Monday, October 14, 2024

Fake QRIS code, new threats to digital banking ecosystem

Reading Time: 2 minutes
Novi Nurmalasari

Journalist

Mahinda Arkyasa

Editor

Interview

The recent case of fake QRIS codes installed in charity boxes presents a major hurdle amid Bank Indonesia’s efforts to develop a digital, tech-based payment system.

Moreover, the fact that the suspect, Mohammad Iman Mahlil, is a former bank employee means that “insiders” pose a great risk to the implementation of tampered QRIS codes.

In relation to the finding, cybersecurity expert Kaspersky has pointed out that there are quite a few vulnerabilities in QRIS that can be exploited by cybercriminals or hackers to do harmful actions. This is largely due to the fact that users cannot easily read the QRIS or verify the scanning process, making it easier for attackers to exploit these weaknesses.

The QRIS code created by criminals may lead to phishing sites that look like legitimate login pages for online banking or social networks. That’s why Kaspersky advises users to always check the link before tapping or clicking on it. 

Kaspersky also noted that hackers often use shortened links, making it more difficult for users to identify fake QRIS code when prompted for confirmation on their smartphones. This type of scheme can also trick users into downloading malicious software, instead of the intended game or tool, leading to potential security breaches.

In addition, QRIS code can also contain instructions to certain actions, such as adding contacts, making phone calls, drafting email and collecting recipient and subject lines, sending texts, sharing locations, and many more. 

It turns out that, despite all safety claims, QRIS can still be manipulated and breached. Therefore, to prevent this case from happening again, Bank Indonesia can only take precautions by pressing the payment service provider (PJP) to protect the system they are using. 

Bank Indonesia is also tightening the registration process of merchants who will use QRIS as their payment option. The central bank is coordinating with the Payment System Association (ASPI), payment system infrastructure providers, and PT Penyelesaian Transaksi Elektronik (PTEN) to investigate the risk of QRIS leaks.

Regarding PJP, ASPI has issued guidelines for merchants and users to improve the security of QRIS transactions. 

To ensure safe transactions, Bank Indonesia also encourages users to carefully check the information displayed within the payment application when scanning the code. This includes verifying the name of the merchant listed in the application and ensuring that it matches the correct merchant, and following the payment instructions provided by the merchant.

Merchants are also expected to regularly check their QRIS codes to ensure that they are indeed their own and have not been changed by unauthorized parties. 

Novi Nurmalasari

Journalist

Mahinda Arkyasa

Editor

 

Interview

SUBSCRIBE NOW
We will provide you with an invoice for your reimbursable expenses.

Free

New to Indonesian market? Read our free articles before subscribing to the premium plan. If you already run your business in Indonesia, make sure to subscribe to the premium subscription so you won’t miss any intelligence & business opportunities.

Premium

$550 USD/Year

or

$45 USD/Month

Cancelation: you can cancel your subscription at any time, by sending us an email inquiry@ibp-media.com

Add keywords to your market watch and receive notification:
Schedule a free consultation with us:

We’ll contact you for confirmation.

FURTHER READING

State power utility PT PLN has voiced its readiness to support the government in creating a sustainable investment ecosystem for the sake of national economic growth.
PT Bank Negara Indonesia (BBNI) has addressed the speculation surrounding Sea Group, the parent company of Shopee, potentially becoming a minority shareholder in PT Bank Hibank Indonesia. Sea Group, currently BNI’s IT partner, has also been collaborating with Hibank in the field of technology, and rumors are rife about their possible involvement as a stakeholder.
PT Chandra Shipping International (CSI), a subsidiary of PT Chandra Daya Investasi (CDI) in the shipping and logistics sector, has signed a Memorandum of Understanding (MoU) with PT Pertamina International Shipping (PIS) to explore a feasibility study for potential collaboration in chemical, bitumen, and other maritime transport and logistics operations.
PT Summarecon Agung (SMRA) has injected an additional Rp485.57 billion (US$31 million) into its subsidiary, PT Summarecon Property Development (SMPD), as part of a strategic move to bolster its growth.
Laode Masihu, a key member of the economic team for president-elect Prabowo Subianto and vice president-elect Gibran Rakabuming Raka, has highlighted data centers as a lucrative business model and a prime investment opportunity for the future.
President Joko “Jokowi” Widodo has called for an urgent increase in the country’s oil lifting amidst concerns over declining domestic production. He emphasized that the recent downward trend in oil lifting, also known as volume of oil transported, is placing financial strain on the nation as it leads to higher petroleum imports, depleting foreign exchange reserves.