National banks have pledged to maintain strong digital security systems and have encouraged consumers to take precautions against the risk of digital security breaches.
Tantri Desyanti, a 25-year-old customer of Jenius, a digital banking platform operated by publicly listed lender BTPN, recently experienced a cybersecurity breach. In a viral tweet posted on June 9, Tantri said she had lost Rp 3.2 million (US$228.58) from her Jenius account, through a series of unauthorized transactions through Paypal.
She was later refunded by the bank, but her case has highlighted the risk of cybersecurity breaches in online banking platforms.
According to a 2018 PricewaterhouseCoopers survey polling 43 Indonesian banks, the industry considers cybersecurity its biggest risk over the next two to three years.
BTPN has said it has implemented a multilayered security system to secure digital transactions and is using the latest technology.
“Aside from that, we routinely educate our users about data security, as well as offline and online transaction security,” BTPN digital banking head Irwan S Tisnabudi told The Jakarta Post on Tuesday.
Irwan added that Jenius continuously reminded its customers to refrain from sharing classified information, such as PIN numbers, passwords, one-time passwords (OTP), and to change their PINs and passwords regularly.
Regarding Tantri’s case, Irwan said the bank maintained that there had not been any account breach or issue within Jenius’ internal system. The bank suspected that the customer had been manipulated by a scammer into providing confidential information.
Bank Central Asia (BCA), the country’s biggest privately owned bank, said it had maintained the security of consumer transaction information and had applied security systems in accordance with regulations.
“BCA is continuously carrying out development on its transaction securitization system,” BCA executive vice president of the secretariat and corporate communications Hera F. Haryn told the Post on Monday.
BCA enjoyed a steep 91 percent year-on-year (yoy) rise in the number of mobile banking transactions in the first quarter of this year. The value of the transactions reached Rp 3.38 quadrillion. The number of BCA internet banking transactions increased by 24 percent to 740 million during the same period.
The bank is encouraging consumers to download its official mobile banking application to maintain transaction security. It is also reminding customers to remain cautious about the safety of the internet network they are using.
Publicly listed lender Bank Mandiri has said it has taken measures to secure its mobile application, its identity authentication and its transaction authorization.
The bank has a biometric test to authorize access to its Mandiri Online application.
“The transactions are also monitored to detect unusual transactions. Everything is equipped with advanced security technology and strict security testing processes,” Bank Mandiri corporate secretary Rully Setiawan said on Tuesday.
The bank has allocated between Rp 2 and Rp 3 trillion in capital expenditure for its IT department, which will mostly go towards digitizing the banks’ systems, he added.
Digital banking in Indonesia is considered strictly controlled as it is stringently standardized, Indonesia Cyber Security Forum (ICSF) chairman and cofounder Ardi Sutedja told the Post on Monday.
“Banking is a sensitive sector because its main business is trust, so if its technology system and trust break down, it will go out of business,” Ardi said.
He noted that banks had been careful to develop and maintain the security of their digital channels but could still benefit from regular audits on their system to identify points of vulnerability.
Banks, Ardi added, should keep up to date on digital crimes, both domestic and abroad, to anticipate the security measures needed in the future.