Banking-grade CIAM with Curity at the Core
The foundation for secure, standards-based Open Banking. Curity provides the core layer for authentication, authorization and API security. Banks build on top, integrating device trust, eKYC, fraud and biometrics on their own terms.
The Foundation for Modern Financial Services
Financial institutions don't just need a login solution. They need secure onboarding, strong customer authentication, high-assurance API security, mobile-native journeys, step-up controls and the flexibility to integrate with local verification, fraud and regulatory requirements. Curity serves as a standards-based foundation for leading banks and financial services organizations.
Strong authentication and authorization
Token issuance and session control
API security
Orchestration
Arion Banki now has a standards-based identity platform and robust Open Banking protection
Curity Is the Identity Control Plane
Banks choose their own device trust, eKYC, biometrics, fraud and risk services. Curity centralizes authentication, authorization, token issuance and policy. Everything else plugs in. No monolithic suite. No forced choices. Curity provides a modular path forward that allows banks to modernize securely, improve customer experience and adopt advanced controls without replacing every surrounding system.
A standards-based identity core for authentication, authorization, and API security
Flexible orchestration for onboarding and customer journeys
Integration with specialized external services for verification, fraud and device trust
A clean architecture that can evolve with market and regulatory requirements
Built for Modern Banking Needs
Everything a bank needs from the identity layer — orchestration, standards-based authentication, financial-grade tokens, and mobile-native journeys.
Identity Orchestration
Policy-driven authentication pipelines orchestrate multi-step customer journeys with conditional branching, step-up based on context or transaction, external verification steps, and custom logic via scripting and extensions. Result: login, transaction approval, account recovery, and delegated approval flows from one orchestration layer — including onboarding journeys that connect to external identity verification services.
Standards-Based Authentication and Authorization
OAuth 2.0 and OpenID Connect, WebAuthn / passkeys for phishing-resistant authentication, CIBA for decoupled mobile approval flows, Device Flow for QR-based login, and federation with internal and external identity providers. Result: strong customer authentication, contextual step-up and flexible integration with banking systems.
Token, Session and API Security
JWT and opaque tokens with JWS signing and JWE encryption, revocation, introspection and refresh. FAPI, PKCE, PAR, JARM, mTLS and advanced client authentication. Result: financial-grade API security for open banking, partner integrations and customer-facing services.
Mobile-Native and Browser-Secure Journeys
API-first and mobile-native authentication via the Hypermedia Authentication API without browser redirects. The Token Handler pattern keeps web tokens out of browsers while preserving modern OAuth/OIDC architecture. Result: secure, low-friction experiences across mobile and web channels.
Easily Integrated Across the Banking Ecosystem
Curity integrates with existing banking infrastructure rather than replacing it. Integration is enabled via REST APIs, SCIM, scripting, plugins, federation and standard protocols. When the platform needs to go further — custom authenticators, authentication actions for external APIs, plugin SDK — national identity systems, local authentication schemes and market-specific regulation are supported without changes to the core.
Core banking systems
CRM and customer data platforms
Fraud and risk engines
Notification and messaging services
External identity stores and directories
Legacy IAM systems
Designed to Extend
Core CIAM is a starting point. Here's what banks build around it using Curity's orchestration and integration capabilities, built on Zero Trust principles: every request validated, no implicit trust.
Registration and eKYC Orchestration
Curity's authentication pipelines orchestrate multi-step onboarding flows that integrate with external eKYC services. Document capture, OCR, validation and biometric verification are provided by specialized third-party services. Backend checks and account creation are coordinated through Curity's orchestration layer. Multi-identity linking (CIF, digital ID, external IdP) is supported through federation and custom integration.
Device Trust and Mobile Approval
Device-to-user binding via WebAuthn or external device SDK. Policy-based trust evaluation using device context signals from external systems. Push-based mobile approval coordinated through external notification services (APNs/FCM) via integration.
Risk-Aware and Zero Trust Security
Risk signals — IP, geolocation, device, velocity, behavioral analytics — integrated via REST APIs. Every request validated via token, policy and context.
