Thailand’s AI-Powered Scam Block Law: Lessons for Financial Platforms

Thailand has taken a bold step in fighting online fraud. Its new AI-powered scam block law has helped prevent nearly 6 billion baht (approx. USD 160 million) in potential losses within just three months of enforcement. The law’s blend of automation, speed, and coordination across banks, telecoms, and regulators offers important lessons for financial platforms worldwide.

What the Law Does: AI, Speed, and Integration

Enacted on April 13, 2025, the Royal Decree on Measures for the Prevention and Suppression of Technology Crimes (No. 2) empowered authorities to act swiftly against online scams. Between April 14 and July 20, the newly upgraded Centre for the Prevention and Suppression of Technology Crime (CPSTC) blocked nearly 19,676 gambling URLs, 14,143 scam platform URLs, and 181,989 suspicious bank accounts, processing 88,995 crime complaints and preventing about 5.895 billion baht in losses.

The success comes down to three key pillars:

• Speed: AI systems scan for fraudulent activity at a pace equivalent to 94 human officers.
• Automation: Tools like the WebD platform and AI crawlers detect illegal URLs, generate court petitions, and forward them directly to ISPs—cutting filing time by five business days.
• Integration: CPSTC coordinates all major agencies, from the Royal Thai Police to the Bank of Thailand, Anti-Money Laundering Office, Department of Special Investigation, SEC, National Cyber Security Agency, and Telecommunications Association of Thailand.

Internal Adoption: How Financial Platforms Can Apply the Model

Most financial institutions won’t have a government-led AI system, but they can still mirror Thailand’s approach with internal adoption, beginning at the authentication layer.

Many scams start with compromised accounts. By strengthening authentication, banks, wallets, and payment gateways reduce the number of fraud cases detection systems need to chase downstream.

Authentication as Fraud Prevention

Scam detection and authentication go hand in hand:

• Scam detection reacts to unusual behavior such as rapid transfers or SIM swaps.
• Secure authentication prevents fraudsters from taking over accounts in the first place.

When authentication is stronger, detection systems can focus on genuine external threats instead of constantly cleaning up compromised accounts.

Device-bound passkeys and continuous authentication are two examples. Unlike one-time passcodes, device-bound credentials cannot be intercepted or reused. Continuous authentication adds another layer, ensuring trust is maintained beyond just the login moment.

Why Thailand’s Model Matters for APAC

The Asia-Pacific region faces some of the world’s fastest-growing fraud patterns. Rising mobile adoption and digital payments have attracted organized scam syndicates. From phishing campaigns to mule accounts, the region is under pressure.

Thailand’s proactive stance shows what’s possible when governments and industries work together. It demonstrates that tech-driven, coordinated action can outpace fraudsters—and it sets a model other APAC countries can follow.

Recommendations for Financial Institutions

For platforms outside Thailand, three practical steps stand out:

1. Automate fraud prevention: Use AI to analyze authentication attempts, customer behavior, and transaction patterns in real time.
2. Adopt device-bound passkeys: Move beyond SMS OTPs and other outdated methods. Binding credentials to devices dramatically reduces compromise risk.
3. Build collaborative frameworks: Partner across banks, payment processors, and telecoms to share threat intelligence and accelerate scam blocking.

FAQ: Thailand’s AI-Powered Scam Block Law

What is Thailand’s new AI scam block law?
The Royal Decree on Measures for the Prevention and Suppression of Technology Crimes (No. 2) took effect in April 2025. It empowers authorities to use AI and automated systems to block scam websites, fraudulent accounts, and illegal telecom activity in near real time.

How much fraud has the law prevented so far?
In its first three months, the law prevented nearly 6 billion baht (USD 160 million) in losses, shut down over 33,000 scam/gambling URLs, and froze nearly 182,000 suspicious bank accounts.

Why is the system so effective?
The law combines AI speed, automation, and cross-agency integration. Fraud detection that once took days now happens in hours, with AI tools generating petitions and forwarding them directly to internet service providers.

What can financial institutions outside Thailand learn?
Banks, wallets, and payment gateways should adopt the same pillars internally:

• Real-time AI monitoring of transactions and authentication attempts
• Device-bound passkeys and continuous authentication to stop account takeovers
• Partnerships across telecoms, regulators, and other financial institutions to enable coordinated response

Is this approach unique to Thailand?
Thailand is one of the first in APAC to legislate AI fraud prevention at scale. Given the region’s rising fraud levels, the model sets a precedent for other countries to follow.

Sources

• https://thethaiger.com/news/national/thailands-ai-law-stops-6-billion-baht-in-online-scam-losses
• https://opengovasia.com/thailand-strengthening-ethical-ai-use-and-digital-security-efforts
• https://lexnovapartners.com/thailand-ai-law-risks-responsibilities

‍