E-Banking in Indonesia: Opportunities and Challenges from Security Perspective

Budi Rahardjo budi@indocisc.com

OPPORTUNITIES

2015 BR e-Banking in Indonesia 2

Large number of Users

More than 100 Million cellphone (telco) users Internet users

–  55M internet users in 2011, increase 22% from 2008 (2012 Internet Trends — Kleiner Perkins Caufield Byers)

–  In 2009, Indonesia was not in twitter user list. Now

•  Jakarta #1 •  Bandung #6

2015 BR e-Banking in Indonesia 3

2015 BR e-Banking in Indonesia 4

High ICT Adoption Rate

2015 BR e-Banking in Indonesia 5

Electronic Market Place

2015 BR e-Banking in Indonesia 6

Opportunities

•  Non-bank players •  Machine-to-machine

– Non-human accounts

2015 BR e-Banking in Indonesia 7

CHALLENGES

2015 BR e-Banking in Indonesia 8

Current Malware Problem

Steal user account through malware http://regional.kompas.com/read/2015/08/11/12185971/Kronologi.Hilangnya.Uang.Nasabah.Bank.Mandiri.Versi.Korban 2015 BR e-Banking in Indonesia 9

SMS Banking (in)Security

•  User is assigned 6-digit PIN •  Transaction requires combination of two

digit PIN •  Problems

– Only 15 different combinations – Fastest guess: 3 times – Certain numbers are used more frequently – SMS is saved. Phone stolen => disaster – SMS not delivered

2015 BR e-Banking in Indonesia 10

Challenges

•  Distrust society •  Fraud

– ATM fraud – Marketplace

•  Insecure IT infrastructure – Network & applications – Performance issue (lack of capacity planning)

2015 BR e-Banking in Indonesia 11

Challenges

•  No large scale micropayment, nano payment, pico payment

2015 BR e-Banking in Indonesia 12

Challenges

•  Lack of security regulation outside banking – Lack of periodical security audit – Not only network, but also application security

evaluation – Enforcement is a must

2015 BR e-Banking in Indonesia 13

Concluding Remarks

•  There are opportunities, but challenges must be address before they create problems

2015 BR e-Banking in Indonesia 14