The BOT has consistently been committed to tackling financial fraud. It has continuously implemented various measures to help prevent, detect, and monitor scammers, ensuring comprehensive protection throughout the entire financial service journey for the public.

Lessening damages from money-siphoning apps

For financial threats arising from device attacks to access, control, and impersonate transactions without the victim's knowledge, commonly referred to as 'money-siphoning apps,' the number of victims has significantly decreased from approximately 3,000 accounts in January 2024 to just 1 account in December 2024. Although the number of victims from money-siphoning apps has declined, other forms of scams persist. As of December 2024, there were 23,717 victims, compared to 26,575 victims during the same period in 2023. Thus, the BOT and related agencies will continue efforts to mitigate the potential damage to the public.

The continuous deterioration of money-siphoning apps is partly due to the intensive collaboration between relevant agencies and BOT in addressing this issue. This includes the combined efforts of technical experts from both the financial sector and national level, such as TB-CERT, the NCSA, and Google, in finding additional ways to counteract money-siphoning apps. Furthermore, the BOT has enhanced security measures for mobile banking services by prohibiting the use of applications if abnormal behavior is detected, such as using virtual-private networks (VPNs) or creating overlay screens to trick customers into clicking hidden links or websites and downloading malware to steal personal information.

In addition, BOT has issued fraud management policies for financial service providers, including financial institutions, specialized financial institutions, and designated payment service providers to implement. These policies aim to establish security standards and minimize the risk of financial transactions for the public while also balancing convenience with security. For example, preventing the SMS with attached links, requiring facial scans for transactions of 50,000 baht or more, and allowing only one mobile banking account per bank, and most importantly, every bank must have a 24-hour hotline to report financial transaction fraud and promptly address issues.

Banking sector to refrain from sending links through SMS

BOT has communicated with the banking sector to refrain from including links in SMS or emails.

Facial Recognition for Identity Verification

BOT has communicated the facial recognition policy for identity verification in transactions of 50,000 baht or more 

Enhance the effectiveness of eliminating mule accounts

Mule accounts are crucial tools for scammers in their fraudulent and identity-disguising operations. Therefore, eliminating mule accounts is a significant approach to effectively prevent financial threats since hindering the opening of mule accounts or restricting their use will significantly affect scammers' ability to operate. Furthermore, preventing the withdrawal of funds will increase chances of recovering the money for the victims.

In the past, all commercial banks had collectively managed to suspend up to 1,750,000 mule accounts from January to December 2024. This achievement is the result of collaboration between the BOT and several partner agencies, such as the Ministry of Digital Economy and Society, the Royal Thai Police, the Technology Crime Suppression Division, the Department of Special Investigation, the Anti-Money Laundering Office, the National Broadcasting and Telecommunications Commission, and various financial service providers.

A significant step in combating mule accounts is the establishment of the Anti-Online Scam Operation Center (AOC) under the Emergency Decree on Measures for the Prevention and Suppression of Technological Crimes, B.E. 2566 (2023). This center is responsible for receiving reports and suspending suspicious transactions for victims, as well as exchanging financial route information through the Central Fraud Registry system (the CFR system), which helps the police investigate and freeze suspect accounts more quickly.

Another important measure is to increase the precision in overseeing deposit accounts or e-money accounts with abnormal behavior. All commercial banks are required to supervise the accounts of high-risk individuals. Not only 'accounts' that committed offenses were detected, but also every account under the 'names' of offenders will be detected to prevent account holders from opening new accounts. Additionally, standards for managing mule accounts (black, gray, and brown mules) will be established uniformly, with varying levels of severity based on risk levels, such as prohibiting money transfers in and out, and suspending the opening of new accounts. Each bank can also set additional conditions to enhance the security of mobile banking usage.

BOT’s fraud management measures, while necessarily intensified to address financial threats swiftly and effectively to minimize the number of victims, also consider maintaining a balance to ensure that honest financial service usage is not unduly affected.

Color-coded mule accounts 

Press Release on “Intensifying financial fraud management measures”

On 13 June B.E. 2567 (2024)