From AFASA to BSP Circulars 1213 – 1215: SAVYINT Partners with Philippine Banks to Strengthen Security and Fight Digital Fraud
The rapid growth of digital banking, e-wallets, and online payments in the Philippines has led to a serious consequence – financial fraud is becoming increasingly sophisticated and more organized. Following the enactment of AFASA, the Bangko Sentral ng Pilipinas (BSP) continued to issue BSP Circulars 1213, 1214, and 1215, tightening the responsibilities of financial institutions and imposing stricter requirements for user authentication, fraud management, and data protection. About AFASA and BSP Circulars 1213, 1214, and 1215 Officially taking effect on June 25, 2025, the Anti-Financial Account Scamming Act (Republic Act No. 12010) was enacted by the Philippine government with the following core objectives: One of the most important requirements under AFASA is the mandatory transition of authentication methods before June 2026. OTPs sent via SMS and email will no longer be accepted for high-risk transactions. Instead, more secure methods must be implemented, such as biometric authentication, passwordless authentication, and adaptive multi-factor authentication (MFA) based on risk levels. AFASA marks a major shift in risk management thinking: account security is no longer just a technology choice – it is now a legal obligation. BSP Circular 1213 – Focus on Fraud Management and Strong Authentication Among the three circulars, BSP Circular 1213 is considered the technical backbone that brings AFASA into real operational practice. This circular requires banks and financial institutions to: BSP Circular 1213 clearly states that traditional authentication methods are no longer sufficient. Systems must understand user behavior patterns and detect fraud at the earliest stages – during login or even before a transaction is completed. Read more: Philippines BSP Circular No. 1213 and Compliance Solutions for Financial Institutions BSP Circular 1214 – Enabling Data Sharing for Faster Fraud Response BSP Circular 1214 addresses a major legal bottleneck related to accessing account data during fraud investigations. Its main goal is to create a fast-response mechanism to prevent funds from being completely withdrawn before authorities can intervene. Under this regulation: BSP Circular 1215 – Protecting Funds During Disputes While Circular 1213 focuses on prevention and 1214 focuses on investigation, BSP Circular 1215 addresses what happens after an incident occurs. It allows financial institutions to protect customer funds during the investigation period, preventing money from “disappearing” within minutes. Specifically, this circular: Together, AFASA and BSP Circulars 1213, 1214, and 1215 are reshaping the digital financial security standards in the Philippines. Financial institutions now need not only compliance documentation but also a strong technology foundation capable of detecting, preventing, and responding to fraud in real time. AFASA & BSP 1213, 1214, 1215 – Compliant Security Solutions from SAVYINT Savyint is a leading trusted service provider, ready to deliver authentication and payment security solutions that strictly comply with security standards and regulatory requirements under AFASA, BSP Circulars 1213, 1214, and 1215 issued by the Bangko Sentral ng Pilipinas (BSP), as well as the Philippine Open Banking framework and international regulations. Savyint’s solution ecosystem is built around four key pillars: Risk Management & Compliance, Cybersecurity & Application Protection, SCA/MFA Identity, and the FMS AI Fraud Engine. Together, these components protect the entire customer journey – from registration, login, authentication, and transaction execution to post-transaction monitoring. SAM Auth Server SAM Auth Server is an all-in-one strong authentication solution designed for mobile payments and digital banking. Built on a Zero Trust architecture and integrated with a FIPS 140-3 Level 3 certified Hardware Security Module (HSM), and ready for Post-Quantum Cryptography, SAM Auth Server supports a wide range of modern authentication methods, including: Biometric authentication, Smart OTP, Push Authentication, FIDO2 / Passkeys and Context-based authentication It enables step-up authentication when risk levels increase, ensuring maximum protection for electronic transactions. SAM FIDO2 Identity Server SAM FIDO2 Identity Server is a passwordless identity and authentication platform based on FIDO2/WebAuthn standards. It eliminates password storage by replacing passwords with asymmetric key-based authentication securely stored on the user’s device.As a result, the system effectively protects against common attacks such as phishing, man-in-the-middle attacks, and