Minister wants protection for e-commerce platform
The Digital Economy and Society (DES) Ministry is seeking to have all e-commerce platforms registered with the Electronic Transactions Development Agency (ETDA) to ensure cybersecurity in this 3-trillion-baht industry.
The call was made as DES Minister Buddhipongse Punnakanta yesterday held a meeting with representatives from e-commerce platforms Lazada, Shopee, JD, Shopback and Thailandpostmart along with officials to discuss ways to level up security protection among e-commerce service providers.
The meeting came four days after the "Sorn Hack Web Baeb Maew Maew" Facebook page on Nov 20 broke a story about the sale of 13 million records of Lazada customers on a dark website. Lazada said it found the mentioned records contain data from various e-commerce platforms.
Speaking after the meeting, Mr Buddhipongse said as Thailand's e-commerce industry's value has reached 3 trillion baht per annum with millions of customers shopping online, this is an important sector that needs to ensure consumer protection standard.
He said these e-commerce players who attended the meeting insisted data was not leaked from their system and believed the leakage was made by the third parties that support sales channel management for sellers.
As the Personal Data Protection Act (PDPA) is to be fully enforced by next year, "this case is not rendering punishment and the DES Ministry can only send warnings and conduct an inquiry into it," said Mr Buddhipongse.
He said the DES Ministry has assigned the ETDA to use the Electronic Transaction Act to force e-commerce players to be registered with the agency.
The ETDA will also draw up definitions of e-commerce-related service providers subject to registration along with required data security standard.
Sales channel management operators will be the first priority that will be registered with the ETDA, the minister said. Each e-commerce giant has 10-20 sales channel management operators.
Prinya Hom-anek, a member of the National Cybersecurity Committee (NCSC), said the security breaches could have originated from various sources, such as insiders, applications themselves, suppliers and partners in the same ecosystem as well as hackers.
Service providers should conduct ecosystem security assessment to find weaknesses in their systems, he said.
Customers whose data was leaked, he said, need to change their password and count on two-factor authentication, which refers to extra layers of protection to ensure the security of online accounts beyond just a username and password.
Another NCSC member, Paiboon Amonpinyokeat, said the DES Ministry could make use of Section 21 of the Computer Crime Act to take aim at malware or malicious codes that could be used to compromise computer systems.