Will Scammers Derail ASEAN’s Digital Drive?

Electronic crime is becoming the rising, unwanted face of the digital economy in Southeast Asia, even as ASEAN’s Digital Masterplan is seeking to build ‘society in which everyone is using digital services to enhance their daily lives.’ Can this threat be successfully managed?

Phishing, ransomware, hacking attacks, scams and other tools are growing rapidly across the region. A paradox is emerging: digitalisation is bringing many new benefits to consumers and businesses in Southeast Asia, but at the same time it is exposing them to new risks.

Earlier this year, for example, Kaspersky Asia-Pacific, a cyber-security firm, reported that they had seen more than 100,000 mobile malware attacks in Malaysia during 2020. Other surveys suggest up to one-third of all residents in Southeast Asia have been approached by scammers. And Interpol’s latest ASEAN Cyberthreat Assessment has warned that ‘… cybercrime’s upward trend is set to rise exponentially’.

In some respects, this shouldn’t be surprising. The digital environment can be a great enabler of crime. The widespread use of online tools means that fraudulent activity can now be perpetrated with an ease, speed and extent that makes other criminal enterprises look archaic. Scammers don’t even have to operate in the same country as their victims — in fact, operating across borders means that it can be harder for them to be detected and successfully prosecuted.

But while digital risks are increasing, governments in Southeast Asia are urging businesses and consumers to ‘go digital’ as much as possible. There are many benefits in doing so — such as reduced transaction costs, speedier delivery of services, higher productivity and the ability to reach much bigger markets. The Covid-19 pandemic has accentuated this issue, with many businesses and consumers needing to operate online to safely buy and sell both goods and services. 

Individual countries are spearheading the push for their own citizens and firms to embrace digitalisation, such as Thailand’s Industry 4.0 policy or Vietnam’s recent efforts to improve electronic banking access in regional areas. Many are moving to ensure that digital connectivity is provided to populations that have never previously had it. And whilst nations such as Laos still lack much basic online infrastructure, others such as Singapore are rightly seen as some of the most IT-advanced in the world. 

Trust is a critical but often overlooked factor. Citizens will only go online if they feel comfortable in operating electronically, and are confident that they are interacting with reputable providers.

ASEAN is also being promoted as a regional forum that can assist this process. In January this year, the first meeting of national Digital Ministers across ASEAN member states was held, a move which heralds an increasingly likely cross-border focus on the electronic environment. This meeting also adopted an ambitious Digital Masterplan intended to guide online development over the next five years.

But all this needs to be done carefully. Going online is not a panacea to all problems, and some issues need more consideration.

Trust is a critical but often overlooked factor. Citizens will only go online if they feel comfortable in operating electronically, and are confident that they are interacting with reputable providers. It only takes a few breaches of major technology systems for people to begin questioning the value of going digital, or to become more reluctant to share information electronically. Individual nations need to show they have robust, credible systems to pre-emptively detect and prevent prospective fraud. 

There is a role here for ASEAN. In addition to domestic legal protections for consumers, the region as a whole needs a robust international legal framework to catch cross-border perpetrators, backed up by effective mutual legal assistance treaties. 

Nation states also need to co-operate to protect their own security exposure, by ensuring they are using the latest and most effective defensive tools, and building up their own cybersecurity skills and workforce. Whole national economies and infrastructure can be put at risk from digital deviousness. Hackers and scammers, as well as foreign states, can use the internet to capture valuable confidential information about government agencies, private health and utility operators, and to threaten the operations of critical infrastructure. 

In June, for example, the database of a firm linked to the Municipal Services Office’s OneService app was hacked in Singapore, although no users were affected. The same month, a successful hack attack of the Colonial Pipeline in the USA shut down the system that provides fuel to 45 per cent of the US east coast. So over-reliance on digital systems when security is weak can make nations more vulnerable. Member states thus have a joint interest in ensuring that each other’s security systems are as robust as their own.

ASEAN can assist in the enactment of interlocking cybersecurity and privacy laws. These are becoming commonplace in many nations, but are likely to work far more effectively in the region if they are co-ordinated and mutually reinforcing, rather than being written in national silos that ultimately contradict each other and create unnecessary compliance burdens for businesses. But this will not be easy, as there is a wide degree of variance in national digital skills and capacity between the various ASEAN member states.

Scope also exists for the creation of a regional scams reporting centre, which could operate to inform and educate the general community about cybersecurity. With many scammers operating across Southeast Asia, it makes sense to have one body that can quickly alert consumers to emerging trends and advise on protective measures.

ASEAN needs to cultivate a digital mindset that can help improve communication, make it easier to do business, and to bring the residents of these ten nations ever closer together. And it has identified ‘the delivery of trusted digital services and prevention of consumer harm’ as one of a range of digital priorities. However, if it’s to maintain public faith in online services, this needs to be the first and overarching priority of all its work in the digital arena.

2021/225