On Feb. 10, Thai CB issued regulations re banking, payment security.
Thai CB issued regs strengthening security for mobile banking and payment services.
Addresses rising risks from sophisticated cyberthreats and financial fraud and additionally aims to protect users and maintain credibility of the financial system.
Security Requirements
Financial institutions must continuously monitor, manage, upgrade security systems.
Must meet global standards for cyberthreat protection; required to monitor, respond to fraudulent apps on official app stores; must have procedure for dealing with fake apps.
Links prohibited in SMS messages and emails; social media links cannot request identity verification or personal data; link allowed if specifically requested by customer.
The customer communications must clearly state when links are user-requested.
Transaction Security Measures
Users limited to one mobile banking account per institution; service accessible from single mobile device only; daily transaction limits are to be based on user risk profiles.
Users under 15 years limited to THB 50,000 per day; verification rules also enhanced.
Facial recognition technology with presentation attack detection required for individual transfers of THB 50k or more, daily cumulative transfers exceeding THB 200k, daily limit increases of THB 50k or more; exceptions for disabled users, low-risk transactions.
Effectiveness
Regulations effective on Mar. 9, 2025, 30 days after gazettal, except clause 5.3.72 (3.3) which takes effect on Apr. 8, 60 days after publication.
Regulators
Thai CB
Entity Types
Bank; MSB
Reference
Cir BOT.W. 1219/2568, 2/10/2025; OG 4/2568, 2/7/2025;
