In July 2025, Savyint, an IT product company specializing in information security, payment security and open banking, and Curity – A global leader in identity and access management (IAM) platforms, announced a strategic partnership to strengthen identity management, user authentication and API security in Open Banking in Vietnam and the broader APAC region.
Aligned with Vietnam’s strategy to build a modern digital economy and supported by regulations laying the foundation for open banking, Savyint and Curity collaborate to deliver IAM and API management (APIM) solutions that ensure flexibility, security, and compliance with open banking standards.
The partnership focuses on developing highly secure IAM and APIM solutions for the financial and banking sector, adhering to global security and identity standards including OAuth2, OpenID Connect (OIDC), and FAPI – aligned with PSD2, mTLS, and others.
Joint solution highlights:
- A flexible, modern authentication system supporting over 30 methods (multi-factor authentication, App2App, SSO, passwordless, Passkey/FIDO2), customizable to meet specific market needs.
- Integration of a consent management module based on OAuth2, utilizing Strong Customer Authentication (SCA) as mandated by PSD2.
- HSM integration via PKCS#11 standard with various HSMs like Kryptus, Entrust nCipher, Thales, etc., without reliance on third-party plugins.
- Support for Phantom Tokens and Token Handler to enhance security in digital environments.
- Development of an APIM infrastructure (separated from IAM based on a Neo-security architecture), compatible with various API Gateways.
- API Security Module: Compliant with international standards such as OAuth 2.0, OpenID Connect, FAPI 1.0 & 2.0, DCR, PSD2/PSD3, and the EU’s API Security Framework, and integrated with HSM via PKCS#11. This module employs best practices for API security, including:
- Centralized API Gateway for managing traffic flows
- Integrated centralized OAuth server to secure client authentication, user authentication and token signing
- Use of JSON Web Key Sets (JWKS) for distributing public keys from the OAuth server
- Zero Trust architecture design, where all API requests are treated as untrusted by default and must undergo strict authentication and authorization before access is granted. This solution is trusted by major global financial institutions, such as Santander, to secure API infrastructure.
This comprehensive authentication, identity management and API security solution serves as the core foundation in the open banking, enabling seamless integration for banks and third-party providers (TPPs), ensuring interoperability with APIM platforms and meeting the technical standards outlined in Circular 50/2024/TT-NHNN on security for online banking services and Circular 64/2024/TT-NHNN on implementing open APIs in the banking sector.
Compared to other IAM platforms, Curity demonstrates superior security, compliance with international standards, and deployment flexibility, supporting over 40 security standards like OAuth2, OpenID Connect, FAPI, PKCE, SAML, CIBA, CDR, HSM keystore, Mobile SDK, MFA/SCA, and more. Notably, Curity offers over 30 authentication methods and a specialized Consentor module, a feature not commonly found in other platforms. With PCI DSS compliance, Phantom Token and Token Handler support for SPAs, Curity is an ideal choice for open banking systems requiring high financial security and long-term scalability.
According to Kuppinger Cole’s API Security and Management report, Curity ranks among the top leaders in technology and performance, underscoring its ability to deliver robust API security solutions aligned with modern trends, particularly in IAM and API security per standards like OAuth 2.0 and OpenID Connect.
Mr Brad Palmer, Chief Operating Officer & Executive Vice President of Savyint, stated: “Our partnership with Curity enables Savyint to deploy advanced IAM solutions that meet the stringent requirements of open banking in Vietnam. With flexible authentication methods, consent management and HSM integration, together with Curity, we will build a secure, transparent, and efficient ecosystem.”
Mr Stefan Nilsson, Chief Commercial Officer at Curity, added: “We are excited to collaborate with Savyint to advance open banking in Vietnam. Partnering with Savyint allows us to apply Curity’s global IAM expertise to local markets with precision, fostering secure and scalable open banking frameworks.”
About Curity
Founded in 2015, Curity is a leading provider of identity management solutions, trusted by major organizations in sectors such as finance, telecommunications, retail, online gaming, energy, and government across multiple countries. Curity focuses on delivering identity and API security solutions compliant with open standards like OAuth 2.0, OpenID Connect, FAPI 1&2, Mobile SDK, MFA/SCA, ensuring data security and optimized user experiences.
Curity’s core system, the Curity Identity Server, is recognized as the most comprehensive server supporting OAuth and OpenID Connect standards.
Curity is headquartered in Stockholm, Sweden, with a global team of experts.
About Savyint
Savyint is an IT security company based in Sydney, Australia with an R&D center in Hanoi and international offices in Singapore, Dubai, Ho Chi Minh City (Vietnam), and Sofia (Bulgaria).
With over 20 years of experience, Savyint is among the world’s leading IT companies, providing software platforms, system solutions, and services for digital transformation. Its expertise includes open banking, information security, and FinTech, particularly in the Finance & Banking, FSI, Government, Manufacturing, Telecommunications, Healthcare, Education, and Media sectors.
