HPO app icon

HD SAISON · NFC eKYC onboarding

HPO's eKYC onboarding flow: the data and the authorized route to it

Open HPO and there is no balance screen, no transaction list, no dashboard. It does one job: it reads the chip in a Vietnamese citizen ID card over NFC and turns that, plus a face capture and an agent-issued QR code, into a verified identity that HD SAISON's backend accepts. That makes HPO an onboarding gateway rather than an account app — and the data worth integrating is the eKYC payload moving through it. HD SAISON, the developer named on both store listings, is a HDBank / Credit Saison joint venture that, by its own market figures, has served on the order of 11 million customers across more than 23,000 transaction points in Vietnam.

What HPO carries, surface by surface

Each row below is something the app genuinely produces or moves during a session, named the way HPO's own flow uses it. Granularity reflects how the data actually arrives — a single chip read, a session-scoped token, a one-shot verdict.

Data surfaceWhere it comes from in HPOGranularityIntegration use
CCCD chip recordNFC read of the chip in the citizen ID cardOne structured read per card (identity fields, portrait)Populate a verified-identity object without manual key-in
Document imagesFront and back photographs of the CCCDPer session, image pairArchive for audit; feed OCR cross-check
Liveness / face frameIn-app face capture stepPer sessionBind the live person to the chip portrait
QR session tokenCode an HDSAISON agent issues to start eKYCShort-lived, per onboardingScope and correlate a verification session
Verification verdictResult returned by the HD SAISON backendOne outcome per sessionTrigger downstream loan-application logic
Customer linkageIdentifier the passed session resolves toPer verified individualHop from onboarding into the account record

Two routes that fit this app

Vietnam has no mandated account-access scheme to ride, so neither route here is a regulator-published feed. Both run on authorization the project arranges with you.

Route A — protocol analysis of the eKYC submission

We capture and model the calls HPO makes once the QR token is scanned: how the chip read, image set and liveness frame are packaged, what auth the client presents, and the shape of the verdict that returns. Reachable: the full onboarding payload and result. Effort is moderate; the NFC read itself stays on the handset, so we document that boundary and model everything downstream of it. Durability is decent because the verification contract changes less often than a UI. Onboarding is set up with you — we run the capture against a consenting test profile or a sponsor environment your team provides.

Route B — consented access to the HD SAISON account record

For projects that need more than the onboarding moment, a passed session resolves to a customer at HD SAISON. With the account holder's consent we map the authenticated portal calls behind that — loan application status, account standing — and expose them under the same auth model. Reachable: the borrower's own records. Effort depends on how the portal session is held; durability tracks the portal front end.

For most briefs the eKYC submission is the prize, so Route A is where we would start and where the working source first lands; Route B gets added only when a project's data need actually extends past the verification result. We say which one carries your build after the first capture pass, because that is when the payload shapes are confirmed rather than assumed.

What lands in your repository

Output is a working integration of HPO's flow, not a report about it. For this app that means:

  • An OpenAPI/Swagger spec describing the eKYC submission and verdict surfaces as normalized endpoints.
  • A protocol and auth-flow report covering the QR-token binding, the request signing the client uses, and the session lifecycle.
  • Runnable source for the key calls in Python and Node.js — building the verified-identity object, submitting a session, polling the verdict.
  • Automated tests against recorded fixtures so a contract change shows up as a failing test, not a silent break.
  • Interface documentation, plus consent and data-retention guidance written against Decree 13 for handling chip and biometric data.

A worked call against the verdict surface

Illustrative shape, confirmed and corrected during the build against a consenting session — field names are modelled from the onboarding flow, not quoted from private docs.

POST /ekyc/v1/session/{qr_token}/submit
Authorization: Bearer <device-scoped session token>
Content-Type: application/json

{
  "chip": {                      // from the on-device NFC read
    "id_number": "0790xxxxxxxx",
    "full_name": "...",
    "dob": "1990-04-12",
    "portrait_ref": "img:chip-portrait"
  },
  "documents": ["img:cccd-front", "img:cccd-back"],
  "liveness_ref": "img:face-capture"
}

200 OK
{
  "session": "qr_3f9a...",
  "result": "VERIFIED",          // or PENDING / REJECTED
  "customer_ref": "hds:cus:88421",
  "issued_at": "2026-06-25T03:11:50Z"
}

# error path the wrapper has to handle
409 { "result": "REJECTED", "reason": "LIVENESS_MISMATCH" }

The wrapper retries only PENDING, treats a 409 as terminal, and never tries to synthesize the chip read — that stays a device step, and the client code says so.

This is biometric and identity-document data, which puts it among the most sensitive categories a project can touch. The framework that applies is Decree 13/2023/ND-CP, Vietnam's personal data protection decree, in effect since 1 July 2023 per published legal summaries; its enforcement sits with the Ministry of Public Security's cybersecurity department. HD SAISON itself is a finance company licensed under the State Bank of Vietnam. We work to the Decree's spirit: explicit, recorded data-subject consent before any chip or face data is processed, access scoped to what a session needs, retention limited and documented, and an NDA where the engagement calls for it. Where a session involves a real borrower, the consumer's own authorization is the dependable basis we rely on — not any assumed regulatory access.

