Wiroj Lakkhanaadisorn, a People's Party list MP, recently slammed the Bank of Thailand governor for his slow action in tackling rampant call centre scams.
He called on the governor to reflect on his position, even suggesting resignation if he cannot protect the public and continues to allow countless Thais to fall victim to these scams.
The outspoken MP condemned the central bank for reaching what he described as its "lowest point", where call centre gangs are bold enough to impersonate the regulator and deceive people into transferring money.
In Mr Wiroj's view, central bank governor Sethaput Suthiwartnarueput has done little more than instruct the regulator to issue warnings on Facebook.
Mr Wiroj urged the central bank to speed up "measures to delay money transfers", aiming to reduce the likelihood of losses by call centre scam victims. He said the bank is well aware that many victims realise they've been scammed almost immediately, but with real-time transfers, they are unable to take corrective action.
Mr Wiroj argued that implementing a brief delay in transfers, based on the amount being sent (while ensuring it doesn't disrupt regular commercial transactions), would be an effective way to help scam victims.
He also called on the central bank to hold commercial banks accountable for protecting the public's deposit accounts.
Mr Wiroj said Mr Sethaput is fully aware that countries plagued by call centre scams often have banks with low levels of responsibility, resulting in inadequate compensation for victims.
Without accountability, banks have little incentive to improve their security measures to safeguard customers' accounts, said Mr Wiroj.
Are "money transfer delay measures" a feasible solution to reduce losses for victims of call centre scams?
Kitti Kosavisutte, chairman of Thailand Banking Sector Computer Emergency Response Team, a group of financial institutions under the Thai Bankers' Association (TBA), said the idea of delaying money transfers is technically feasible with the IT system. However, it may only address the problem superficially and could negatively impact ordinary, honest depositors, he said.
According to Mr Kitti, authorities are amending the Royal Decree on Cyber Crime Prevention and Suppression. The amendments aim to strengthen cybercrime protection, with a particular focus on addressing mule accounts and data leaks.
In addition, both the public and private sectors are collaborating to enhance financial fraud prevention. One proposal being considered is a 12-hour delay on money transfers to accounts flagged as suspicious, especially for digital transactions, as opposed to the current real-time transfer system.
"The 12-hour delay is based on the assumption that some fraudulent activities could occur at night while mobile banking users are asleep. This time frame would provide consumers with more time to detect and prevent financial fraud," he said.
According to Mr Kitti, this measure would likely target accounts suspected of fraud or first-time transfers to accounts, rather than applying to all bank accounts. The relevant parties are studying the feasibility of the measure, including the pros and cons as well as the potential impact on general depositors.
He mentioned that related authorities are also exploring the possibility of holding responsible parties fully accountable for compensating victims in cases of fraud. As these cases often involve multiple parties, such as banks, telecom operators and consumers, it is important to clarify accountability.
The Bank of Thailand is working with regulatory agencies to consider changes that would ensure victims receive 100% compensation from banks in the event of fraud. However, this process requires careful consideration of the banks' responsibilities and a study of similar practices in other countries, said Mr Kitti.
Daranee Saeju, the central bank's assistant governor for payment systems policy and the financial consumer protection group, said the regulator is also requiring banks to close any security loopholes that could enable financial fraud, particularly through data-stealing applications, often referred to as money-sucking apps.
"If a bank fails to address these vulnerabilities, it may be required to fully compensate victims for their losses," said Ms Daranee.
What measures has the Bank of Thailand taken to address mule accounts?
Although the central bank has not commented on Mr Wiroj's proposed measures to delay money transfers, the regulator did tell the Bangkok Post it is working with both the public and private sector to address cybercrime, particularly the issue of mule accounts, through a comprehensive data-sharing system. This collaboration includes the Anti-Money Laundering Office (Amlo), the TBA and other relevant parties.
Following the implementation of the Royal Decree on Cyber Crime Prevention and Suppression last year, these entities have intensified their measures. Specifically, they are focusing on verifying all deposit accounts in the banking industry to address mule accounts.
The authorities categorise mule account verification into three levels based on severity, starting with the highest level, black mule accounts, followed by grey, then brown, according to central bank data.
Black mule accounts are monitored closely by Amlo, which updates its records every 1-2 weeks, compared with monthly updates previously.
When a black mule account is identified, it is immediately closed and all electronic and digital transactions are suspended. The central bank prohibits reopening of these accounts.
For grey mule accounts, the TBA has implemented data sharing across the banking industry though a new Central Fraud Register (CFR) system starting last month, intensifying its prevention of mule accounts.
With this system, banks can now close grey accounts immediately, rather than suspending them for 3-7 days, as was previously required.
The central bank permits the reopening of grey mule accounts only at a bank's physical branch, where the account holder must verify their identity in person.
For brown mule accounts, verification is handled internally by each bank according to industry-wide standards. Reopening of brown mule accounts depends on the risk assessment of the individual bank, which may impose additional criteria or conditions.
The central bank also mandates banks implement additional measures to protect consumers from financial fraud, particularly through digital channels. This includes offering options such as a money-lock system.
These systems enhance security features, such as requiring facial recognition for mobile banking transactions above a certain threshold, or offering alternative security measures like dual authorisation or specialised accounts for money transfers. Banks are expected to adopt these additional measures by the fourth quarter of this year.
Since the CFR's introduction, the central bank reported the banking sector has identified 15,000 depositors linked to mule accounts.
What has the Digital Economy and Society Ministry done to combat fraud?
Digital Economy and Society (DES) Minister Prasert Jantararuangthong has vowed to continue the ministry's eight core policies, with an emphasis on tackling online fraud and fostering a sustainable digital economy.
According to Mr Prasert, the Anti Online Scam Operation Center (AOC), also known as AOC 1441, has improved its operations from November 2023 to Aug 31, 2024.
In August alone, the damage caused by online crime was reduced to 75 million baht per day, a 36% decrease from 116 million baht per day between January and June, he said.
The AOC also suspended 291,256 bank accounts during this period, averaging 1,107 accounts per day.
In collaboration with other agencies, the ministry shut down 138,660 illegal URLs from Oct 1, 2023 to Aug 31, 2024, an 11-fold increase compared with the same period the previous fiscal year.
The DES Ministry also tackled the issue of mule accounts, expediting the freezing and disruption of fraudulent money transfers. As of Aug 31, more than 1 million mule accounts had been suspended, with 450,000 by Amlo, 300,000 by banks, and 291,256 by AOC 1441.
Regarding data leaks, the PDPC Eagle Eye Center, under the Personal Data Protection Committee, inspected 43,561 state units between November 2023 and August 2024. The unit found the percentage of data leaks had drastically decreased from 31.4% to 1.5%.
The ministry also collaborated with the Technology Crime Suppression Division to address illegal data trading, blocking 110 social media cases, arresting nine individuals, and imposing a fine of 7 million baht on a private company responsible for a data leak.
How rampant are online scams in Thailand?
In recent years, scams have become pervasive, affecting hundreds of thousands of Thais annually.
Between March 2022 and July 2024, the total financial damage from scams reached roughly 70 billion baht, according to the Royal Thai Police.
Initial findings from the Global Anti-Scam Alliance Report 2024 revealed only 55% of Thais are confident in their ability to recognise scams, while 89% revealed they encounter scams at least once per month.