credential stuffing. SAM FIDO2 Identity Server fully meets Strong Customer Authentication (SCA) requirements under PSD2/PSD3 and complies with international standards for identity and data security. SAVYINT Fraud Prevention & Risk Management SAVYINT Fraud Prevention & Risk Management leverages AI and Machine Learning (ML) to help banks and financial institutions detect, assess, and prevent fraud across the entire user journey – from login behavior, device characteristics, and access context to transaction data. Key capabilities include: RASP+ RASP+ protects mobile applications directly within the runtime environment, detecting and blocking attacks while the application is running. It can detect rooted or jailbroken devices, debugging attempts, code tampering, hooking techniques, memory manipulation and emulator-based attacks. RASP+ integrates directly into mobile applications without affecting performance, ensuring strong protection without compromising user experience. TrustShield TrustShield is a mobile fraud prevention platform powered by device fingerprinting, behavioral analytics, and AI. It can identify devices without relying on cookies or advertising IDs, detect emulators, rooted or jailbroken devices, identify multi-device fraud patterns, analyze in-app user behavior, generate real-time risk scores and trigger adaptive authentication directly on mobile devices. With a multi-layered architecture and seamless integration capabilities, Savyint’s security ecosystem delivers a comprehensive fraud prevention model – protecting devices, behavior, identity, and transactions simultaneously. All solutions comply with AFASA, BSP Circulars 1213, 1214, 1215, and international standards such as FIDO2, PSD2/PSD3, eIDAS, GDPR, and PCI DSS. This allows fast deployment on existing infrastructure while achieving the highest level of security. Connect with Savyint’s experts today to implement and optimize your security solutions – and be fully prepared to meet AFASA and BSP requirements within just 3 months!
Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN
Open Banking is not only a global trend but also one of the key pillars in the digital transformation strategy of Vietnam’s financial and banking sector. Expanding connectivity and data sharing between banks and third-party providers (TPPs) opens up opportunities for service innovation and customer-centric financial ecosystems. Alongside these opportunities come significant challenges related to regulatory compliance, data protection, and strong customer authentication (SCA/MFA), as stipulated in Circulars No. 64 and 50/2024/TT-NHNN issued by the State Bank of Vietnam (SBV). To provide a comprehensive perspective from policy to technology to implementation, Savyint Group, in collaboration with the Vietnam Institute for Innovation and Digital Transformation (VIDTI), IBM Vietnam, and Techdata, will host the workshop: “Implementing safe, reliable Open Banking and complying with Circular 64 & 50/2024/TT-NHNN” The event will take place on Friday, November 21, 2025, from 08:30 to 12:00 at Hotel du Parc Hanoi, and will also be livestreamed via Zoom Webinar, enabling individuals and organizations interested in banking technology and digital transformation to join remotely. The workshop will bring together representatives from Savyint Group, along with experts from the Information Technology Department of the State Bank of Vietnam, the Vietnam Institute for Innovation and Digital Transformation (VIDTI), and IBM Vietnam, to share key insights on the following topics: This workshop offers a valuable opportunity for banks, financial institutions, and technology partners to gain a deeper understanding of the regulatory frameworks, technical standards, and modern security solutions required to successfully implement Open Banking in Vietnam. With the participation of leading organizations in digital transformation, information security, and financial technology, the event promises to deliver practical insights, international best practices, and strategic directions to help Vietnam build a secure, transparent, and trusted open financial ecosystem. 👉 Register now to join the workshop: https://forms.office.com/e/TZvYePQqCB
Establishing Digital Trust in Banking
