State-owned and commercial banks have agreed to comply with the Bank of Thailand's new cybersecurity measures by the June deadline.
Commercial bank members of the Thai Bankers' Association (TBA) have been upgrading their digital technology to handle cyber-risks. The association has committed to compliance with the new measures, TBA chairman Payong Srivanich said at a media briefing on Friday, in collaboration with the central bank and the Government Financial Institutions Association (GFA).
Mr Payong said banks already collected customers' biometric data, allowing for facial scans for money transfers and adjustments of credit transfer limits on mobile banking apps.
He said banks would continue to collect such biometric data.
According to the new measures, a facial scan is needed for: digital money transfers of more than 50,000 baht per transaction; transfers of more than 200,000 baht per day; and to change credit transfer amounts of more than 50,000 baht per transaction.
Banks must implement these measures by June this year.
"To comply with the new cybersecurity measures, banks will have to allocate a higher investment budget for IT and digital system development," said Mr Payong.
"But the investment is necessary to guard against cyber-risks or it could create a higher loss for both customers and banks."
Tuantong Treenuparb, senior executive vice-president for IT at Government Housing Bank and a representative of GFA, said specialised financial institutions (SFIs) have also developed biometric technology to protect customers from cyber-risks.
As a result, SFIs are committed to complying with the central bank's new cybersecurity measures, he said.
However, for some SFI clients, especially those from vulnerable segments who are not familiar with digital banking transactions, the banks will help them with financial and digital literacy to protect against digital financial fraud, said Mr Tuantong.
SFI customers who do not use mobile banking apps have lower cyber-risks, he said.
Siritida Panomwon Na Ayudhya, the Bank of Thailand's assistant governor for payment systems policy and financial technology group, said some banks have collected digital facial data for more than 50% of their total deposit client base, while others were below that level.
Banks have only been collecting digital data for around two years, so it will continue as an instrument to handle cyber-risks, she said.
"In the initial stage, the central bank requires facial scans for digital money transfers and adjusting credit transfer limits," said Ms Siritida.
"The facial scans could be expanded to cover money deposits and withdrawals for the next step."