T

he rapid development of sophisticated information and communication technology has a huge impact on the development of financial products and services from both banks and non-bank financial institutions. The advances in technology have forced banks, including sharia-compliant ones, to change and follow innovation in business strategies that use technology as an important component in the development of financial products and services.

Fintech constitutes a large investment opportunity in Indonesia, where Rp 486 billion (US$347.35 million) has been allocated for that, according to Telematika Sharing Vision in 2016.

This number is forecast to grow to Rp 496 trillion in 2021. Meanwhile, based on data from the Fintech Association of Indonesia (AFI), there were at least 165 institutions in 2016 with a diverse range of products and services, including payment, lending, aggregator and crowdfunding.

Unarguably, financial technology has various benefits, including flexibility, efficiency and simplicity of services for banking customers. However, just like other tools, it is undeniably a two-edged sword. It has the potential to be a means of crime (cybercrime), which may cause a far greater impact than conventional crime.

Financial cybercrime is increasing in Indonesia. According to data from Norton by Symantec, financial losses caused by cybercrime in Indonesia reached Rp 7.6 million per victim from January 2015 to February 16, with total losses of approximately Rp 194.6 billion across the country. Meanwhile, based on 2007 data from Bank Indonesia (BI), the number of complaints of customers who had become victims of fraud through bank transfers reached 2,558 cases with total losses of Rp 3.4 billion. In 2008, the number of complaints reached 6347 cases with losses amounting to Rp 19.4 billion, and in 2009 it went up to 6,498 cases with losses of Rp 62.9 billion. The actual number is believed to be far greater but kept undisclosed as banks seek to protect their reputation.

In addition to that, PwC in its 2014 Global Economic Crime Survey, which involves 5,128 respondents from 95 countries interviewed between August and October 2013, found 37 percent of the respondents saying they had fallen victim to financial crime. This figure marks a slight increase of 3 percent compared to the survey results of 2011. Surprisingly, 56 percent of financial crimes involve internal management of the company.

Cyber criminals always develop new modus operandi, keep changing based on technological developments and always look for opportunities to steal customer money, but usually perpetrators of cybercrime abuse the negligence of customers in performing a transaction using information technology facilities offered by banks, for instance when customers provide personal data or personal identification numbers (PIN) to strangers pretending to be bank officers, though banks keep reminding their customers to change their PIN numbers on a regular basis and never to reveal the numbers to anyone for any reason.

On the other hand, we cannot deny that the most frequent mode of fraud — credit/debit card skimming and customer data burglary — generally involves a criminal syndicate including the management of banks or other financial institutions.

Financial cybercrime that occurs because it involves the internal banking (syndicate network), is often caused by moral hazard behavior. In the world of banking services, it is more than common to witness the practice of moral hazard; one could even say it is “inherited behavior” of players in the financial services industry, both small and large, publicly exposed or internally sealed. This is reinforced by Caprio and Levine (2007), who find that banking services have great potential of moral hazard because of the commonness of asymmetric information. This is because the owner of the fund (customer) cannot monitor the fund manager (bank-financial services) in an unlimited and comprehensive way; moreover, not all fund owners have adequate financial literacy.

According to the fraud triangle theory, “opportunity” is the main factor supporting the occurrence of fraud, bigger than other factors, such as motivation and rationalization. Thus, increasing the professionalism of employees is very important. In addition to reducing the potential for fraud and moral hazard, internal control functions in form of risk management, compliance control, a segregation of duties is highly required. Furthermore, recognizing employee character, also called “Know Your Employee (KYE)” also urgently needs to be implemented by human resource departments. It is a bank’s process of identification and verification of its clients, beneficial owners and associated parties.

Particularly for Islamic fintech, a KYE program is important, but in itself it is not enough to ensure that their sources of funds comply with sharia principles. As a matter of fact, money launderers are always looking at this industry. For this reason, they need to add another program with a pretty similar mechanism yet different objective: “Know Your Investor”.

Regulatory oversight and control by the Financial Service Authority (OJK) and BI is urgently needed to provide a robust legal policy to guarantee better security and greater benefits for all stakeholders. Additionally, the police force is also needed to take serious action against financial institutions or their employees if they are proven to be involved in a financial cybercrime syndicate. In addition, we need preventive measures by financial service providers, such as to immediately apply national chip technology or national debit card standards in order to minimize the risk of personal data theft and/or card falsification.

Without any prevention program, Islamic fintech will suffer the most threatening disease for companies in this century: fraud.

 ________________________

Safri Haliding is the head of media communication of the Association of Indonesian Sharia-Fintech (AFSI).  Yunice Karina Tumewang is a lecturer at the Islamic University of Indonesia.