In a startling revelation, Balinese woman Nih Lu Putu Rustini was confronted with a shocking discovery late last year when she attempted to withdraw cash from an ATM to finance a renovation project at her family’s ancestral home.
Despite diligently saving 37 million Indonesian rupiahs ($2,340) in an account at Bank Rakyat Indonesia (BRI), the country’s largest bank, Rustini was taken aback when the ATM displayed an almost zero balance.
Upon visiting her local BRI branch, a teller informed her that her hard-earned money had vanished due to a hacker’s intrusion.
“They said a hacker had stolen my money, and they couldn’t return it to me,” Rustini recounted. “It’s unjust because it took me a long time to earn that money, but the hackers took it in seconds. I was shocked.”
Similarly, I Made Rai Dwi Ada Diatmika, a leather goods manufacturer in Bali, experienced a comparable ordeal last August when he attempted to withdraw funds from his savings of 72 million rupiahs ($4,650), only to discover that his account had been emptied the previous May by a cyber thief.
Echoing Rustini’s experience, BRI denied liability for the loss, leaving Diatmika frustrated and questioning the bank’s security measures.
“We entrust our money to the bank for safekeeping. However, if hackers can easily breach the system and access our personal data, BRI must have significant security issues,” Diatmika expressed to Al Jazeera.
Indonesia, as Southeast Asia’s largest economy with a substantial internet user base and a thriving e-commerce sector, is an appealing target for cybercriminals.
Data from Indonesia’s National Cyber and Encryption Agency revealed a staggering 361 million online traffic anomalies in the country between January 1 and October 26 last year.
Furthermore, attacks on email accounts surged by 85 percent in the third quarter of 2023, despite a decline in breaches in other countries, according to cybersecurity firm Surfshark.
Regrettably, Indonesia ranks near the bottom among G20 nations in terms of cyber threat prevention and management, according to Estonia’s National Cyber Security Index.
Gatra Priyandita, an analyst at the Australian Strategic Policy Institute’s Cyber Policy Centre, cautioned, “Indonesia is perceived as one of the world’s primary sources and targets for cybercrime.”
“Banks are prime targets because that’s where the money resides,” noted Muharto, BRI’s head of information, during a forum in Jakarta.
“Cybercriminals are now collaborating and operating as a collective with enhanced capabilities,” he added, emphasizing the necessity for banks to collaborate with the government and regulators in combating cybercrime.
Despite BRI’s assertion of taking measures to combat cybercrime, the bank’s reported lack of transparency regarding customer account breaches raises concerns.
BRI did not respond to Al Jazeera’s inquiries, and the bank’s exact count of hacked customer accounts remains undisclosed.
In addressing cybersecurity concerns, BRI permanently shuttered its website version of e-banking services in February last year, directing all online transactions to its new mobile banking app BRImo, purportedly for enhanced security and accessibility.
Moreover, BRI advocates for customer awareness regarding the risks of installing unknown applications and clicking on suspicious links or emails.
However, incidents such as a BRI customer losing 1.4 billion rupiahs ($90,330) due to clicking on a fake wedding invitation underscore the ongoing challenges.
Ardi Sutedja Kartawidjaya, chairperson of the Indonesian Cyber Security Forum, emphasized that in the majority of cyberattacks against bank accounts, customer negligence and increasingly sophisticated fraud schemes play significant roles.
Nonetheless, under the Indonesian government’s deposit guarantee scheme, funds lost due to unauthorized breaches can be reimbursed if victims can prove their innocence.
Despite legal recourse options, the process is complex and time-consuming, hampered by a shortage of digital forensics specialists and limited government funding for cybersecurity initiatives.
Meanwhile, victims like Diatmika and Rustini, with the assistance of legal firms like Malekat Hukum, are pursuing legal action against BRI in the hope of finding redress and highlighting the need for robust cybersecurity measures within financial institutions.
Ni Luh Arie Ratna Sukasari, a partner at Malekat Hukum, emphasized that BRI’s reported cyber vulnerabilities represent merely the tip of the iceberg, urging a more proactive approach from banks in safeguarding customer assets.
“Cybersecurity is not solely the responsibility of customers; banks must prioritize the security of online banking services,” Sukasari asserted.
As cyber threats persist and Indonesia continues its digital transformation, ensuring robust cybersecurity measures is paramount to safeguarding financial assets and maintaining consumer trust in banking institutions.
