By Nophakhun Limsamarnphun
Thai banking authorities must take swift remedial measures to restore public confidence in automatic teller machines following the recent hacks of ATMs in Bangkok and several other provinces.
The incidents have rocked public trust not just in ATMs but also other forms of electronic and digital banking, even though no account holders lost money.
Police revealed this month that a total of more than Bt12 million in cash was stolen from 21 ATMs operated by the Government Savings Bank in July.
One of the suspects, a Russian national, was caught on surveillance video footage, but he left the country on August 1 after reportedly stealing some Bt4 million of the total Bt12 million from ATMs in Phuket and Bangkok. The suspect, Rustam Shambasov, is one of seven Eastern Europeans believed to have hacked the 21 ATMs over a two-week period between July 15 and 30.
When the news broke, the incidents were reported to be Thailand’s first ATM hacks, but police later revealed there had been an earlier spate of ATM hacks in Phang Nga in March, possibly the work of the same group of hackers. GSB lost Bt4.5 million in the March incident.
The state-owned bank had initially suspected an “inside job”. This could be one reason for the bank’s delay in reporting the incidents to police.
The suspects are believed to have infected vulnerable ATMs with malware or computer viruses, disabling the machines’ protection against unauthorised cash withdrawals. The thieves withdrew relatively small amounts, ranging from Bt80,000 to over Bt1 million.
Police suspect the malware was introduced into the ATMs via specially modified electronic cards.
In response, GSB temporarily closed thousands of its ATMs and installed new software to tackle the issue. Besides GSB, the Bank of Thailand has to ensure that other commercial banks which operate similar ATMs also take precautionary measures to prevent a repeat of the hacking.
While account-holders’ money has so far been unaffected, it is imperative that Thailand take effective action at a time of transition to the digital economy as a means of reducing dependence on cash, which is more expensive to handle. For example, electronic payment via the government-sponsored Prompt Pay service is currently taking off, with recipients of state welfare among the first group of users.
Public trust in the security of these electronic payment and related services is key to its widespread adoption. Going forward, the move to a digital economy of e-payment, e-commerce, mobile banking and others is irreversible, which means authorities need to boost public awareness of the change to avoid any misunderstandings.
For instance, a loss of public trust in ATMs could rock public confidence in Prompt Pay and related services, which are crucial in boosting the country’s competitiveness and infrastructure for the digital economy. This means e-commerce could face a growth challenge due to weak e-payment infrastructure at a time when it is required to drive the next stage of domestic and cross-border commerce.
Fortunately, the financial damage caused by this spate of ATM hacking in several provinces has been relatively small. But urgent preventative action is needed to shore up public confidence and protect our fledgling digital economy.