Bank of Thailand Cybersecurity Measures
In the Office of the National Economic and Social Development Council (NESDC) report Thailand Social’s Outlook of Q1/ 2022 it was reported that in 2021, 48.10% of people had experienced fraud and that the most prevalent type was through phishing emails and SMS. Additionally, it was found that the public did not believe the government’s actions against fraud were effective enough.
With this in mind, the Bank of Thailand has introduced new cybersecurity measures in order to try and fight against fraudsters. Commercial banks and members of the Thai Bankers’ Association (TBA) have welcomed the measures and agreed to comply by June of this year. The President of the TBA, when speaking at the joint press conference with the Bank of Thailand, TBA, and the Association of State Financial Institutions, admitted that the new measures would require significant investment but that the measures will be beneficial to assist in combating cybersecurity threats. He also highlighted that the collection of biometric data from customers has already begun as well as the development of the Central Fraud Registry (CFR).
Outlined below are the measures being taken to help with cybersecurity:
✓ Financial institutions will not be able to send links via SMS or email
✓ Mobile banking users can only use one username for a device
✓ Central Bank requires financial institutions to set up a hotline call center for potential fraud victims to contact 24/7
✓ Banks cannot send customers’ personal data through social media
Additionally, biometric scans will be required for certain ‘riskier’, mobile transactions as follows:
✓ Digital money transfers over THB 50,000 per transaction
✓ Transfers of more than THB 200,000 per day
✓ To change credit transfer amounts over THB 50,000 per transaction
The sum of THB 50,000 was agreed upon as it has been highlighted as a frequently targeted amount for fraudsters.
Central Fraud Registry
This new inspection entity, a separate system from the Thailand Banking Sector Computer Emergency Response Team (CERT), will ultimately assist banks in detecting fraudulent activity faster. The CFR will monitor different fraudulent transactions and share information with member banks. This will provide an additional level of security, once it is implemented, in addition to the new cyber security measures announced.