Digital Identity Spotlight: Thailand
The nation of Thailand has a ready response for governments around the world seeking insights on implementing digital identity at scale: Phuket.
In recent years, the Thai island paradise of Phuket—long known for its pristine beaches, stunning waterfalls, and vibrant nightlife—has transformed itself from a resort town to a smart city. Its thriving technology sector and “smart, safe, sustainable” approach to governance have become a prime model and critical test market for the nation’s expansive Thailand 4.0 strategy. This 20-year economic development plan is designed to turn this Southeast-Asian country of more than 70 million people into a high-tech, high-income powerhouse, supported and enabled by digital identity.
To that end, Phuket has become a pilot region for Thailand’s new digital identification and verification infrastructure—and for good reason. The city’s tourism sector provides an ideal proving ground for using digital identity to verify visa applications, travel bookings, and access to local services in a seamless, all-digital manner. Since launching 16 months ago, the test has been a trial by fire. But it’s one that Phuket’s tech-savvy population is well-positioned to navigate and help refine.
In Phuket, tourists, expats, and locals use a mobile app called ThaID (as in Thai-ID) to register for banking and healthcare services. But the system also has other purposes. To crack down on counterfeit ID cards that have long plagued Phuket’s bustling nightlife venues, this facial biometrics-based mobile digital ID is now required to gain entry to the city’s clubs and bars. Yet, for all their utility, these and other early applications are just a glimpse of what digital identity has come to mean for this nation.
Phuket, Let’s Go: When Digital Identity Is More Than Just Tech
Thailand’s ambitious digital identity initiative is about more than just financial inclusion, ensuring access to services, and securing against mounting cyber threats. In recent months, it has become emblematic of a nation set on reasserting its identity as a hub of digital innovation—and reigniting an economy lagging its regional neighbors.
In recent years, Thailand’s growth has stagnated. Even as per capita income in China, Singapore, and Malaysia has soared, Thailand has struggled to escape what the World Bank’s 2024 Development Report describes as a “middle-income trap.” A vital component of this predicament is an average annual growth rate hovering around 3% for nearly 30 years, compared to China’s average of 8.86% and Singapore’s 6.18%.
Roughly 531 miles north of Phuket, Thailand’s capital city of Bangkok is crafting a far more promising narrative. Modern skyscrapers, luxury hotels, high-end shopping centers, and world-class restaurants abound. Importantly, strides made by Thailand’s robust technology sector increasingly mirror Phuket’s. Over the past year, investment in artificial intelligence, data analytics, cloud computing, and cybersecurity, for instance, has contributed to the sector’s 12.8% growth rate. In October, Bloomberg reported that Nvidia Corp. plans to invest heavily in Thailand, joining Alphabet Inc. and Microsoft in building data centers and component manufacturing plants here.
Thailand 4.0 is designed to build on previous economic development plans, which focused on agriculture (Thailand 1.0), light industry (2.0), and heavy industry (3.0). Expanding and leveraging Thailand’s thriving tech sector to help fuel growth and opportunity across the rest of the economy means digital identity isn’t just a nice-to-have—it’s an imperative.
Why Digital Transformation Requires Trusted Identity Proofing
Put simply, digital identity is the electronic representation of an individual’s credentials used for identity verification and proofing. Think of it as your passport, driver’s license, and bank card rolled into one secure, digitized framework verified by cross-referencing government-issued, physical world credentials. For individuals, using physical credentials to make purchases, manage finances, or receive entitlements in person is a relatively simple proposition. Doing the same in digital channels through authentication based on usernames and passwords is another thing entirely—one that has failed miserably.
Thanks to never-ending phishing attacks and corporate data breaches, the login credentials and personal identity files of billions of individuals worldwide have been compromised and made available to cybercriminals and threat actors on the Dark Web. In 2024 alone, nearly 3 billion people had their personal information stolen during a cyberattack targeting data broker National Public Data (NPD). This includes what some believe to be the Social Security Number for every US citizen. This past summer, a tranche of more than 10 billion login credentials were discovered in an online hacker forum.
Cyber thieves and other threat actors leverage this information to defraud individuals, businesses, and governments. They can siphon funds from bank accounts, apply for loans or credit cards, access government benefits, and more. They can also infiltrate corporate and government networks to breach data they can monetize downstream—sometimes with implications for critical infrastructure and national security. According to TransUnion, the number of successful data breaches jumped 15% last year. Worldwide, the price tag for such attacks is projected to top $9.5 trillion annually.
Unfortunately, that projection may prove naive. Today, new forms of AI increasingly enable threat actors of all stripes to enhance the effectiveness and scale of their operations. This is material in Southeast Asia, where dense populations and significant socioeconomic stratification make countries in the region prime targets for AI-enabled attacks. It also doesn’t help that Thailand has been home to what the FBI calls the world’s largest cybercrime network. But a growing number of governments here and around the world view digital identity as critical to mitigating these threats.
