Commercial banking members of the Thai Bankers’ Association (TBA) are developing their digital technology to address cyber risks. The association undertook to comply with the new measures, TBA President Payong Srivanich announced at a press conference on Friday (March 10) in cooperation with the central bank and the Association of Government Financial Institutions (GFA). Bangkok Post.
Mr Payong said banks were already collecting customers’ biometric data, enabling facial scanning of money transfers and changing transfer limits on mobile banking apps. He said banks still collect such biometric data.
According to the new measures, face scanning is required: for digital money transfers exceeding Bt 50,000 per transaction; transfers exceeding Bt 200,000 per day; and to modify transfer amounts exceeding Bt 50,000 per transaction. Banks must implement these measures by June this year.
BOT Governor Sethaput Suthiwartnarueput said on Thursday (March 9) that the central bank chose 50,000 baht and above because the amount is often targeted by fraudsters.
“In order to comply with the new cyber security measures, banks will need to spend a higher investment budget on IT and digital system development,” admitted Mr. Payong. TBA.
“However, the investment is necessary in order to avoid cyber risks, because otherwise it may cause greater losses to both customers and banks,” he added.
Tuantong Treenuparb, senior vice president for IT at the Government Housing Bank and GFA representative, said that specialized financial institutions (SFIs) have also developed biometric technology to protect customers from cyber risks. As a result, SFIs are committed to complying with the central bank’s new cyber security measures, he said.
However, for some SFI customers, especially customers from vulnerable segments who are not familiar with digital banking transactions, banks are helping them with financial and digital literacy to protect themselves from digital financial fraud, Mr Tuantong said.
Siritida Panomwon Na Ayudhya, Bank of Thailand’s deputy governor in charge of payment systems policy and financial technology group, said some banks have collected digital facial data from more than 50% of their total deposit customers, while others have remained below that level.
Banks have only been collecting digital data for about two years, so it will continue to be a tool for managing cyber risks, he said.
“At the initial stage, the central bank will require face scanning for digital money transfers and adjust transfer limits,” Ms Siritida said.
“Facial scans could be extended to cash deposits and withdrawals in the next step.”
Further measures to follow
The regulator also wants to close loopholes and prevent fraudsters from gaining access to consumers by banning financial institutions from sending links via SMS and email.
Banks are also not allowed to send customers’ personal information via social media. Also, mobile banking users can only use one username per device.
The central bank also requires financial institutions to set up a hotline telephone center where customers or victims of financial fraud can contact them 24/7.
On February 15th Deputy Government Spokesperson Rachada Dhnadirek said the The 14-paragraph draft decree on the prevention and suppression of technological crime is expected to enter into force soon. The drag – combating the use of “mule” bank accounts by fraudsters and call center gangs – has already been examined by the State Council and approved by the cabinet.
Telecom operators must provide information about their customers to the Royal Thai Police (RTP), the Department of Special Investigations (DSI) or the Anti-Money Laundering Office (AMLO) within a specified period of time for investigation if illegal activity is suspected.
Financial institutions and businesses that detect suspicious transactions may temporarily suspend them before notifying the financial institutions or businesses that receive the money transferred.
The draft decree also imposes severe penalties on people who are designated to open accounts or who allow others to use mobile phone numbers for illegal activities. They face three years in prison, a maximum fine of B300,000, or both.
Those who assist in obtaining bank accounts, electronic cards, e-wallets, SIM cards, or those who advertise this service may be sentenced to up to 5 years in prison, a fine of B200-500,000, or both.
According to central bank data, between March and December 2022, there were approximately 50,000 online shopping frauds, 20,000 money transfer frauds, 18,000 credit frauds and 13,000 call center frauds. 58,000 authorized deposit account fraud occurred, including all reported losses B5.5 billion.