Build notes specific to HPO

Two things shape how we scope this one.

First, the NFC read is a hardware boundary, and we design around it rather than pretending past it. The chip read must happen on a phone with NFC against the physical card, so we split the integration cleanly: the on-device capture stays native, and our server-side wrapper begins at the submission. Documenting that line is part of the deliverable, so a caller never expects to replay a chip read from the cloud.

Second, the QR token is the spine of session correlation, and we build the sync around its short life. Because an HDSAISON agent issues it to open a session, we design the flow to acquire, bind and consume the token inside its validity window, and we wire the verdict poll so a slow eKYC outcome surfaces as PENDING rather than a dropped session. We also keep a re-check step in maintenance for when the onboarding front end shifts, so the contract stays honest after release. Access — a consenting profile or a sponsor environment — is arranged with you during onboarding.

Screens we worked from

HPO's published store captures, used to read the onboarding steps. Select to enlarge.

HPO screen 1 HPO screen 2 HPO screen 3 HPO screen 4 HPO screen 5 HPO screen 6

Comparable apps in the same market

HD SAISON sits among Vietnam's consumer-finance operators, several of which run their own app-based eKYC and account flows. A unified integration usually wants more than one of these mapped to a shared identity and account schema.

  • FE Credit — the market-share leader per Vietnamese press reporting; holds cash-loan and card account data behind app onboarding.
  • Home Credit (Tài Chính Online) — cash loans, credit cards and a Home PayLater account, all served through its app.
  • Mcredit — a Military Bank / SBI Shinsei joint venture; cash-loan accounts and repayment schedules.
  • My Finance (Mirae Asset) — consumer loan registration and account servicing on a digitized platform.
  • EVO Money — Mirae Asset / Trusting Social digital credit with fully in-app eKYC and disbursement.
  • Shinhan Finance — consumer-finance arm of Shinhan Card, with app-based lending records.
  • Lotte Finance — cash loans and cards through its mobile channel.
  • MAFC — Mirae Asset Finance's loan registration and account app.

How this was checked, and where to verify it

Read on 25 June 2026 from HPO's two store listings and the developer description, cross-checked against public reporting on HD SAISON and on Vietnam's personal-data regime. The eKYC payload shapes here are inferred from the flow and are confirmed against a live session during the build, not quoted from private documentation.

Mapping reviewed 2026-06-25 by the OpenBanking Studio integration desk.

Questions an integrator tends to ask

What does HPO actually hold that an integrator can use?

HPO carries the eKYC payload it builds during onboarding: the CCCD chip read pulled over NFC, the front and back card images, a face-capture for the liveness match, and the QR token an HDSAISON agent issues to bind a session. Each of those, plus the verification verdict sent back from the HD SAISON backend, is a surface we can model and expose.

Vietnam has no PSD2-style mandate — what gives you the legal basis to integrate HPO?

There is no open-banking access mandate in Vietnam, so the basis is the customer's own authorization plus the data subject's consent under Decree 13/2023/ND-CP, which took effect on 1 July 2023 per published summaries. We work against a consenting account or a sponsor-provided test profile, log every access, and keep records that match the Decree's consent and notification duties.

Can the NFC CCCD chip read be reproduced server-side, or only on the handset?

The NFC read of the chip happens on the device, against the physical card, so it can't be replayed from a server. What we integrate is the submission that follows: the structured chip fields, images and session token the app posts to the backend. We document that boundary clearly so a caller knows the on-device step is the only part that must stay on a handset.

How would this connect to a borrower's HD SAISON loan record rather than just the eKYC session?

The eKYC session resolves to an HD SAISON customer identifier once verification passes. With the account holder's consent we map that handoff and the authenticated portal calls behind it, so an integration can move from the onboarding result to the loan-application and account-status data tied to the same person.

App profile — HPO at a glance

HPO is a free identity-verification app from HD SAISON Finance Co., Ltd, package vn.com.hdsaison.hpo on Android and id6504893750 on iOS per the store listings. Its function is QR scanning and NFC reading of the chip in Vietnamese citizen ID cards (CCCD) to complete eKYC: the user downloads the app, prepares the chip card, gets a QR code from an HDSAISON agent, and follows the in-app NFC steps. HD SAISON, the developer, is a HDBank and Credit Saison joint venture and a State Bank of Vietnam–licensed consumer-finance company offering motorcycle, electronics, vehicle and cash loans. Listed contact: www.hdsaison.com.vn, hotline 1900 558854.

One last practical note, since the price is the question most people skip to: source-code delivery starts at $300, and you pay it only after the integration is delivered and you're satisfied with it; the alternative is our pay-per-call hosted API, where there's no upfront fee and you're billed only for the calls you make. Either way the build cycle runs one to two weeks. Tell us the app — HPO here — and what you want out of its data; we arrange the access and compliance side with you. Start the conversation at /contact.html.

Last checked 2026-06-25.

HPO screen 1 enlarged
HPO screen 2 enlarged
HPO screen 3 enlarged
HPO screen 4 enlarged
HPO screen 5 enlarged
HPO screen 6 enlarged