As digital services continue to grow, user expectations for security and data privacy are rising. Digital Trust has become a competitive advantage in banking, where financial institutions must not only deliver services but also demonstrate reliability in protecting customers’ personal data, assets and privacy. What is Digital Trust? Digital Trust is the confidence customers place in an organization’s ability to protect data, ensure secure transactions, and comply with regulations. It extends beyond mere trust in a business to include confidence in technology, data management, operational transparency, customer service, and adherence to fair, lawful practices. For example, Public Key Infrastructure (PKI) provides a foundation for secure digital identity, document signing, data encryption, and timestamping—core elements for a secure and reliable digital experience. Broadly, adopting PKI is part of building Digital Trust, reinforcing customer confidence in an organization’s ability to safeguard data, comply with laws, and operate transparently. The Importance of Digital Trust in Banking Digital Trust is critical for financial institutions, as banks handle vast amounts of sensitive information daily, from personal data and transaction histories to financial assets. Strengthening Digital Trust enables organizations to: The Core Pillars of Digital Trust in Banking To build robust Digital Trust, banks must focus on six key pillars: security, transparency, privacy, data integrity, ethical technology use, and regulatory compliance. Each pillar plays a critical role: Protecting customer data from unauthorized access, cyberattacks, and fraud is paramount. Banks should adopt modern security technologies, such as: + Data encryption + Multi-factor authentication (MFA) + Biometric authentication (fingerprint, facial recognition) Privacy goes hand-in-hand with security. Banks must minimize unnecessary data collection and sharing while empowering users with transparent, understandable privacy policies and control over their data. Customers must know how their data is used, who has access, and what safeguards are in place. Transparency—from clear privacy policies to timely communication of changes—builds trust. In case of breaches, banks should have response mechanisms in place, including timely customer notification, damage control, and fair compensation if needed. User-friendly and secure authentication is essential for trusted digital transactions. Banks should implement solutions such as: + Biometric authentication + Blockchain-based identity management + Strong authentication to prevent unauthorized access A secure digital identity process also helps banks comply with KYC requirements while ensuring customer convenience and data protection. Customers expect up-to-date, accurate data—from account balances to transaction records. Banks should ensure this by: + Conducting regular audits + Establishing clear data verification processes + Maintaining transparent reporting systems Artificial Intelligence (AI) and Machine Learning (ML) can further enhance reliability by detecting anomalies, automating data handling, and ensuring data consistency. As AI becomes more integrated into banking—from loan suggestions to credit scoring—banks must ensure: + AI systems provide fair, unbiased recommendations, without discrimination based on gender, age, geography, or income (e.g., not denying loans solely based on rural residence). + Use of Explainable AI, allowing customers to understand decisions made. + Clear feedback and appeal channels if customers disagree with AI-driven decisions. To establish Digital Trust, organizations must adopt technology platforms recognized for compliance with national and international standards, ensuring secure, transparent, and verifiable digital transactions. For example, PKI enables secure encryption, digital signing, and identity verification. Leveraging services from trusted providers and adhering to standards like eIDAS, FIPS, GDPR, and ISO/IEC 27001 demonstrates a serious commitment to protecting customer data and privacy. Digital Trust is now a strategic priority in the digital transformation of financial institutions. Building it through robust security, transparency, privacy, data integrity, and ethical technology use is essential for banks to maintain a leading position. Establishing Digital Trust with SAVYINT SAVYINT is a global technology company pioneering open banking, data security, and protection across critical sectors like Finance-Banking, Government, Manufacturing, Telecommunications, Healthcare, Education, and Media. Beyond being a trusted service provider, SAVYINT offers electronic authentication services, including timestamping and Qualified Trust Services (QTSP) for digital signing and electronic seals through its QTSP Remote Signing solution. With extensive experience in designing, deploying, and operating electronic identity systems (eKYC), digital signing, data encryption, and PKI and CA systems (national, internal and public CAs) for numerous banks and financial institutions, SAVYINT provides a comprehensive suite of solutions to establish Digital Trust: Connect with SAVYINT experts HERE to establish Digital Trust for your organization!
