News

Back

Thai Banks to Comply with Bank of Thailand Cybersecurity Measures

Bank of Thailand Cybersecurity Measures

In the Office of the National Economic and Social Development Council (NESDC) report Thailand Social’s Outlook of Q1/ 2022 it was reported that in 2021, 48.10% of people had experienced fraud and that the most prevalent type was through phishing emails and SMS. Additionally, it was found that the public did not believe the government’s actions against fraud were effective enough. 

With this in mind, the Bank of Thailand has introduced new cybersecurity measures in order to try and fight against fraudsters. Commercial banks and members of the Thai Bankers’ Association (TBA) have welcomed the measures and agreed to comply by June of this year. The President of the TBA, when speaking at the joint press conference with the Bank of Thailand, TBA, and the Association of State Financial Institutions, admitted that the new measures would require significant investment but that the measures will be beneficial to assist in combating cybersecurity threats. He also highlighted that the collection of biometric data from customers has already begun as well as the development of the Central Fraud Registry (CFR).

Outlined below are the measures being taken to help with cybersecurity:

   Financial institutions will not be able to send links via SMS or email

   Mobile banking users can only use one username for a device

   Central Bank requires financial institutions to set up a hotline call center for potential fraud victims to contact 24/7

   Banks cannot send customers’ personal data through social media

Additionally, biometric scans will be required for certain ‘riskier’, mobile transactions as follows:

   Digital money transfers over THB 50,000 per transaction

   Transfers of more than THB 200,000 per day

   To change credit transfer amounts over THB 50,000 per transaction

The sum of THB 50,000 was agreed upon as it has been highlighted as a frequently targeted amount for fraudsters.

Central Fraud Registry

This new inspection entity, a separate system from the Thailand Banking Sector Computer Emergency Response Team (CERT), will ultimately assist banks in detecting fraudulent activity faster. The CFR will monitor different fraudulent transactions and share information with member banks. This will provide an additional level of security, once it is implemented, in addition to the new cyber security measures announced.

Liabilities for Non-Compliance with the PDPA

FinTech Business and Investment in Thailand

Cyber Security and Directors Liability