Published on International Journal of Law
Publication Date: June 5, 2019
Ion Surahmono, Sony Agus Hendrawan & Hendra Rahmanto
National Institute of Technology (ITN), Malang
College of Social and Political Sciences Waskita Darma, Malang
Madura University, Pamekasan
Journal Full Text PDF: E-Banking Management in Crime Legal System.
Bank Indonesia as the regulator and supervisor of the banking activities in Indonesia issued Bank Indonesia Regulation No. 9/15 / PBI / 2007 regarding Implementation of Risk Management in the Use of Information Technology At the Commercial Bank, so that each bank that uses information technology, especially e-banking, can minimize risk- risks arising in connection with these activities so as to get the maximum benefit from the use of information technology. Bank Indonesia associated with the task to regulate and supervise banks (Law No. 3 of 2004), one of the attempts to minimize Internet fraud conducted by Bank Indonesia is through the approach to regulatory aspects. In this regard, Bank Indonesia has issued a series of Bank Indonesia Regulation and Circular Letter of Bank Indonesia to be followed by the banking sector among others, the implementation of risk management in the operation of Internet banking activities and the application of the principle of Know Your Customer (KYC).
Keywords: Banking activities, Risk management, Regulate and Supervise banks.
Today, the use of information technology is an important part of almost all activities of society, including in the banking world, where almost the entire process of the implementation of electronic payment systems do (paperless). Developments in information technology have forced businesses to change its business strategy to put the technology as a key element in the innovation process of products and services. Electronic Banking Services (electronic transaction / e-Banking) is one of the main channel delivery of banking services.
One of the risks associated with the implementation of electronic banking (e-banking) is fraud or a crime in electronic banking services, which occur due to malicious intent of a person / group of people who have skills in the field of information technology and / or took advantage of the bank and the customers, making the bank or the customer as aggrieved victims. In the banking world, the development of fraud or crime in electronic banking services is quite surprising, with the more frequent occurrence of some adverse cases the banks as the case embezzlement, fictitious credit transfer, skimming credit / debit card, internet banking phishing, etc. Meanwhile, a number of credit card holders have also complained, because the credit card number has been used other parties to conduct e-commerce transactions giving rise to substantial losses. Unrest-unrest, some communities require a guarantee fairness and legal certainty in the field of cyber-crime in the use of services E-Banking.
1.2 Formulation of the problem
Based on this background, it formulated some discussion of the problem in this paper:
a. Any examples of crime on the system E-Banking?
b. Any risks in the use of E-Banking services?
c. How evil handling of E-Banking on the legal system in Indonesia?
1.3 Troubleshooting Methods
Based on the formulation of the problem, then the troubleshooting methods used in this paper is to study literature is to take reference from the book, a journal of the E-Banking and also from the internet
1.4 Goal Writing Papers
The purpose of this paper is as reference material tentangPenanganan knowledge Crime E-Banking Legal System in Indonesia
2.1 Examples of Crimes on E-Banking System
In Indonesia have occurred cybercrime cases related to business crime. In 2000 some Indonesian web site or compromised by a cracker calling itself Fabianclone and naisenodni. The site is among others belong to the BCA, the Jakarta Stock Exchange and Indosatnet (Agus Raharjo, 2002.37).
In September and October 2000, a craker with the nickname fabianclone managed to break through the Bank’s web Bali. The Bank provides Internet banking services at its customers. Incurring great losses and result in customer service outages (Agus Raharjo 2002: 38).
Other crimes are categorized as cybercrime in business crime is Cyber Fraud, crimes committed with fraud over the Internet, one of which is to commit a crime first stealing someone else’s credit card numbers to hack or break into the site on the internet. Cases are decided in Sleman District Court with the defendant Peter Pangkur alias Bonny diobok meddle. In such cases, the defendant was convicted of cybercrime. In its decision, the judges believed that Peter Pangkur alias Bonny meddle diobok have broken into a credit card belonging to citizens of the United States, the proceeds of crime are used to buy items such as helmets and gloves for the brand AGV. Total price of goods bought at Rp. 4.000.000, – (Mind, August 31, 2002).
Cyber Squalling, which can be interpreted as a gain, reselling, or using a domain name with bad faith or bad, happens between PT. Mustika Ratu and Tjandra, the party registering the domain name (Faith Sjahputra, 2002: 151-152).
Of the few cases in Indonesia, according to research carried Commerce Clear Security company based in Texas, said Indonesia was second after the Ukraine (Shintia Dian Arwida. 2002).
2.2 Risks in the use of E-Banking Services
In its development, E-banking has benefited the banking world, but on the other hand there are also risks inherent in the service.
E-banking not only provide benefits to those who organized it, but there are risks to be faced on the implementation of E-banking. The risk is the risk of technological reliability level E-banking and risk of the degree of legal protection can be provided as a result of the implementation of E-banking.
Attachment of Bank Indonesia Circular Letter No. 6/18 / DPNP on Guidelines for Risk Management At Bank Service Activities Through the Internet (E-Banking), explaining that the activity of bank services through the internet, banks are faced with several risks such as:
a. Strategic Risk
b. Reputation risk
c. Operational risk (which includes security risk and the law)
d. Credit risk
e. Market risk
f. Liquidity Risk
g. Privacy Risks
2.3 Crimes E-Banking Legal System in Indonesia
The setting is now applied in the implementation of E-banking is divided into two kinds of models, namely self-regulation and government regulation. Self-regulation that rules that typically formed the party in anticipation of a legal vacuum (the vacuum of law) for the protection of personal data, while government regulation is a rule that typically established by the government in the form of laws or decisions to protect personal data and bank.