ThaID & Beyond: How Digital Identity Is Taking Shape in Thailand
The ability to facilitate fast, secure interactions and transactions is foundational to every digital economy, including Thailand’s. However, it requires a universally accepted form of identity proofing that protects privacy and prevents personal identity data from being stolen and exploited by others.
Compared to Belgium’s itsme, Singapore’s SingPass, or even India’s Aadhaar system, Thailand’s digital identity initiative is still in its early stages. But it’s catching up. The country’s focus on mobile-based identity verification, a key element of digital identity, is supported by its extensive 5G mobile broadband network—among the first deployed in Southeast Asia. The initiative also benefits from a tech-savvy citizenry. Fifty percent of the population is expected to have a mobile broadband subscription by 2025, while overall Internet penetration exceeds 88%.
Rather than developing a government-run digital identity system, however, Thai officials have opted to forge public-private partnerships within a digital identity ecosystem linking service and identity providers (IDPs). So far, some of the most prominent forms of digital identity include the following:
- ThaID
Launched by the Department of Provincial Administration (DOPA) in 2023, the ThaID mobile app simplifies access to services requiring identity confirmation in both the public and private sectors. For example, ThaiID facilitates access to government services such as public health care, vehicle registration, and online tax payment without requiring additional data entry. - NDID: The National Digital Identity Platform
This blockchain-based infrastructure is designed primarily to address digital Know Your Customer (KYC) mandates within banking and financial services. It’s intended to “enhance digital security to facilitate online transactions and enable wider access to banking and lending” via the user’s preferred mobile banking app. - MNID: Mobile Network ID
Operated by participating telcos, the MNID system serves its mobile customers to facilitate identity verification and authentication.
These and other biometrics-based applications are designed to secure online transactions and prevent fraud. And they’re buoyed by regional collaborations like the ASEAN Digital Economy Framework, which seeks to standardize cross-border digital identity recognition. But there are hurdles. Unlike digital identity initiatives in Singapore and Estonia, where privacy concerns have been addressed through robust governance frameworks, Thailand’s initiative faces public trust issues and the fear of data misuse. Enhanced regulation and a surprising financial incentive may change that.
Tang Rat: Stimulus and a Step Toward Self-Sovereign Identity
One of the critical benefits of Thailand’s digital identity initiatives is convenience. Once registered, citizens don’t need to enter additional information when accessing services or manage multiple usernames and passwords—and biometric authentication adds an extra layer of security.
But a series of public sector data breaches, like the one that compromised the personal identity information of more than 55 million Thais earlier this year, threatens to erode trust in e-government initiatives like Thailand 4.0. Downloads of ThaiID and a new digital wallet within a super app called Tang Rat—which require submission of sensitive personal information such as the back of the national ID card and a unique set of codes for making digital transactions—have been tepid. Only 1 in 5 Internet users in Thailand have downloaded either of these apps. There’s no telling how many have uninstalled them.
Stepped-up regulatory mandates on data breaches and cross-border data sharing, and steep fines for non-compliance, are meant to stem concerns and incentivize stronger protections. Moreover, a significant benefit of digital wallets and their blockchain-based architectures is the use of globally unique identifiers that give users a cryptographically verifiable, decentralized digital identity. This approach sets the stage for self-sovereign identity (SSI), where authenticating users no longer requires personal data to be stored centrally on bank, government, or retail servers where it can be hacked. Instead, users can control what personal information they share, how it’s used, and for how long.
Then there’s that longer-term objective of Thailand 4.0. To accelerate adoption and help juice the economy, the Thai government is spending US$14 billion to preload digital wallets with US$300 in spending money for each person who downloads one.
What Should Come Next
This kind of incentive aside, I applaud Thailand’s digital identity initiative and the country’s embrace of digital wallets. In my view, digital identity’s success is predicated on distributed technologies and the architectural advantages they offer. This is especially crucial given the country’s ecosystem approach to digital identity. If deployed well, these technologies augur a day when someone applying for a car loan can choose which if any personal information to share, instead of opening their entire financial lives to a lender or dealer financing department.
It also means they could one day share third-party trust scores that allow them to demonstrate creditworthiness without revealing any personal information at all. Also promising: Thailand’s adoption of liveness tests during authentication of certain services.
But I do have one rather urgent piece of advice. To be most effective, the Thai government and its ecosystem partners would be wise to implement NIST-, FIDO2-, and ISO-type biometrics-based standards for its digital identity infrastructure and any associated liveness tests. Only then will they be able to defeat virtually any attempt at identity spoofing. And yes, if they were to seek my advice about the ideal setting for testing these technologies, my immediate response would be Phuket.
Interested in digital identity-based authentication but aren’t sure where to start? Learn more about 1Kosmos BlockID, the only NIST-, FIDO2-, and iBeta biometrics-certified digital identity platform—and schedule a free demo today.
