Security centre urged after GSB theft
text size

Security centre urged after GSB theft

NBTC vice-chair says set-up will take a year

A soldier uses the ATM furthest from the hacked and out-of-service machine (left) at this automated service centre of the Government Savings Bank. (EPA photo)
A soldier uses the ATM furthest from the hacked and out-of-service machine (left) at this automated service centre of the Government Savings Bank. (EPA photo)

Thailand is in critical need of a cybersecurity centre that can immediately tackle a cyberattack, says the National Broadcasting and Telecommunications Commission.

"The lack of a cybersecurity centre may be a major loophole prompting hackers to target Thailand, as they will have time to flee before the affected bank network notices the unusual activity," said NBTC vice-chairman Settapong Malisuwan.

His remarks followed a shutdown by Government Savings Bank (GSB) of half its ATMs after the discovery that some of them were infected with malware by thieves who emptied the machines. They stole about 12 million baht from 21 ATMs.

The theft took place over roughly a week from Aug 1 to Aug 8.

Thailand has a high rate of malware infection, with 2,400 cases in the first half of this year after 3,000 in all of last year.

A cybersecurity expert who declined to be named said ATM software is typically more vulnerable than other types because it is designed with an open operating system to accept various cards.

Mr Settapong said he was not surprised to see the ATM hacking story break on Monday, since similar crimes have happened in other countries.

"The financial institutions have provided clients with services through the electronic platform, yet no one is active in launching an immediate counter-strike on hackers," he said.

He said financial institutions should realise that they are unable to rely on state agencies like the Technology Crime Suppression Division, which has limited capability in terms of human resources and software.

"Given the rapidly rising trend of cyberattacks in Thailand these days, I would like to point out that we are in critical need of a specialised centre to tackle this issue," Mr Settapong said.

The specialised centre should be an independent agency instead of keeping it under the supervision of a single ministry, he said, adding that the prime minister or a deputy prime minister should lead a team to shorten the set-up process.

Mr Settapong estimated it would take one year at a minimum for the centre to be ready.

Kitti Kosavisutte, head of the Information Sharing Group (ISG) under the Thai Bankers' Association (TBA), said recent cyberattacks have alerted banks to how vulnerable their systems are.

The TBA earlier this year established the ISG in collaboration with 15 banks and the Electronic Transactions Development Agency and Thai Computer Emergency Response Team, aiming to exchange information and tighten cybersecurity in the sector.

The ISG plans to invite government and non-member financial institutions to join the group.

TBA chairman Predee Daochai has urged banks to beef up ATM security in order to restore consumer confidence in electronic banking.

Mr Predee said that apart from the collaboration through ISG, each bank should review its facilities and consider security a priority in ATM purchasing and instalment.

The banking industry has about 60,000 ATMs in service, a number of which were supplied by GSB's vendor. The precise latter figure is unknown to TBA.

The GSB ATMs that were infected with malware were supplied by NCR.

Mr Predee said each bank updates the technology and protection systems of electronic machines as normal practice, but no one can know when and how problems will occur. The industry had used ATMs about 30 years before the first skimming incidents took place.

Similar cases to GSB's have occurred in Malaysia and Taiwan.

"But clients shouldn't panic, as the hackers don't target deposit accounts but rather the banks," Mr Predee said.

Do you like the content of this article?
COMMENT (1)