Digital literacy considered to be a necessity for card holders
Digital literacy is a must for bank card holders who are seen as the most vulnerable point in the payment ecosystem and targeted as such by criminals, says Prinya Hom-anek, a cybersecurity expert.
Mr Prinya referred to the case in which people recently shared their experiences online about losing funds in bank accounts due to unauthorised online withdrawals.
Most of the victims were not aware that their money was taken out as perpetrators withdrew small amounts, albeit repeatedly.
The Cyber Crime Investigation Bureau (CCIB) indicated that 40,000 people were found to have lost at least 10 million baht due to unauthorised online withdrawals.
On Sunday the Bank of Thailand and Thai Bankers’ Association issued a joint statement, saying no commercial banks’ systems had been hacked and the irregular transactions were for payment to online shops registered overseas.
Mr Prinya, president of the ACIS Professional Centre, an IT security consulting service provider, pointed out that cyber vulnerabilities can be found throughout the payment ecosystem and users are the weakest point.
Many people are still unaware that ATM/debit cards can be used for online payment and data stored on the cards can be stolen.
For credit cards, perpetrators can use names, expiry dates and CVC numbers on other people’s cards to make online purchases without requiring physical cards.
“Users need to make sure they keep these kinds of data on the card more secure,” he said.
He suggested users call banks, asking them not to permit the use of their debit cards for direct payments.
New bank accounts can be opened for online activities with a ceiling.
They can only choose credit cards linked to online payments with a ceiling, he said.
ACIS also revealed three crucial cybersecurity trends from 2022 to 2024.
The first is called “digital inequality and cyber vaccination”, in which people need digital or cyber literacy to fend off cyberattacks.
“We cannot focus only on tackling technical problems, but need to educate people so as to eliminate risk,” Mr Prinya said.
With more people having digital literacy, the number of victims falling prey to online fraud and cybersecurity attacks will decline, he said.
The second lies in supply chain cyberattacks in which vulnerabilities can be found in any units in the supply chain, opening the door for threat actors to attack others through the same supply chain.
A proper cybersecurity standard must be in place throughout the supply chain, he said.
He said supply chain attack is expected to be on the rise with attacks possibly coming from suppliers or third parties that connect with organisations.
The United States has issued Cybersecurity Maturity Model Certification (CMMC) for a standard which needs to be applied by companies bidding for projects of the Department of Homeland Security to ward off security risks.
This requirement may affect other companies in the supply chain, including Thailand.
“We should be aware of CMMC and make a Thai version of CMMC to get prepared,” Mr Prinya said.
The final trend is zero trust architecture, which means people must not trust any devices, perform frequent checks, and try to detect any suspicious transactions.
ACIS will hold a virtual seminar, CDIC 2021, to highlight cybersecurity issues that could occur from 2022-2024. The event will be held on Nov 23-25.
‘‘ We cannot focus only on tackling technical problems, but need to educate people so as to eliminate risk. PRINYA HOM-ANEK President, ACIS Professional Centre