Thai banks and financial institutions will reimburse mysterious withdrawals made over the last week from Thai bank and credit card accounts that have been traced to online merchants registered outside the kingdom. It is reported that tens of thousands of accounts may have been impacted with the prime minister ordering robust action to bring the online scam to a halt and a full investigation.
Government spokesman, Thanakorn Wangboonkongchana, on Monday, disclosed that Prime Minister Prayut Chan ocha had ordered all officials concerned to move to halt the online skimming campaign after it emerged that thousands of account holders had been impacted by mysterious withdrawals linked with merchants outside the kingdom.
Thailand’s Prime Minister Prayut Chan ocha has ordered urgent priority be given to what appears to be an online fraud operation linked to shopping channels outside the kingdom which has left thousands of customers in Thailand out of pocket.
The withdrawals appear to be for just over $1 or ฿34.15 but appear to have been processed in an array of transactions overnight on the accounts targeted over more than a one week period.
On Sunday, the Bank of Thailand and the Thai Bankers Association issued a statement on the issue making it clear that the scam does not involve a hack or breach of Thailand’s banking or clearing system but is coming from outside the kingdom through registered online stores linked with shopping account facilities.
The Royal Thai Police and banking security operatives are currently working to trace the identity of the merchants involved.
It has not yet been revealed how many people have fallen victim to the scam but reports suggest that it may number in the tens of thousands while a Facebook page set up by alarmed members of the public over the weekend had already notched up 57,000 followers by Monday
Government spokesman, Thanakorn Wangboonkongchana, said on Monday that the PM has given orders that state agencies quickly and decisively put a stop to the problem.
The Bank of Thailand has assured the public that all wrongful withdrawals will be corrected by the banks or financial institutions involved who have agreed to bear responsibility for the situation.
The public in Thailand is being asked to contact the operations centre of their respective financial institutions and report any suspicious transactions on their accounts.
Many of the victims, speaking online over the weekend, said they were alarmed by the situation since they had not received any alert or notification of the transactions, which had taken place over the last week, from their financial institutions.
It is reported that people discovered the problem when updating passwords for their accounts or checking their balance online.
In some instances, users have had legitimate transactions blocked or held because of funds disbursed through the scam.
Bank officials are anxious to stress that the issue does not involve an illegal online application or hack of the financial system following speculative rumours spread online over the last 48 hours.
It appears the problem is the abuse of legitimate shopping channels and payment facilities by merchants registered outside Thailand by actors who have gained access to hacked data on customer credit and debit card details.
Officials have assured the public that an active investigation is now being pursued to track down those involved with the scam, with particular attention being paid to how the merchant accounts were set up or who used them to perpetrate this scheme.
It is clear that some hacked or illegal access to the credit card and debit card data relating to Thai consumers is involved in this skimming operation.
Online scammers are an organised crime group in Thailand working with international hackers Owner of Udon Thani hotel and Manager arrested in connection with ฿13 million credit card fraud Hacking and the theft of credit and debit card details has been a serious problem in the last decade with a 2017 hack, originating in China, managing to obtain the details on 147 million American account holders.
Such data is regularly listed online in dark web forums for sale to criminal networks who use it for online scams such as this one.
This has led major payment processors to recently upgrade the security platform for payments with many banks in the European Union and indeed in Thailand now requiring 3D secure authentication before a payment can be processed.
The Bank of Thailand announced on Monday that the scam did not impact customers with Thailand’s commercial banking system.
Nonetheless, there have been several significant data breaches in Thailand over the last three months which have raised concerns about the safety of the financial data of Thai consumers and indeed visitors to the kingdom.
In September, it was revealed the personal data of no less than 106 million visitors to Thailand was detected by a cybersecurity expert in August.
Bob Diachenko of Comparitech revealed that data related to visitors to Thailand since 2011 had been found on a 212Gb database which had been left unprotected by a Thai government agency.
The data was accessible to anyone on the internet, said the expert firm.
This claim was later confirmed by the National Cybersecurity Agency of Thailand.
The data contained the full name of each visitor, sex, passport number, residence, status, visa type, TM6 or arrival card number as well as the date of arrival in Thailand
‘We do not know how long the data was exposed prior to being indexed,’ a statement by Comparitech revealed.
In September, a database operated by Thailand’s largest conglomerate, the Charoen Pokphand Group or CP Group was hacked.
The hack, on September 7th, saw over 540,000 elements of user information with full names, mobile phone numbers, emails and addresses advertised for sale on the black market.
At the time, the CP Group denied that any credit or debit card details had been uncovered or compromised in the hack.
It followed another hack on August 28th targeting Bangkok Airways, one of Thailand’s fastest-growing regional airlines.
In that hack, some credit card information was obtained by the hackers including passenger names, passport numbers, email addresses and additional data related to previous interactions with the airline.
In May, the Thai government postponed the enforcement of the 2019 Thailand Personal Data Protection Act until June 1st 2022.
The law aimed to provide operating standards to which all data holders must conform to provide adequate protection to the public.
The wide-ranging law will establish a special office in Thailand for the protection of data.
It also imposes duties on companies managing data, offers protection to the public related to the misuse of such data as well as allowing members of the public to sue companies, who have negligently handled data causing financial loss or damage to the person who is the subject of such data.
SOURCE: Thai Examiner