Transaction Approval and Signing
Step-up authentication triggered by transaction context. Decoupled approval via CIBA. External transaction signing with device-bound keys and WYSIWYS (What You See Is What You Sign) verification.
Advanced Digital Trust and Zero Trust Device Security
For large-scale banking environments, identity alone is not enough. Institutions must ensure users, devices, and transactions are trusted, with access decisions continuously validated under Zero Trust principles. Curity provides the identity control plane while integrating with specialized device intelligence, signing, and fraud capabilities.
Curity as the Control Plane for Zero Trust Identity
Centralizes identity and access decisions across channels using OAuth 2.0, OpenID Connect, and CIBA. Authenticates users with passkeys and MFA, issues tokens carrying identity, device, and authentication context, and enforces policy decisions on contextual signals.
Integrating Trusted Device Signals
Combines Curity with external device and credential systems through device binding, custom authentication actions, and token enrichment. Consumes hardware-backed credentials (TPM, Secure Enclave, TEE), fingerprinting, and posture signals to apply consistent policy.
Orchestrating Transaction Approval and Signing
Triggers step-up authentication based on transaction context, integrates with external signing systems, supports decoupled CIBA flows for mobile approval, and ensures issued tokens reflect the achieved assurance level — including WYSIWYS user experiences.
Risk-Aware and Adaptive Authentication
Evaluates IP, device, geolocation, behavioral patterns, transaction value, and external fraud scores via authentication actions. Triggers step-up, requires additional verification, restricts access, or adjusts token claims and assurance levels.
Integration Into Zero Trust Architectures
Designed to integrate into broader Zero Trust environments — API gateways, reverse proxies, device intelligence platforms, fraud and risk engines, HSMs and key management, EDR systems — providing the central identity and policy layer based on open standards.
Extensible by Design
Custom authenticators for proprietary login or approval methods, authentication actions for OCR, biometrics, and risk engine integration, and a plugin SDK for deeper integrations — meeting national identity, local schemes, and market-specific regulatory requirements without modifying the core platform.
Security, Compliance, and Resilience
Curity is designed for high-assurance financial environments and aligns with PSD2, SCA, Open Banking, and FAPI.
TLS 1.2+ for all communication
Token signing and encryption (JWS/JWE)
Key rotation via JWKS
Integration with HSMs and external vaults
Strong password hashing (bcrypt, PBKDF2, Argon2)
Centralized audit logging and SIEM integration
Prometheus metrics and observability
Stateless runtime architecture
Horizontal scaling with linear performance growth
Active-active and active-standby deployment models
Example: High-Value Transaction Approval
A customer logs in using a passkey or multi-factor authentication. Curity evaluates context — device trust, IP, and transaction value — and invokes external risk and fraud signals. If required, step-up authentication is triggered via mobile approval over CIBA. The customer approves the transaction on a trusted device, and Curity issues a token reflecting the achieved assurance level and context. Secure, policy-driven approval — without embedding logic in applications.
Typical Use Cases
Where banks and financial institutions use Curity as the identity control plane.
Secure retail and commercial banking onboarding
Strong customer authentication and transaction step-up
Open banking and financial-grade API security
Mobile-native authentication and approval flows
Secure web and partner-facing applications
Modernization of legacy IAM and CIAM platforms
Talk to Curity
If you are designing secure financial services identity, Curity can provide the identity core for authentication, authorization, token security, onboarding orchestration, and API protection — while integrating with the specialized systems your banking architecture depends on.
We Understand Open Banking
At Curity, we have been helping financial organizations comply with worldwide open banking regulations for years. From PSD2 in the EU to Open Banking in Brazil and the UK, and many others, we closely follow the developments of constantly evolving open finance regulations to ensure our customers can maintain compliance across all the regions in which they do business. We also adhere to more than 40 relevant industry standards, including OpenID Foundation security profile certifications like Financial-grade API (FAPI) and FAPI Client-initiated Backchannel Authentication (CIBA).
Financial-grade Package