IT Security, Cybersecurity, and Personal Data Protection

Supporting the SDGs Goals

Thai Credit Bank is committed to protecting the data of its customers and personnel by integrating operations with robust and secure technological systems (Cyber Resilience), the Bank focuses on developing personal data security standards in compliance with the Personal Data Protection Act B.E. 2562 (PDPA) and fostering an organizational culture that consistently prioritizes cybersecurity and data protection.

Goal 9

Industry, Innovation and Infrastructure

Goal 16

Peace and Justice Strong Institutions

Stakeholders Directly Impacted

Customer

Online service users, such as Alpha App and Micro Pay.

Employees

Personnel required to directly access or manage customer data.

Business Partnerships

Bank of Thailand (BOT), Office of the Personal Data Protection Commission (PDPC).

Technology Partners

Providers of cloud systems, network security, and Data Loss Prevention (DLP) systems.

Our Goals

The Bank has implemented the Cyber Resilience Management Framework, covering both cybersecurity and personal data protection. Key performance highlights in 2024 include:

Data Security & Privacy Management System

The Bank implements measures based on the three core pillars: Confidentiality, Integrity, and Availability.
This includes regularly monitoring and testing data backup systems to ensure continuous operational readiness.

Data Breach Management

Receive incident notifications and conduct damage assessments
Analyze and assess the impact, then report to the Risk Management Committee.
Notify relevant external regulatory bodies in accordance with legal requirements on a case-by-case basis.

Data Loss Prevention (DLP) Campaign

Project Launch: February 19, 2024.
Employee Awareness: Internal communications warning employees "not to send work-related documents to personal email addresses."
Automated Protection: Implementation of automated systems to block any data transmissions that pose a security risk.

Personal Data Contact and Complaint Channels

Call Center: 0-2697-5454

Email: pdpu@thaicreditbank.com / complain_center@thaicreditbank.com (For Customers)

Performance Highlights

ESG Performance Data

Number of Cyberattack Incidents

0

Cases

Number of Personal Data Breach Incidents

0

Cases

ESG Performance Data

Challenge and Opportunity

Currently, cyber threats arising from technological advancement through electronic networks have become increasingly complex. In addition, consumer behavior that demands unrestricted access to technology through various methods or channels, such as mobile applications and omni-channel platforms, may increase vulnerabilities and cybersecurity risks. However, the Bank has established an information technology risk management framework that is appropriately aligned with its strategic direction. The Bank also promotes IT risk awareness by requiring all employees to understand and comply with the information technology security policy. This ensures that both IT personnel and system users recognize information technology risks and supports the development of an organizational IT risk culture, thereby enhancing operational efficiency, competitiveness, stability, and security, while strengthening preparedness to address information technology risks and cybersecurity threats through cyber resilience management.

Challenge

Emerging Cyber Threats Including Phishing, Ransomware, Deepfake, and Email Scams.
The Strategic Balance Maintaining the equilibrium between "Data Security" and "Customer Convenience" (Service Seamlessness).

Opportunity

Investing in advanced security systems, such as Two-Factor Authentication (2FA) and VPN via Cisco AnyConnect, to bolster customer confidence.
Advancing Data Loss Prevention (DLP) technology to facilitate proactive risk management.
Fortifying the Bank's reputation as a "Trusted and Transparent Financial Institution."

Management Approach and Value Creation

The Bank is committed to continuously strengthening information technology security and cybersecurity protection. This includes developing a stable technology security infrastructure, implementing proactive technology security measures, and enhancing the knowledge and capabilities of personnel. These efforts are essential to safeguarding systems and data, as well as managing risks arising from evolving cyber threats.

The Bank’s objectives are as follows:

Confidentiality – Protection of the confidentiality of systems and information
Integrity – Ensuring the accuracy and reliability of systems and information
Availability – Maintaining the availability of information technology systems

In addition, in adopting technology to enhance the efficiency of financial services and to develop digital service channels (Digital Platform), the Bank has established an enterprise-level IT Risk Appetite to monitor and manage key technology-related risks appropriately. The Bank has also implemented a cyber risk governance plan by adopting the Cyber Resilience Management Framework prescribed by the Bank of Thailand, as follows:

Click to Enlarge

The Bank has appointed senior management with clear responsibility for overseeing information technology governance. Comprehensive policies on information and system security have been established, supported by operational guidelines and procedures for safeguarding information and information systems. These policies and practices are communicated to all employees through the Bank’s internal communication channels. In addition, the Bank regularly organizes various awareness activities and case-based learning sessions to strengthen employees’ understanding of cyber risks and threats, as well as appropriate practices, ensuring the safety of the Bank, its employees, and its customers.