"Cashless" System for Thailand

[Gaybutton]

Banks move forward on cashless payment system

by Sucheera Pinijparakarn

THE NATION
May 9, 2016

Cashless payments in Thailand are expected to rise to between 50 and 60 per cent of the total within five years from the current 30 per cent after banks invest in electronic data capture (EDC) and finalise a new structure for transactional fees.

Yos Kimsawatde, head of the Thai Bankers' Association's Payment System Office, said members of the TBA had agreed on the new fee structure, under which charges for digital banking will be significantly lower than in the past. Fund transfers via mobile banking currently cost Bt10 per transaction, for example, but the charge will be lower under the new structure, he said.

The new transaction-fee structure will be proposed to the Bank of Thailand for consideration and the central bank will finalise the details of the fees themselves, he added.

Fees for digital banking should be low because such transactions do not cost the banks as much as those at branches or automated teller machines, where currently the fees are low.

Yos said the TBA was complying with the government's national e-payment programme, the first stage of which is AnyID. Central registration for that scheme will open on July 15, and people in the programme will be able to use their mobile-phone numbers or national ID numbers for payments to merchants on October 31.

Commercial banks will be in charge of the central registration for AnyID, which people will be able to do via ATMs, Internet banking, mobile banking and bank branches.

The second phase of the e-payment programme is EDC, and the big banks will form a consortium to oversee investment in that technology.

There are about 300,000 EDC units in Thailand but they only work with chip-based debit and ATM cards. After the shift to microchips from magnetic stripes becomes fully effective from May 15 onwards, the number of EDC units should grow quickly to 2 million nationwide.

The bank consortium will increase the number of EDC units by 600,000-700,000 this year, so the total will touch 1 million by the end of the year, Yos said.

The consortium is expected to announce the collaboration on EDC expansion by the end of this month or in early June.

To encourage cashless payments, the number of ATMs should be reduced to 30,000 nationwide from 70,000 currently, he said.

"Card acceptance must be in place in every province. Moreover, the government should motivate the use of debit cards and AnyID by offering incentives to both SMEs [small and medium-sized enterprises] and individuals," he said.

http://www.nationmultimedia.com/busines ... 85540.html
____________________________________________________________

Are we ready for the National e-Payment Master Plan?

by Dhiraphol Suwanprateep and Kritiyanee Buranatrevedhya

SPECIAL TO THE NATION
May 9, 2016

In an attempt to make Thailand a cashless society, the Cabinet approved in principle the National e-Payment Master Plan on December 22, 2015, believing that electronic payments would reduce transaction costs, which total about Bt75,000 million per year, or 0.8 per cent of gross domestic product.

However, it is questionable whether Thailand is prepared for this, in view of recurrent cyber attacks and a lack of data privacy law in general.

The master plan comprises five projects: an AnyID payment system; expansion of the use of electronic cards; an e-tax system and e-transaction documents; e-payment of government entities; and building awareness.

Undeniably, there are many advantages to the plan. As electronic transactions are traceable, tax evasion, money laundering, corruption, organised crime, and financing of illegal activities would be observable.

The Bank of Thailand could save a vast amount of money that would normally be spent on printing banknotes to replace old and damaged ones.

The AnyID transfer system would facilitate transactions for people in rural areas where branches of commercial banks are scarce.

Also, incentives from the government are expected to include a lower rate of value-added tax for those who switch from cash to e-payment.

Nevertheless, the biggest concern revolves around the lack of sufficient security measures to protect account holders from unauthorised use, and to prevent system errors, fraud, and other cyber-threats.

The Computer Crime Act BE 2550 (2007) is in place to combat cybercrimes including hacking, phishing, DDoS (distributed denial of service) attacks, and/or spam mails, but we have seen a rise in cyber-threats. Statistics from the Thailand Computer Emergency Response Team (ThaiCERT) show that there were 4,371 cyber-threat cases in 2015, a 150-per-cent increase over the previous two years.

The Requirements, Procedures, and Conditions for Undertaking Electronic Payment Service Business BE 2559 (2016) regulation is in place to protect e-payment customer data. It prescribes that e-payment service providers must keep customer data confidential throughout and after use of the service, with certain exceptions - for example the customers have given prior written consent, or the disclosure is for the purpose of investigation, litigation, compliance with laws, or supervision of the BOT.

However, the regulation is targeted at requiring e-payment service providers to provide personal data protection, rather than regulating illegal acts of anyone in general. As a result, the Personal Data Protection Act, which was approved in principle by the Cabinet in January 2015, needs to be put in place, as the national e-payment system will require the creation of a central repository of personal data of the vast majority of the population.

There are also other issues of note as follows.

While one of the aims of the master plan is to reduce money laundering, corruption, and payment for illegal activities, it is arguable that even with the national e-payment programme in place, criminals will try to circumvent the system by using other anonymous payment means such as Bitcoins instead.

One of the objectives of the AnyID payment system is to help low-income people access financial services (the minimum transaction is initially set at only Bt20). However, such people often have little understanding of how sophisticated e-payment systems work. As such, they would be susceptible to cyber-threats.

The infrastructure is not yet in place to provide fully stable Internet connections countrywide, which may hinder the use of the e-payment system by the very people it is aimed at helping in outlying areas.

Awareness must be boosted while security measures, proper data management, and equal broadband access must be put in place to support the grand scheme.

Next step?

The Cabinet last December 1 approved the new Payment System Bill. It is suggested that the bill not only upholds security measures but also strikes a balance between information sharing and the protection of personal data and financial privacy of data owners.

Financial institutions and the BOT must provide account holders with a clear policy statement regarding information sharing.

The bill should also make clear who will bear the burden of sending data-breach notifications to account holders, and have the duty to investigate any system errors and re-credit amounts to account holders in case of system errors. The bill should also address clearly who - account holders or financial institutions - will bear associated risks, such as for fraudulent transactions of identity theft of a debit card.

In using the e-payment system, it cannot be denied that account holders may have to bear some risk and exercise a certain amount of care to protect their online accounts. Complicated password combinations may help. However, despite caution, unexpected losses may still happen in practice.

The bill should also include adequate consumer-protection regulations to protect e-payment account holders from unauthorised transactions and/or identity theft.

The cashless society also requires a significant investment to develop system security measures, installing software, training manpower and putting in place contingency arrangements. If the master plan and the related laws and regulations are not well thought out, people may end up not using the system for fear of security flaws and invasion of privacy by the government.

The system will be embraced only when adequate protection is in place, and that includes adequate system security, privacy protection, and fair remedies.

Dhiraphol Suwanprateep is a |partner at Baker & McKenzie Ltd. Kritiyanee Buranatrevedhya is a lawyer working in IT/communications practice and intellectual property practice groups. They can be reached at [email protected] and [email protected].

http://www.nationmultimedia.com/busines ... 85539.html