A movement toward a cashless economy requires changes in customer behavior, which in turn requires trust in the payment system.
ank Indonesia (BI) inaugurated last week the National Payment Gateway (NPG), an integrated, efficient and affordable electronic payment system. The NPG aims to process all domestic electronic transactions through local payment companies and onsoil infrastructure.
In a world under the NPG, we would only see one electronic data capture (EDC) machine at every merchant — capable of processing transactions using cards from different issuers — instead of multiple EDCs sitting at the register, each serving a limited group of card transactions using certain payment networks.
This exciting movement toward an integrated national payment system was recently accentuated by state lenders, who have agreed to integrate their EDCs for point-of-sale (POS) transactions in six state-owned enterprises (SOEs).
Starting December 2017, cards issued by Bank Mandiri, BNI, BRI and BTN can be processed using only one EDC machine at the merchants of these SOEs. Moreover, any idle EDC at one merchant can be transferred to another merchant to increase electronic payment penetration. This aligns with BI’s mission to promote cashless transactions under the National Cashless Movement (GNNT).
It is a splendid idea, but not one without challenges. A movement toward a cashless economy requires changes in customer behavior, which in turn requires trust in the payment system, which itself can only be attained through reliability and security of the payment system in question. This is even more true under a centralized system like the NPG, which might be more likely to be exposed to system failures.
Once hackers find a single weak point in the NPG, our entire payment system is compromised and, thus, vulnerable to fraud and cyberattacks. An attack to the NPG would lead to an unprecedented level of damage as our entire payment system is dependent on it.
Needless to say, BI and NPG operators need to commit to developing secure payment infrastructure and procedures. Unfortunately, Indonesia does not have a law on personal data protection, hence the minimal pressure on industry players to develop such infrastructure and procedures to comply with data protection measures.
Share your experiences, suggestions, and any issues you've encountered on The Jakarta Post. We're here to listen.
Thank you for sharing your thoughts. We appreciate your feedback.