Reports of rampant online bank fraud has caused fear among holders of bank accounts and credit cards. News reports say about 130 million baht has been withdrawn from over 10,000 of debit and credit card accounts in unauthorised transactions during the first half of this month.
The fintech shenanigans made headlines after victims shared their experiences on a Facebook page. According to the posts, there are about 40,000 victims, with losses worth at least 10 million baht.
Many victims lodged complaints with police claiming money had been withdrawn from their accounts without their knowledge. Because each transaction is small, their bank did not send a One Time Password (OTP) to authenticate the order. A victim shared her passbook photo showing 13 withdraws on Oct 11, each for 34.15 baht.
Initial police investigations linked these cyber offences with multiple gangs using a variety of tactics to dupe victims into providing their personal data, and staff from shops stealing victims' credit card details.
Most victims' accounts are tied to online shopping, marketing advertisements or gaming. Police found the money had been moved to foreign accounts, yet Thai fraudsters are also likely to be involved.
Online fraud typically is larger and more systematic. Yesterday the Bank of Thailand revealed data from dubious bank transactions which took place from Oct 1 to 17. During those two weeks, online fraud transactions involved 10,700 cards, of which 5,900 are credit cards, accounting for a total transaction value of 100 million baht. The remaining 4,800 are debit cards, with a transaction value of 31 million baht.
The Bank of Thailand and the Thai Bankers' Association (TBA) insisted bank databases had not been hacked. The TBA pledged to refund victims of online bank scams while the police press on with their investigation. The government must not treat the online fraud as an outcome of digital illiteracy in which unscrupulous gangs duped naive victims to provide information. It is noteworthy and deeply worrying that many victims claimed they had never tied their debit and credit cards to any websites.
Meanwhile, it is a mystery how a multitude of online frauds involving almost 10,000 debt and credit cards occurred in just a matter of weeks. Police investigators must dig deep into the case to clear the air.
Banks also must explain how the frauds was committed and what steps can be taken to protect the safety of bank accounts. Needless to say, the refunds, and pledges from the government to boost cyber security and educate consumers on online literacy, are not enough.
The case again red-flags the problem of cyber security and personal data protection in Thailand. Many companies including banks, a government database and at least three state hospitals have fallen victim to cyber attacks in the past few years.
The data of some 30 million people in Thailand, including their national identity card details, telephone numbers, addresses and birth dates, have been hacked by cyber thieves who sell the data on the dark market.
It might sound hypothetical but not impossible that the perpetrators might purchase an individual's data, and use that data for online fraud. The police must find out.
Without a clear and trustworthy explanation, public faith in the banking system will be undermined. Without a trustworthy cyber security system, any dreams of the country entering a bold digital era will mean little.