Compliance to our Regulation is mandatory and must be audited each year!

The Bank of Thailand specifies that any organisation that handles payment by Credit Card over an internet site named an e-commerce provider, be compliant to specific security requirements. These requirements are specified in a document available directly from their website, however, it is in the Thai language. You will find here a draft translation of the full text of their requirements.

Bank of Thailand Compliance Audit:

In a nutshell, the e-commerce provider must provide the following:

  1. Provide a Security Policy in writing to all Staff
  2. Provide training on this security policy regularly to their employees
  3. Update the policy to reflect the evolution of technology

The Scope of the Policy must include:

  1. Identification of users of the system
  2. Access Control based on Identity
  3. Provision of  technology to warrant confidentiality of the data
  4. Reliable system to secure the transaction
  5. Compliance to e-payment Security Technology Policy
  6. Provision for a Backup Plan
  7. Provision for a Disaster Recovery plan and business continuity plan
The systems and the Policy must be audited once a year in order to maintain the license to practice e-commerce transaction.
Penalties are applicable as well as revocation of the license and e-commerce facility in case of non-compliance to the annual Audit requirements.

Check also these 2 documents from the Government of Thailand