Thailand Law Journal 2011 Spring Issue 1 Volume 14

• Fraud

Although most of the banks provide a wide range of security systems, controls and device to protect the Internet banking customer from the crimes, the number of Internet banking fraud has been dramatically increased (Federal Criminal Police Office, BKA, 2011). Most internet banking fraud occurs in a two-step process. First, the criminal obtains the customer's account access data, i.e. logon name and password by using phishing mail, Trojan horse or virus to steal the data. Second, the criminal uses this information to transfer money to other accounts and withdrawals the funds (Spamlaws, 2011). This leaves profits to a third party and a loss to be distributed between bank and bank customer.

• Technical malfunction or system failure

System failure and interruption can be within control of the bank or outside control of the bank. Bank’s obligation is to execute customer’s instruction. The time taken for processing of transactions through the Internet banking services may vary depending on the kind of transactions. Delay can be caused by computers or equipments of service user or the Internet service provider or the interruption in Internet banking system. If the delay or errors occur due to the user’s telephonic equipment or errors in the internet and mobile phone network, the bank may declare exclusion of liability for the loss. Furthermore, most banks in Thailand and in Germany have a disclaimer of liability clause in case of “Force majeure” which refers to the failures or errors beyond the bank’s control. This includes failure of equipment or communication system, inoperative connection signals, computer virus, broken of power supply or any unforeseen, unavoidable and insurmountable objective circumstances of the bank, such as natural disaster, military act, laws or administrative instructions, epidemic diseases, war, terrorist action etc. (Deutsche Bank & Commerzbank).

The challenge in legal issue in is to identify whether the losses occur in Internet transaction is borne by the bank, the customer or even other related parties in the Internet banking system. According to Thai and German law, the bank customer is liable for the damages when repudiatory breach of the contract is committed by him. The German law provides the opportunities for onus of proof in case of fraud, it is the duty of the bank to examine whether the customers exercise care and skill in using Internet banking to avoid misleading the bank or facilitate fraud, e.g. using the right webpage to access in the Internet banking service or installing the update anti-virus program to protect the computer from hackers and Trojan horses (Art. 812 BGB). Nevertheless, the worldwide disseminating of computer virus makes the effective protection almost impossible (Brückner, 2002). And the bank has to prove that it is not negligent the duty of care, i.e. providing the reliable network or appropriate security system in view of available technologies and prevailing industry practices.
Regarding the disclaimer of liability that the Thai and German banks may reserve the right not to liable for any damages from software and hardware failure, interruption, error, omission, delay in operation including Force majeure situations, which is not based on a fair apportionment between the bank and customer. The exclusion clause has to comply with the General contractual principles, which requires: The use of clear words or definition to excuse a serious breach or negligence and the clarification between both parties. The bank has to make this exclusion clause explicitly known in the term and condition of use and bring this customer to attention (Art. 305 ff BGB). And the customer has the right to choose whether he agree with this term and condition and is willing to enter the contract.

Conclusion and implications
 
The relationship between customer and bank is contractual based, namely a bank account contract and a contract on Internet Banking services or terms and condition for using Internet banking, which are regulated under the civil law. The contract establishes the right and obligation regarding the availability and the use of Internet services. And it contains the regulation about the liability, which can vary from country to country and from bank to bank. Rotchanakitumnuai (2003) mentioned the jurisdiction of the courts and dispute resolution procedures as a problem of Thai legal support for using the Internet Banking. The Thai electronic transaction law has just been implemented and it may take time to establish the stable and effective the justice process. Although the German Internet law (Telemediengesetz) has been inured longer, it cannot provide clear regulation on liability issue. It remains very open to be negotiated case by case (Derleder & Knops, 2003). Therefore bank and bank customers have to protect themselves by handling with Internet banking carefully. The following guides may help secure the using of Internet banking:

1. Firstly, it is very important for the Internet banking user to read the Terms and Conditions of use carefully. This contains a hint at the key legal issue, namely the obligation of the contract parties and the liability, which bank customer should be aware of.
2. The Internet banking user must safeguard the authorization data. Do not reveal your PIN or passwords to anyone and regularly changing them if possible.
3. By access the Internet banking website, the user must make sure, that the correct URL and browser have been used. Type the bank URL yourself and do not click on any automatic hotlink found in an E-mail or other website. And properly log off and close your browser after using Internet banking.
4. Make sure that anti-virus program is running at all times, so that the computer does not become infected with spyware. And keep the program update regularly.
5. Avoid using Internet banking in the public places. And if possible, limit your access and transfer amount at a time.
6. Monitoring your online banking account regularly and contact the bank and the authorities immediately, if you suspect you are a victim of fraud or theft.
7. Ignore the Phishing mail, bank will not ask for password or PIN via E-mail.
8. Be aware of the risks related to Internet banking and exercise special care.

