Legal Protection of Online Banking in Thailand

The ways of the world have gone digital since the invention and phenomenal evolution of information technology. Doing business has easily been one of these ways and the ease, economy, competitiveness, and speed of digital operations have led industries, including banking, to use the internet or go online. Thailand is among those, which have kept up with the trend, although its electronic transaction law is still in its early phase. Being at this phase, it faces marked liability issues.

Slightly Behind Other Asian Countries

Pew Internet and American Life reported that the United States is the most active user of the internet. It also stated that internet use has expanded to Asian countries with Thailand trailing behind. The absorption of the practice has not been at par with other Asian countries for a number of major barriers to internet banking. These include system security, the lack of trust in service providers, and the questionable service of internet providers. While these barriers may be contained by Thai banks, the lack of applicable laws prevent bank customers from the use of internet banking. There are other risks to contend with.

Online Transaction Risks

One is by sending several phishing emails, which aim at deceiving an internet user into revealing his or her login data and transaction number. The sender pretends to be from the bank. Another way is by sending disguised malware or viruses, which if opened, can trace the keystrokes made by the user or even take screenshots of transactions. One other way is by negligently transacting at internet cafes or failing to protect important banking details adequately. When the information is effectively deleted after use, the succeeding internet user can secure these data and make transactions illicitly. And there too are operational risks. These can be the absence of security setups, a weak system design, failure to implement and monitor the bank’s own information system, weak software design or effective hacking by a cyber professional.

Speedy technological developments, which are globally accessible, intensify these risks. Financial losses incurred in internet banking are equally borne by the bank, the depositor or customer and other persons or entities involved. It is, therefore, necessary to install precise regulations that will protect the practice.


The Bank of Thailand or BOT oversees all Thai banks and their services, which include internet banking. It provides the framework and environment with which to serve the banking needs of the financial and business sectors of the country. The laws and regulations that pertain to internet banking are provided by the Commercial Banking Act B. E. 2505. It contains a clause on bank licensing and commercial bank operations; the Electronics Transaction Act and Electronics Payment Service, drawn from the EU Director on e-Money; and regulations from the Bank for International Settlements or BIS Commission, 2011.

The BOT obliges a Thai bank to set up and keep an efficient system that will provide security to internet transactions. At the same time, the bank is required to protect against authorized use and intrusion into its services. These requirements are intended to fortify the credibility and suitability of electronic or digital transactions while eliminating or avoiding risks that can harm users’ transactions and public interest. Over and above, these requirements and standards are aimed at raising the level of Thai financial and payment services, especially with the global community.

On the whole, the use of internet banking in Thailand is a form of contract. The terms and conditions for the use of electronic services vary among banks. But it clearly identifies the obligations of the customer. These are mainly to assure his or her own confidential banking information, secure his or her user ID and PIN, and immediately notify the bank of any errors. The contract also includes a clause on the bank’s liability and limitation, which the customer must diligently study and understand is a major aspect of any liability problem situation.

Banker’s Liability

This, however, is commonly viewed as a key issue. Everyone understands that liability means the legal responsibility or accountability for his own or omission. Either act exposes the person to a lawsuit that can incur the payment of damages or the performance of some act through a court order.

The liability in internet banking is clearly defined and described in the Internet Service Agreement, which as earlier mentioned, varies among banks. Liability can be incurred by human error, fraud, and technical malfunction and system failure.

Human error can be committed by the customer or a bank employee. Steps undertaken to assure confidentiality and security are the provision of passwords and PINs. The bank conducts transactions and enforces these measures in good faith so that every transaction is considered valid when completed. Errors may still happen if, by oversight or negligence, the customer allows a third party to gain access to his information and transacts on his or her own. And not immediately informing the bank of any misses or errors or loss of cards or other documents that can get into the wrong hands. In these cases, the bank will refuse to be liable.

Fraud can and does occur despite a full range of tight security systems. Fraudsters generally operate through phishing emails, the Trojan horse virus or other viruses aimed at stealing data. Then the fraudster uses stolen information to move money to a third-party account and then withdraws the money. And technical malfunction or system failure can be within the bank’s control or without. But it needs to notify customers most immediately as time is of the essence. If the means of notification is beyond the bank’s control, it will reject liability, such as a failure to reach the customers promptly.

Thailand’s electronic transaction law is relatively new and only recently implemented. As such it may take time to prove effective in protecting users of internet banking. In the meantime, security and safety should be a joint responsibility and interest of the bank and the customer. Customers must be well aware of the terms and conditions of the contract, take strict care of his or her own personal data and transactions, make sure that his or her information is always accurate, avoid using public internet cafes, ignore phishing emails, and maintain updated antivirus programs.



Jantori, P. (2011). Security of internet banking – a comparative study of security risks and legal protection in internet banking in Thailand and Germany. Vol. 14, Issue 1

Thailand Journal of Law and Policy. Retrieved from

Security risks and legal protection in internet banking in Thailand. Volume 14, Spring Issue 1, Thailand Law Journal. Retrieved from


We appreciate you for sharing our post:

Category: Business in Thailand, Electronic Transactions Act

About the Author (Author Profile)

Siam Legal is an international law firm with experienced lawyers, attorneys, and solicitors both in Thailand law and international law. This Thailand law firm offers comprehensive legal services in Thailand to both local and foreign clients for Litigation such as civil & criminal cases, labor disputes, commercial cases, divorce, adoption, extradition, fraud, and drug cases. Other legal expertise of the law firm varied in cases involving corporate law such as company registration & Thailand BOI, family law, property law, and private investigation.

Notify of
Inline Feedbacks
View all comments