New IT standards for e-payment upgrade

New IT standards for e-payment upgrade

Regulations target cybersecurity, risk

Mobile payment options for e-payment. All providers must comply with the cyberhygiene regulation. VARUTH HIRUNYATHEB
Mobile payment options for e-payment. All providers must comply with the cyberhygiene regulation. VARUTH HIRUNYATHEB

The Bank of Thailand has implemented additional regulations to supervise IT system management among e-payment service providers in order to beef up cybersecurity and keep up with upgraded technologies.

The central bank has enforced upgraded regulations on IT risk management to supervise all e-payment service providers, covering non-bank companies, in addition to the existing regulations governing financial institutions.

The additional regulations will upgrade the IT risk management standard of e-payment service providers to be in line with the standard applied for financial institutions. This move is in accordance with upgraded technologies and rising cybersecurity risks.

Siritida Panomwon Na Ayudhya, assistant governor of the payment systems policy and financial technology group, said the additional regulations cover two main areas, namely cyberhygiene, a reference to the practices and steps that users of computers and other devices take to maintain system health and improve online security and IT risk management. The central bank requires all e-payment service providers to comply with the cyberhygiene regulation.

Cyberhygiene is primarily a cybersecurity aspect covering building security baselines and infrastructure hardening, malware protection, security patch management, privilege user ID management, multi-factor authentication as well as vulnerability assessment and penetration test. The regulation will take effect in April of this year.

For IT risk management regulation, this covers significant e-payment service providers (those who are crucial to e-payment services), who connect their IT infrastructure systems with outsiders and offer financial services via Wi-Fi connections as well as business operators providing financial services of either at least 5 million accounts or 10 million transactions.

Significant e-payment service providers are also required for IT governance, IT security and IT project management regulations based on the confidentiality, integrity and availability principle. The IT risk management regulations will be effective from January 2022.

These e-payment service providers have to upgrade financial service technologies to offer greater convenience to consumers and respond to user requirements. The regulatory framework also covers business operators, whose IT systems are connected with external stakeholders, as this warrants higher cybersecurity risks.

"We hope the additional IT management regulation will help protect cybersecurity risks and build up consumer confidence. Similar regulation in the UK lowered cybersecurity risks by around 50%," said Ms Siritida.

Thailand's e-payment usage per person per year rose to 194 in 2020 from 135 in 2019 and 89 in 2018. Digital banking transactions via PromptPay, the government-initiated money transfer and payment system, have continued to surge. The number of registrations via PromptPay totals 56 million IDs.

The central bank implemented the Payment System Act in 2017 to supervise IT risk management among financial institutions. In 2020, the regulator announced the Guiding Principles for Mobile Banking Security to enhance protection from cybersecurity threats related to transactions via mobile devices.

The existing IT risk and cybersecurity management regulations cover governance, identification, protection, detection, response and recovery.

Ms Siritida said e-payment and digital banking users can basically protect themselves from cybersecurity risks by setting up a complex PIN number that is not disclosed to others.

Do you like the content of this article?

Thick smog only in upper North

Hazardous levels of PM2.5 remained only in the upper North at noon on Sunday, with the worst air pollution in Chiang Dao district of Chiang Mai province.


Philippine leader cheers European move as 50,000 seafarers' jobs protected

MANILA: Philippine President Ferdinand Marcos Jr on Sunday welcomed the European Commission's (EC) decision to continue recognising certificates issued by his country for Filipino seafarers, saying it averted job losses for roughly 50,000 sailors.


Many unemployed elephants back home in Surin, huge and hungry

SURIN: Lucky was busy munching on some freshly cut grass when she spotted a special treat a tourist was holding out. She dropped her next mouthful of greens and extended her trunk, asking for the banana.