Regulation on Internet Banking to Counterfeit Online Fraud Bima Danubrata Adhijoso ALSA Local Chapter Universitas Airlangga Research has shown that in late 1970s, Americans spend 1.5 hours in the Bank just to deposit one check.1 In the era where time means money, spends 1.5 hours to stand in long lines definitely waste your time. Efficiency is the main reason why in the early 1980s in New York, four major banks – Citibank, Chase Bank, Chemical Bank and Manufacturers Hanover – offered home banking services.2 Using the Videotext system, this media soon become an attraction of Banks to increase its interactive marketing capabilities.3 When the click-and-bricks euphoria hit the late 1990s, banks saw the rising popularity of the internet as an opportunity to advertise their services, including the internet banking. 4 However, due to the lacks of safeguards which guarantee the safety of internet banking, it took a long time for customer to finally acknowledge and uses internet banking in their everyday life. Nowadays, banks have realized that the internet has given the tremendous scope to reach new customers at reasonable marketing expense and permits disparate customer to effect financial transactions on one platform efficiently at a low cost. 5 In the European Union, there are 60 per cent of internet users that are using online banking. 6 Such statistic shows us how internet banking has become another distribution channel for banking institution and eases the customer in accessing their funds. Even when there is a substantial increase in the number of customers who take full advantage of internet banking services, issues on the security of internet banking are still in question. In its recent development, bank often uses encryption, biometric data, and personal
1 Crede Andreas, ‘International Banking and the Internet’, Van Nonstran Reinhold, 1997, pg. 271 2 Mary J. Cronin, ‘Banking and Finance on the Internet’, John Wiley & Sons, Inc, 1998, pg. 41 3 Edwards, M, ‘Corporate Videotex in Banking System’, Nelson Publishing, 1984, pg. 56 4 Ibid. 5 Philip Rutledge, ‘Law and Regulation of Internet Banking’ [Law and Regulation of Internet Banking], University of London Journal Publisher, 2016, pg. 17 6 Forrester Research, Inc. ‘How Customers Buy Financial Products’, Cambridge Mass USA 2015, pg. 57
identification number to secure customers’ transaction.7 Yet, there still numerous cases on online fraud through phishing and malware. Seeing the high possibility of online fraud, it is crucial for a State to provide legal protection for online banking users in order to protect their rights as customer in bank service. Online bank fraud is the fastest growing area of crime in the United Kingdom; doubling from £60 Millions in 2014 to an expected total beyond £200 Million this year.
8
Tragically, 70% of customers who are scammed may not get their penny back. 9 This is legitimately regulated through customers-bank agreement prior to their internet banking registration. In the contract terms and conditions, banks often transfer the fraud risk to the customer; especially when the transactions were made using your password, whether you actually made them or not.10 Many Scholars believe that legal protection of the customers’ transaction becomes the last resort on safeguarding customers’ fund.11 The objective is fairly obvious, legal protection gives assurance to the customer that in the event of online fraud, their fund will be completely safe.12 In Indonesia,
Law No. 11 of 2008 concerning the Information and Electronic
Transaction frequently used as reference on how Indonesian government protects its citizen from online fraud.13 Though this Law did not particularly regulate internet banking, its regulation concerning online fraud could be interpreted as online fraud in banking activity. Additionally, Bank Indonesia in 2007 issued a regulation concerning the Risk Management in Information Technology Usage by Commercial Banks14 which bind to all commercial banks in Indonesia. This regulation emphasizes on preventive measures exercised by banks prior to 7 De Borde, Duncan, ‘Two-factor Authentication’, Siemens Insight Consulting, 2013, pg. 85 8 Miles Brignall, ‘Safety in Internet Banking’, The Economist, 2017, Retrieved: April 15th, 2017 9 Ibid. 10 European Commission, ‘Internet Banking in Europe’, European Union Journal Publisher, 2001, pg. 53 11 Law and Regulation of Internet Banking, n. 5, pg. 8 12 Ibid, pg.16 13 Indonesian Law No. 11 of 2008 concerning the Information and Electronic Transaction, State Gazette No. 58 of 2008 14 Bank Indonesia Regulation No. 9/15/PBI/ 2007 concerning the Risk management in Information Technology Usage by Commercial Bank
equip its customer with internet banking activities, for instance, the obligation to assure the security and confidentiality of an internet banking transaction. 15 Nevertheless, regulation concerning the corrective measures taken after online fraud occurred is yet to be regulated, causing the absence of regulation to secure the customers’ fund. Comparing the legal protection on online banking between Indonesia and Singapore, Singapore offers more comprehend regulation on internet banking, which set out through the Monetary Authority of Singapore Internet Banking and Technology Risk Management Guidelines.16 This guideline is not only covers the preventive measures, but it also covers the corrective measures in the event of online fraud. Section 10.5 of the Guideline sets out, on the contingency that security breaches may occur and customer online accounts might have been fraudulently accessed and unauthorized transactions made, banks should explain what process will be invoked to resolve the dispute, as well as the conditions and circumstances in which the resultant losses or damages would be attributable to the banks or its customers. 17 With being regulated under Section 10.5, bank customers in Singapore have a legitimate reason to sue their bank for online fraud which causes losses and damages due to bank failure to protect the safety of their internet transaction. As a result, nearly 76% cases of online fraud in Singapore ended with bank refunds its customer losses; guarantee the safety of customers’ fund in the event of online fraud.18 In conclusion, the Author recognizes the development of internet banking and its related crimes. The Author believes that it is important for Indonesia to implement regulation on preventive and corrective measures to counterfeit online fraud and guarantee the safety of customers’ fund, with the Monetary Authority of Singapore Internet Banking and Technology Risk Management Guidelines as an example.
15 Ibid, Art. 23 16 Monetary Authority of Singapore, ‘Internet Banking and Technology Risk Management Guidelines’, 2 June 2008 17 Ibid, Sec. 10.5 18 Raysman Richard, ‘Money: There’s an App for That’, The Economist, 2011, Retrieved: April 18th 2017