The Bank of Thailand (BoT) is planning to improve mobile banking security measures by limiting certain groups of people, such as teenagers and the elderly, from transferring more than 50,000 baht per day.
A source from the Thai Bankers Association said the BoT has completed accepting public feedback on the amendment of its regulations. The amendment is about enhancing the security of financial services by tightening the restrictions on outgoing transfers via mobile banking apps.
For some account holders, such as the elderly and those under 15 years of age, the BoT wanted to have a restriction in place so they cannot transfer more than 50,000 baht per day because they are considered vulnerable groups and may be easily persuaded or severely affected in cases of fraudsters tricking them into transferring money.
Furthermore, banks that offer mobile banking services must improve the steps of mobile banking transactions by including face recognition technology and biometric forgery detection in circumstances where money transfers surpass 50,000 baht at a time or a total of more than 200,000 baht a day.
The BoT also wants to mandate mobile banking service providers to create technology that prevents their mobile apps from being corrupted with malware or hacked in order to prevent customer information leaks.
In addition, the BoT does not want mobile banking apps to work on jailbroken cellphones or those running an old operating system because this allows criminals to remotely manage the devices, said the source.
The source said the BoT is likely to announce these measures within this month and will require non-bank service providers under its supervision to raise the same standards by the first quarter of this year.
Regarding modifying the law to make financial institutions liable for damages caused by illicit money transfers, relevant agencies are using case studies from Singapore's Cyber Security Agency to define the criteria and scope of culpability. If there is a flaw in any process, that agency must be held jointly liable for the victim's losses so that banks do not bear sole responsibility, said the source.
The amendment will also increase penalties for individuals or agencies that sell customer data, as this is a major loophole that allows people to become victims of scammers.
In related news, Chayawadee Chaianan, BoT spokesperson, cited a case in Udon Thani where an auditing firm filed complaints on Dec 26 against three banks after allegedly losing 2 million baht via mobile banking.
She said the BoT had ordered the three banks to expedite the investigation. So far, they have found no transactions generated by the money-stealing programmes and are investigating the situation further. The BoT said the detection of unusual money transfer activity and client notification should be stricter, especially for business accounts.