Digital Development and Cybercrime in Myanmar

CYBER threats around the world have been increasing in number, and Myanmar has not been immune to the challenges posed by cyber threats.

When comparing Myanmar to the other ASEAN countries, its internet penetration percentage is lower. However, Myanmar’s mobile telecommunications network has expanded rapidly across the nation over the past decade. This expansion has led to a substantial increase in mobile user rates.

The four major telecom operators MPT, Ooredoo, Telenor, and Mytel have played pivotal roles in this growth. The cost of a SIM card is now less than one dollar.

Digital Development in Myanmar

Myanmar’s Ministry of Post and Telecommunication issues four types of telecom licences. These licenses differ based on the types of activities that they carry out, the application procedures and timeframes, and licence durations and renewal conditions.

As of 2019, 173 companies were providing internet-related services in Myanmar, including four mobile phone companies and all other types of telecommunications-related companies.

Financial Sector Reforms

In recent years, Myanmar has undertaken significant reforms in the financial sector. The Central Bank of Myanmar established Financial Network System Phase I (CBM-NET) in 2016 with the support of JICA and Financial Network System Phase II (CBMNET2) was successfully launched on 16 November 2020. The system facilitates 24/7 domestic MMK remittance across different banks, bulk payments such as payroll transfers, and automatic withdrawal of taxes and utility bills.

The National Payment System Governing Committee, chaired by the Central Bank of Myanmar and comprising representatives from other relevant ministries, was established on 17 May 2021. The committee is responsible for implementing the National Payments System Strategy (2020-2025) and ensuring a secure national payment system that effectively contributes to both financial stability and economic growth.

CBM is striving to enhance payment service providers’ platforms that offer digital transaction services nationwide, secure the digital payment system and reduce the use of cash among people.

CBM has established the necessary infrastructure and regulatory framework to enable the operation of mobile wallet services. In 2006, CBM enacted the Financial Institution Law and Mobile Financial Services Regulations. As of 2022, CBM has granted five companies, including Wave Money, OK Dollar, MPT, Ooredoo and Mytel as mobile financial service providers. Additionally, CBM has granted licences to 18 private banks for mobile banking under the Law and Regulations.

Domestic Laws Development

The Computer Science Development Law (1996), the Electronic Transaction Law (2004) and the Telecommunications Law (2013) currently serve as the primary laws for computer-related crimes.

Amendment to the Electronic Transaction Law was enacted in 2021. The amendment law covers the areas of maintaining, protecting and systematically managing personal data. Moreover, the amendment law introduced new definitions for terms such as cyber resource, malware, cyberspace and cyberattacks, along with penalties for those convicted of spreading fake news or false news and for those convicted of cyberattacks.

The Cybersecurity Law is currently in the drafting stage, and it covers various areas, including the formation of the Cyber Security Central Committee and Steering Committee, protection of personal information, safeguarding of critical information infrastructure, application procedures for digital certification licences, registration requirements for digital platform service providers, provisions for cybersecurity service providers, digital platform service, cyber fraud and cybercrime, cyber security service, online gambling and online financial service, and offences and penalties. The draft version (2022) is available online.

Case 1: Online Scam Involving Impersonation of a Bank Staff

Scammers create a fake Facebook account using the KBZ Bank logo and pretend to be bank staff from KBZ Bank. These scammers contact users of mobile payment services through Messenger or Viber. Mostly, they sent a message like:

“Your mobile payment application requires an upgrade from level 1 to level 2. Please upgrade now, otherwise, it will be shut down”

“Our bank needs to verify your mobile payment account registration information. Please provide a copy of your CSC card and other necessary details.”

Subsequently, the scammer logs into the payment application using the targeted phone number and waits. When the targeted user logs into the payment application and receives the OTP (One-Time Password) code sent by the bank, the scammer asks for the OTP code from the target.

After obtaining the OTP code, the scammer accesses the target’s account with the OTP code and withdraws all funds.

Sometimes, the scammer sends a message stating, ‘We will upgrade your payment application account level. Please download and install the application first.’ However, the downloaded application is actually remote access software, such as the AnyDesk application, and if you install it, the scammer gains the ability to manipulate your mobile payment application.”

Case 2: Package Delivery Scam

A scammer sent a friend request to the plaintiff through a Facebook account and established a friendship with her. Two weeks later, the scammer contacted the plaintiff and said that she was a Korean American citizen and while serving in the Syria Peacekeeping Troop she received gold bars and US dollars. She expressed difficulties due to the COVID-19 pandemic in retaining these assets and expressed a desire to entrust and deliver them to the plaintiff. The scammer also provided photographs of the gold bars and US dollars.

Two days later, the plaintiff received a phone call from a woman’s voice. The caller informed her that the delivery package had arrived at the Yangon International Airport Logistic Division and a fee of US$1,250 was required to release the package. The plaintiff remitted US$1,250; however, the plaintiff received another phone call requesting additional US dollars for various reasons. Following the request, the plaintiff remitted around US$5,000 to the specified bank account.

As a result of the police investigation, it was revealed that the scammer approached an individual with limited financial means to open a bank account and then purchased that person’s bank account. This account was then utilized to deceive money from the plaintiff. The police arrested a Nigerian citizen who led the deception, along with another Myanmar woman in connection with the case, and seized 57 bank accounts along with other related materials. The scammers confess that they committed 51 cases across the country in 2020.

Case 3: Online Loan Scams

Scammers create counterfeit Facebook accounts, using the identical name and logo of legitimate microfinance companies, gold and jewellery shops or banks to engage in online money lending schemes.

These scammers offer online money lending services through these counterfeit Facebook accounts. Upon encountering such a page, the plaintiff mistakenly believes it to be an authentic branch of the microfinance company, gold and jewellery shop or bank.

When the plaintiff contacts the fake accounts for the purpose of borrowing money, the scammer then requests the plaintiff to complete various forms and demands an upfront payment for registration. Once the plaintiff transfers the requested amount, the scammer subsequently asks for additional funds, such as fees for documents and forms.

In the final stage of the deception, the scammer blocks the plaintiff’s phone number.

Preventive Measure

The Myanmar government has made various efforts in recent years to tackle fraud and scams. These efforts include:

1. Re-registration of SIM users with correct personal information and ID card numbers;

2. Cancellation of SIM cards that are incomplete or incorrectly registered;

3. Registration of biometric data of citizens and the implementation of an e-ID database system;

4. Scrutinizing and comparing the SIM registration data with the biometric data;

5. Upgrading wallet users from Level 1 to Level 2 with the correct information for the KYC (Know Your Customer) process;

6. Investigation and prosecution of cybercriminal activities;

7. Upgrading the legal framework

8. Public awareness campaigns, and so on.

Conclusion

The nature of cybercrime and its threats is complex and diverse. Cooperation and exchange of knowledge, best practices, and innovative solutions among government, the private sectors and organizations will strengthen cyber resilience and pave the way for a safer, more secure digital future.

Reference:

(1) Ministry of Posts and Telecom, Licence Issued Lists (2019)

(2) The National Payments System Strategy (2020-2025)

(3) Ministry of Information website

By Kyaw Thein Lwin

#TheGlobalNewLightOfMyanmar