SAVYINT GROUP Shares Insights on Digital Trust at Vietnam – Asia DX Summit 2025
At the workshop “Enhance DX: Expanding Market Scale – Promoting Cooperation”, held as part of the Vietnam – Asia DX Summit 2025, SAVYINT GROUP delivered deep and insightful perspectives on Digital Trust: establishing trusted services, strong identity and authentication frameworks, and safeguarding user privacy in an increasingly digital world. On May 27 in Hanoi, the Vietnam – Asia DX Summit 2025, chaired by the Vietnam Software and IT Services Association (VINASA), officially kicked off under the theme: “Mastering Technology – Breakthroughs for Progress.” Spanning two days, the summit welcomed over 2,500 attendees, including leaders from government bodies, industry experts, and representatives from technology firms in Vietnam and 16 countries and economies across the region. With 9 focused workshops, more than 100 speakers, and engaging discussions, the event addressed key policy bottlenecks within Resolution No. 57-NQ/TW (December 22, 2024) and Resolution No. 68-NQ/TW (May 4, 2025) issued by the Politburo. It also spotlighted digital transformation, technology renewal, digital infrastructure development, green and smart production, AI, digital data resources, and regional collaboration amid rapid technological changes and shifting geopolitical landscapes. At the workshop “Enhance DX: Expanding Market Scale – Promoting Cooperation”, Mr. Hoang Nguyen Van, Founder & CTO of SAVYINT GROUP, delivered an impactful presentation on Digital Trust – a foundational pillar for creating a safe, secure, and reliable digital environment for both users and institutions. Digital Trust – Building User Confidence in People, Technology, and Processes “Digital Trust is the confidence users place in people, technology, and processes to build a safe digital world,” Mr Van emphasized. He also pointed out that Digital Trust is not merely a technological requirement but a strategic foundation for constructing a transparent, secure, and responsible digital ecosystem—a vision closely aligned with Resolution No. 57-NQ/TW, which positions digital transformation and innovation as the core of national development. However, he noted that according to PwC’s 2025 Global Digital Trust Insights, only 2% of organizations worldwide have implemented Digital Trust at scale—revealing a gap and a golden opportunity for forward-thinking enterprises to leverage Digital Trust as a competitive advantage. To establish Digital Trust, Mr. Van outlined that organizations must build a comprehensive, multi-layered security foundation including: Digital Identities (for people, devices, applications, and systems); Data (structured, unstructured, and semi-structured) and Cryptography, using PKI (Public Key Infrastructure) and digital certificates to encrypt and protect information. He emphasized, “PKI plays a central role in the Digital Trust ecosystem, enabling secure data encryption, digital signing, and ensuring data integrity in all online interactions.” Mr. Van also illustrated how a secure Digital Trust infrastructure can support cross-border identity and payment ecosystems, with practical applications in various sectors such as hotel bookings, e-check-ins, telecom identity verification, e-contract signing, and healthcare authentication. SAVYINT – A Pioneer in Building Digital Trust in Vietnam As a trailblazer in digital identity and trust services, SAVYINT proudly stands as the first organization in Vietnam to receive QTSP (Qualified Trust Service Provider) certification under the European Union’s eIDAS regulation—the highest international standard for trusted digital services and electronic signatures. This achievement not only confirms the technological capability, compliance, and reliability of SAVYINT’s solutions but also reinforces its ability to develop independent, sovereign, and globally aligned Digital Trust infrastructures in Vietnam. One of the key strategic solutions highlighted by SAVYINT in this presentation is the Enterprise Security Appliance — an all-in-one security solution built into a single hardware device, integrated with a Hardware Security Module (HSM). This appliance enables organizations and enterprises to encrypt data, implement electronic identification (eID), establish a dedicated PKI infrastructure, perform remote digital signing, and manage the issuance, renewal, and revocation of digital certificates. Enterprise Security Appliance – All in a Box features flexible modules such as: Tokenization, Digital Authentication, eID, PKI (CA, VA, TSA); Remote Signing, Data Encryption, SCA/FIDO2, End-to-End Encryption; Data Privacy, Transaction Signing. The solution is compact, portable, easily deployable, and seamlessly integrates with existing IT systems. It can be fully tailored or scaled based on the specific needs of each enterprise and evolves alongside technological changes. Moreover, every component that constitutes the Enterprise Security Appliance—including both hardware and software—along with its operational governance framework, is rigorously designed to meet the highest international standards for security, protection, and legal compliance: Designed as a dedicated on-premise Digital Trust hub, SAVYINT empowers customers to build customized Enterprise Security Appliances with only the necessary functionalities—offering complete autonomy and optimal cost-efficiency without third-party dependency. Through its participation in Vietnam – Asia DX Summit 2025, and its impactful contribution on Digital Trust, SAVYINT once again reaffirms its mission: to accompany Vietnam in mastering core digital technologies, creating breakthroughs, and rising confidently on the global digital transformation map.