Evolving Cyber Threats Target Southeast Asia’s Underbanked Populations

The rapid digital growth in Southeast Asia has led to an 82% increase in cybercrime, with the underbanked populations being especially vulnerable.

• Southeast Asia has seen an 82% increase in cybercrime from 2021 to 2022, posing a significant threat to the underbanked population due to low digital literacy and reliance on informal financial services.
• Singapore and the Philippines are implementing frameworks and security measures to combat cybercrime, but cross-border cooperation is crucial to address scam farms and cyber slavery across the region.
• Grassroots financial literacy initiatives and regulatory efforts, such as the Anti-Financial Account Scamming Act in the Philippines, aim to strengthen consumer defenses against cyber threats and empower vulnerable populations.

Countries like Singapore and the Philippines are implementing security measures, but cross-border cooperation is crucial to address cyber threats. Grassroots financial literacy initiatives and regulatory efforts are being pursued to strengthen consumer defenses. It’s important to educate vulnerable populations on identifying scams and safeguarding personal information. Collaboration between governments, financial institutions, and communities is essential to effectively tackle cyberattacks on the underbanked in Southeast Asia.

Over 50% of consumers in Taiwan, Thailand, Korea, the Philippines, Malaysia, Hong Kong, Singapore, and Indonesia report encountering scams at least once a week. The financially underserved population, estimated at 225 million in 2023, is particularly vulnerable due to limited digital literacy and dependence on informal, less secure financial services with minimal entry barriers.

The danger to them is twofold: aside from victimizing their finances and personal information, scammers also traffic many job-seekers into cyber slavery at “scam farms” across the region.

How is Southeast Asia tackling cyberattacks

Southeast Asia is addressing cyberattacks through a multi-faceted approach that includes regulation, security measures, and education. Regional efforts are coordinated through the Association of Southeast Asian Nations (ASEAN) to combat cyber threats effectively. Here are some key strategies:

• Regulation and Policy: Countries like Singapore and the Philippines are implementing frameworks to strengthen consumer defenses against cyber threats. For instance, the Philippines has passed the Anti-Financial Account Scamming Act (AFASA) to enhance collaboration in the financial community regarding financial crimes and authorize financial institutions to hold disputed funds in accounts under certain conditions.
• Security Measures: Financial institutions and telecommunication operators are enforcing security practices such as preventing the installation of banking apps on phones with sideloaded apps, adding steps and wait times to give users time to analyze the legitimacy of transactions, and removing clickable links in SMS and emails.
• Education and Awareness: Grassroots financial literacy initiatives are vital in educating vulnerable populations on identifying scams and safeguarding personal information. For example, the Philippine Cybercrime Investigation and Coordinating Centre (CICC) runs Project ACUITY, which teaches communities in geographically isolated and disadvantaged areas how to identify scams, safeguard personal data, and recognize potential human trafficking situations.
• International Cooperation: Southeast Asian countries are collaborating to combat cross-border scam operations. The ASEAN Regional Computer Emergency Response Team (CERT) is a promising effort to enhance cooperation among Southeast Asian countries, with Malaysia leading as the first overall coordinator.
• Law Enforcement Collaboration: INTERPOL supports regional law enforcement agencies and the private sector in sharing intelligence and expertise to tackle cyber threats. The ASEAN Cyberthreat Assessment 2021 report highlights the need for collaboration between law enforcement and the private sector to combat cybercrime effectively.

These strategies aim to protect the underbanked population, who are particularly vulnerable due to low digital literacy and reliance on informal financial services. By enhancing cybersecurity measures, promoting financial literacy, and fostering regional cooperation, stakeholders can help protect vulnerable populations from the rising tide of cybercrime.

How Bank of Thailand is set to enhance cybersecurity protocols

The Bank of Thailand (BoT) is poised to implement enhanced mobile banking security measures aiming to improve the transfer system. These measures will include stricter authentication protocols, real-time fraud detection mechanisms, and increased user awareness campaigns to ensure safer transactions.

Some new measures will include capping daily transfer limits for specific groups such as teenagers and the elderly to a maximum of 50,000 baht.

Under the proposed measures, account holders under 15 or classified as elderly will face daily transfer limits. 

Furthermore, mobile banking apps will no longer be allowed to operate on jailbroken devices or phones running outdated operating systems, as these are considered high-risk platforms for cybercriminals to exploit.

Singapore, one of Southeast Asia’s leading countries in cybersecurity readiness, is currently advocating for a Shared Responsibility Framework for tackling cyberattacks on the underbanked and the loss responsibility for phishing scams.

Financial institutions, along with telecommunication operators, will assume full liability in the event of failing to meet their designated responsibilities. However, if no negligence is found on their part, the Shared Responsibility Framework exempts them from compensating consumers, underscoring the importance of maintaining strict due diligence.

Many Singapore banks also enforce security measures such as preventing the installation of their apps on phones with sideloaded apps, adding steps and wait times to give users time to analyze the legitimacy of transactions, and removing clickable links in SMS and emails.

These measures aim to enhance user safety and reduce the risk of fraud. Additionally, banks are increasingly adopting multi-factor authentication systems, biometric verification, and real-time monitoring to detect suspicious activities. By leveraging advanced technologies and educating users on best practices, financial institutions are working to build a more secure digital banking environment.