An amended emergency decree mandates shared responsibility for financial scams among all stakeholders, but taking personal precautions remains the most effective defence.
The Emergency Decree on Measures to Prevent and Suppress Technology Crimes No.2, published in the Royal Gazette on April 12, introduces a shared responsibility model.
The decree addresses identity theft prevention, the management of mule accounts and the establishment of rapid incident reporting systems.
Stakeholders across the digital financial transaction ecosystem -- including telecom operators, social media platforms, financial institutions, e-money service providers, digital asset operators and users -- are all included under the new regulatory framework.
All parties involved, including individuals, are required to share responsibility for financial fraud cases based on their level of negligence.
Courts are to determine the degree of fault and assign liability for each party accordingly.
Relevant organisations are required to cooperate with regulators in efforts to prevent financial fraud.
Comprehensive compliance with these regulations may serve as a safeguard for organisations within the shared responsibility framework, according to the Bank of Thailand.
For example, individual users of financial services may be held fully liable for damages resulting from financial fraud if the losses are due to their own negligence, which means they should exercise caution when conducting financial transactions, said the regulator.
In this ecosystem, the central bank also supervises financial institutions and e-wallet providers. The regulator is expected to issue detailed guidelines on shared liability for fraud cases next month, along with broader digital fraud management measures.
Security guidelines
"Users must follow security best practices when conducting financial transactions to protect themselves from scams, even with the shared responsibility model," said Roong Mallikamas, deputy governor for financial institution stability at the central bank.
"They should avoid clicking on unknown links, be alert to suspicious calls and carefully verify every transaction. These precautions should become routine."
While the authorities are working diligently to prevent fraud, scammers continue to develop new and increasingly sophisticated tactics, said Ms Roong.
As a result, personal vigilance remains one of the most effective defences. These scams often exploit emotions such as fear, greed and affection, she said.
According to central bank data, investment scams accounted for the highest financial losses in 2024, representing 33.1% of total damages at 42.9 billion baht.
Since it started recording fraud cases up to February 2025, the regulator tallied 38,464 cases. However, there were zero cases involving money-draining apps for three consecutive months, reflecting improvements in mobile banking security measures.
"The central bank has worked to enhance the security systems of financial service providers, resulting in a noticeable decline in fraudulent activities and losses. Key initiatives include raising security standards for mobile banking apps and implementing measures to curb the use of mule accounts," said Ms Roong.
"For instance, there were no mobile banking fraud cases reported for the first quarter this year, largely due to strengthened app security that prevents hackers from remotely controlling devices to transfer funds."
She said the central bank supports the principles behind the new decree, collaborating with various agencies to refine its provisions and strengthen measures against technology-related crimes.
A major requirement of the decree mandates that service providers -- including financial institutions, payment providers, telecom operators, social media platforms and digital asset businesses -- enhance customer protection protocols. These providers can be held jointly liable for customer losses if they fail to meet regulatory standards.
Mobile banking safety
To address rising digital banking threats, the central bank implemented a range of security instruments and solutions.
For instance, in response to an uptick in digital banking scams, the regulator upgraded the mobile banking security system in 2023.
Since 2023, the regulator has enforced stricter security standards for mobile banking to prevent unauthorised transactions, particularly those involving money-draining apps.
For example, one measure requires a facial scan for money transfers exceeding 50,000 baht per transaction, or 200,000 baht per day.
In addition, the central bank prohibited text messages with embedded links and restricted mobile banking to a single account per device.
Mule account crackdown
Over the past 18 months, the central bank collaborated with relevant public and private sector agencies to address mule accounts.
This event is defined as authorised fraud, where victims are deceived into transferring money themselves.
The central bank and relevant parties introduced additional measures to mitigate such fraudulent activities. The regulator classified mule accounts into five risk categories, ranging from soft brown, dark brown, soft grey and dark grey, to the highest risk level -- black mule accounts.
In the initial phase, the regulator prohibited money transfers to dark grey and black mule accounts. Since March 2025, the prohibition was extended to other risk levels.
In addition, since February the regulator banned money transfers involving corporate mule accounts.
Individuals need to remain vigilant in their precautions against scams, including suspicious calls from unrecognised numbers.
