Curity and Savyint Partner to Advance Identity and API Security for Open Banking in APAC

We’re excited to announce our new strategic partnership with Saviynt, a leading IT product company specializing in information security, payment security and open banking. Started in July 2025, this collaboration will strengthen identity management, user authentication and API security in Open Banking across Vietnam and the broader APAC region.

Aligned with Vietnam’s strategy to build a modern digital economy and supported by regulations laying the foundation for open banking, Savyint and Curity collaborate to deliver IAM and API management (APIM) solutions that ensure flexibility, security and compliance with open banking standards.

The partnership focuses on developing highly secure IAM and APIM solutions for the financial and banking sector, adhering to global security and identity standards including OAuth2, OpenID Connect (OIDC), and FAPI – aligned with PSD2, mTLS, and others.

Joint solution highlights:

• A flexible, modern authentication system supporting over 30 methods (multi-factor authentication, App2App, SSO, passwordless, Passkey/FIDO2), customizable to meet specific market needs.
• Integration of a consent management module based on OAuth2, utilizing Strong Customer Authentication (SCA) as mandated by PSD2.
• HSM integration via PKCS#11 standard with various HSMs like Kryptus, Entrust nCipher, Thales, etc., without reliance on third-party plugins.
• Support for Phantom Tokens and Token Handler to enhance security in digital environments.
• Development of an APIM infrastructure (separated from IAM based on a Neo-security architecture), compatible with various API Gateways.
• API Security Module: Compliant with international standards such as OAuth 2.0, OpenID Connect, FAPI 1.0 & 2.0, DCR, PSD2/PSD3, and the EU’s API Security Framework, and integrated with HSM via PKCS#11. This module employs best practices for API security, including centralized API Gateway for managing traffic flows, integrated centralized OAuth server to secure client authentication, user authentication and token signing
• Use of JSON Web Key Sets (JWKS) for distributing public keys from the OAuth server
• Zero Trust architecture design, where all API requests are treated as untrusted by default and must undergo strict authentication and authorization before access is granted.

Brad Palmer, Chief Operating Officer & Executive Vice President of Savyint, stated:

Our partnership with Curity enables Savyint to deploy advanced IAM solutions that meet the stringent requirements of open banking in Vietnam. With flexible authentication methods, consent management and HSM integration, together with Curity, we will build a secure, transparent, and efficient ecosystem.

Stefan Nilsson, Chief Commercial Officer at Curity, added:

We are excited to collaborate with Savyint to advance open banking in Vietnam. Partnering with Savyint allows us to apply Curity’s global IAM expertise to local markets with precision, fostering secure and scalable open banking frameworks.

About Savyint

Savyint is an IT security company based in Sydney, Australia with an R&D center in Hanoi and international offices in Singapore, Dubai, Ho Chi Minh City (Vietnam) and Sofia (Bulgaria).

With over 20 years of experience, Savyint is among the world’s leading IT companies, providing software platforms, system solutions, and services for digital transformation. Its expertise includes open banking, information security and FinTech, particularly in the Finance & Banking, FSI, Government, Manufacturing, Telecommunications, Healthcare, Education and Media sectors.