integral part of daily life. Bank cards, digital wallets, Apple Pay, Google Pay, QR codes, and cross-border payment platforms like Alipay+, WeChat Pay (China), and UPI (India) are used daily by millions for shopping, bill payments, and personal financial transactions. However, alongside this growth comes a downside: increasingly sophisticated cyberattacks. Cybersecurity reports highlight a significant rise in advanced attack methods, from phishing scams and malware on mobile devices to OTP theft, creating an urgent need for financial service providers, banks, and payment organizations to enhance authentication and transaction security measures. Popular Authentication Methods Today Currently, many countries employ Multi-Factor Authentication (MFA), which applies at least two of three factors: Something you have (e.g., a device or OTP), Something you know (e.g., a password or PIN), and Something you are (e.g., biometric data like fingerprints, facial recognition, or iris scans). For example, in India, the Reserve Bank of India (RBI) mandates two-factor authentication (2FA) for all online transactions, typically combining OTP with a PIN. In the UAE, OTPs delivered via SMS or email are a common authentication method for financial transactions. However, OTPs and PINs are increasingly vulnerable, becoming prime targets for cyberattacks, paving the way for new, more secure, and efficient authentication trends. Trends in Online Payment Security Biometrics is considered a significant advancement in authentication security today. When a user registers, their device generates a pair of security keys: a private key stored on the device, unlocked only through biometric authentication, and a public key stored on the payment network. During a transaction, the device signs the request with the private key, the network verifies it with the public key, and the result is sent to the bank. This process shifts authentication from the bank to the payment network or a third party, reducing the risk of OTP theft and providing a smoother user experience. In addition to biometrics, securing payment applications on mobile devices is another critical piece of the security puzzle. For instance, Google Play Protect, Android’s default security layer, can scan apps and detect known malware at the operating system level. However, it lacks the ability to identify sophisticated in-app fraud, such as fake keyboards, unauthorized access, or zero-day attacks. Advanced app-level security solutions enable real-time detection and response to threats, from blocking suspicious transactions to adjusting security policies based on the usage environment. As online payments continue to thrive, biometrics and mobile payment protection technologies are emerging as inevitable trends, strengthening transaction security, reducing cyber risks, and delivering a seamless, reliable payment experience. This marks a significant step toward a future where every online transaction is comprehensively protected, providing absolute peace of mind for both users and businesses. Savyint – Setting New Standards for Strong Authentication and Payment Security Amid increasingly stringent requirements for payment security and user authentication, Savyint—a global technology company specializing in open banking, data security, and advanced security solutions—is ready to deliver authentication and payment security solutions that meet rigorous national and international standards. With a focus on passwordless strong authentication (Passwordless FIDO2, PKI Passwordless, SmartOTP Passwordless), Savyint builds a comprehensive, easily integrated ecosystem of solutions, enabling financial institutions, fintech companies, and service providers to optimize user experience while meeting international standards. These include: All solutions are designed to strictly comply with international standards such as FIDO2, PSD2, eIDAS, GDPR, and PCI DSS, offering rapid deployment, compatibility with existing infrastructure, and the highest level of security. Connect with Savyint’s experts today to start building a secure payment ecosystem