And the bank must invest in emerging and new technologies and maintain security procedures and keep the customers inform about the necessary security system and how to prevent Internet banking crimes. Furthermore, judicial authority should enact clear legal framework and dispute resolution in the court is needed to support the using of Internet banking.

References:

ACNielsen (2002): ACNielsen Consult Online Banking Research, online: www.consult.com.au, access date 2.02.2011.

Banking Online Deutschland, Introduction: online: http://www.banking-online-infos.de/uebersicht.html, access date: 21.01.2011.

Bangkok Bank, I Banking, online: http://www.bangkokbank.com/online%20banking/for%20personal/ibanking/pages/default.aspx, access date: 21.012011.

Bank of Thailand, BOT (2011): Law and regulation: online: http://www.bot.or.th/ENGLISH/LAWSANDREGULATIONS/Pages/default2.aspx, access date: 24.01.2011.

Bundesamt für Sicherheit in der Informationstechnik (BSI)(2011), Internet Banking, online: https://www.bsi-fuer-buerger.de/cln_030/BSIFB/DE/SicherheitImNetz/OnlineBanking/onlinebanking_node.html, acess date 1.02.2011.

Bundesamt für Sicherheit in der Informationstechnik (BSI)(2011), Danger and risks from online banking, online: https://www.bsi-fuer-buerger.de/cln_030/BSIFB/DE/SicherheitImNetz/OnlineBanking/GefahrenUndSicherheitsrisiken/gefahren_sicherheitsrisiken_node.html, access date: 25.01.2011.

Bürgerliches Gesetzbuch, BGB (German Civil Code), online: http://www.gesetze-im-internet.de/bgb/index.html#BJNR001950896BJNE262657140, access date: 23.01.2011.

Daily Mail: Online banking fraud surges, online: http://www.dailymail.co.uk/news/article-1256768/Online-bank-fraud-surges-16-putting-millions-accounts-risk.html, access date: 24.01.2011.

Daleder, P. and Knops, K.O. (2003): Handbuch zum deutschen und europäischen Bankrecht (Handbook for German and European Bank Law), Berlin.

Electronic Transactions Commission: Law and regulation: online: http://www.etcommission.go.th/index.php?option=com_docman&task=cat_view&gid=108&Itemid=11&lang=en, access date: 22.01.2011. 

Federal Criminal Police Office (Bundeskriminalamt, BKA): http://www.bka.de/pressemitteilungen/2010/pm100728.html

Gkoutzinis, A. (2006): Internet Banking and the law in Europe, Cambridge University Press

HSBC, Personal Internet Banking, online: http://www.hsbc.co.th/1/2/personal-en/internet-banking/features?WT.ac=BKH_PFS_Slot_1_usage_promo1, access date: 22.01.2011.

Kasikorn Bank, K Cyber Banking: online: https://ebank.kasikornbank.com/kcyber/login_th.html, access date: 21.01.2011.

Larpsiri, R., Rotchanakitumnaui, S., Chairakeo, S. and Speece, M. (2002), The impact of Internet banking on Thai consumer perception, paper presented at the Conference of Marketing Communication Strategies in a Changing Global Environment, Hong Kong.

Lee, M.K. & Turban, E. (2001): A trust model for consumer Internet shopping, in International Journal of Electronic Commerce, Vol. 6, No. 1, pp. 75-91.

Legal Dictionary (2011): Liability, online: http://legal-dictionary.thefreedictionary.com/liability, access date: 02.02.2011.

Ramakrisnan, Ganesh (2001): Risk Management for Internet Banking, in Information System Control of Journal, Vol. 6.

Rotchanakitumnuai, S., Chairakeo, S., Larpsiri, R. and Speece, M. (2003): Retail Banking consumer perception toward Thai Internet Banking, paper presented in Bangkok at 8th International Conferrence on marketing and development, Bangkok, 4-7 January 2003.

Siam Commercial Bank, SCB, SCB easynet: online: https://www.scbeasy.com/1st_pg.html, access date: 21.01.2011.

Spamlaws, Internet Banking Fraud, online: http://www.spamlaws.com/reporting-internetfraud.html, access date

Suganthi, R., Balachandher, K.G. and Balachandran, V. (2001): Internet Banking patronage: an empirical investigation of Malaysia, in Journal of Internet Banking and Commerce, Vol. 6 No. 1.

This article is published with the kind permission of Parichat Jantori and addresses the introduction of internet banking in Thailand and discuses the relevant security risks invovled, as well as legislation such as the Thailand Banking Act that serves to regulate online banking practices.