Bank is an institution of trust, in the course of electronic banking (e-banking) should also be held with the provisions and principles of prudence and risk management related to the implementation of e-banking khsusunya reputation risk and legal risk. E-banking is a delivery channel in the banking industry, and civil relations that exist with respect to e-banking accounts in the form of the relationship between the bank and its customers. In this case, the legal issues will arise if electronic transactions that do fail, who should be responsible for the failure of these transactions?. An understanding of the responsibilities of the actors began their legal relationship that occurs between the two sides in an engagement.
In Indonesia, in addition to the agreement governing civil relationships, positive law governing the responsibility for holding the electronic transaction is UU ITE. In order to protect consumers, UU ITE organize their neutral technology that is used in electronic transactions, as well as the agreement requires the use of electronic systems used. In addition, each organizer of the electronic system is required to provide an electronic system reliably and safely and is responsible for the operation of the electronic system as it should be. Organizers of the electronic system is responsible for the implementation of the electronic system. However, the provision does not apply in the case of force majeure can be proved of error.
ITE Law also provides that to the extent not otherwise stipulated by a separate law, the conduct of the electronic systems required to operate the electronic system that meets the following minimum requirements:
a. Can redisplay electronic information and / or electronic documents in full accordance with the retention period specified by the Regulatory Invitation
b. Can protect the availability, integrity, authenticity, confidentiality, da keteraksesan electronic information in the implementation of the electronic system
c. Can operate in accordance with the procedures or guidance in the implementation of the electronic system
d. Equipped with the procedure or instructions be announced with language, information, or symbols that can be understood by the parties concerned with the implementation of an electronic system
e. Having a sustainable mechanism to keep the novelty, clarity, and accountability procedures or instructions
Related to the party conducting electronic transactions arranged that the sender or recipient can conduct electronic transactions themselves, through the parties dikasakan by, or through an electronic agent. In this case the parties are responsible for all legal consequences in the implementation of electronic transactions are:
a. If done alone, all legal consequences in the implementation of electronic transactions is the responsibility of the parties to a transaction
b. If done through the provision of power, all legal consequences in the implementation of electronic transactions is the responsibility of the authorizing
c. If done through an electronic agent deploy all legal consequences in electronic transactions is the responsibility of the organizers of the electronic agent
d. If the loss is due to failure of electronic transactions beropersinya electronic agent as a result of actions of third parties directly to the electronic system, all legal consequences are the responsibility of the organizers of an electronic agent. However, if the electronic transaction losses caused by failed operation of electronic agents due to negligence of the service users, all kibat law is the responsibility of the service users. The provision does not apply in the case can be proved the occurrence of force majeure, errors and / or omissions of the users of electronic systems
Meanwhile, in order to provide protection and security to the licensing of electronic transactions, in line with the ITE Law, Bank Indonesia has issued a variety of settings (regulation) related to the use of information technology for banking and payment systems provider institution in the form of Bank Indonesia Regulation and Circular Letter of Bank Indonesia. The settings are, among others, aimed to improve the security, data integrity, and availability of electronic banking services, for example by requiring all card issuers to use the chip in the cards payment, using ‘two factors authentication’ in on-line transactions that are financially, encrypts E-banking transactions.
Bank Indonesia associated with the task to regulate and supervise banks (Law No. 3 of 2004), one of the attempts to minimize Internet fraud conducted by Bank Indonesia is through the approach to regulatory aspects. In this regard, Bank Indonesia has issued a series of Bank Indonesia Regulation and Circular Letter of Bank Indonesia to be followed by the banking sector among others, the implementation of risk management in the operation of Internet banking activities and the application of the principle of Know Your Customer (KYC).
a. Risk management in the implementation of the activities E-bankingPeraturan issued by Bank Indonesia related to the management or operation of the risk management activities of internet banking is Bank Indonesia Regulation No. 5/8 / PBI / 2003 regarding Implementation of Risk Management for Commercial Bank and Bank Indonesia Circular Letter No. 6/18 / DPNP, April 20, 2004 regarding Risk Management At Bank Service Activities Through the Internet (E-Banking) .. The main points include the following settings:
1) Bank internet banking which organizes activities required to implement risk management in banking internet activities effectively
2) Application of risk management shall be set out in a policy, procedures and guidelines written with reference to the Guidelines for Application of Risk Management Activities Bank Service Over the Internet (Internet Banking), set out in the annex in the Bank Indonesia Circular Letter. The principal application of risk management for banks conducting internet banking are: The existence of active supervision of commissioners and directors of the bank, which include: (1) the Commissioner and directors must conduct effective oversight of the risks associated with the activity of internet banking, including the establishment of accountability, policies and process controls to manage those risks, (2) the Board of Directors must approve and carry out a review of the main aspects of the bank security control procedures.
While controlling the security (security control) include:
a) Should undertake adequate steps to verify the authenticity (authentication) the identity and authorization of the customers who make transactions via internet banking.
b) Banks should use the method of testing the authenticity of the transaction to ensure that the transaction can not be denied by the customer (non-repudiation) and assign responsibility in internet banking transactions.
c) Banks must ensure the separation of duties in internet banking systems, databases and other applications.
d) Banks must ensure their control over the authorization and access rights (privileges) the right to internet banking systems, databases and other applications.
e) Banks must ensure the availability of adequate procedures to protect the integrity of the data, records/ archives and information on internet banking transactions.
f) Banks should ensure the availability of tracking mechanisms (audit trail) that is clear for all internet banking transactions.
g) Banks should take steps to protect the confidentiality of critical information on internet banking. The measures must be in accordance with the sensitivity of the information released and / or stored in a database.
Legal Risk Management and Reputation Risk:
a) Banks should ensure that the bank’s website provides information that allows potential clients to obtain accurate information concerning the identity and legal status of the bank before making transactions through e-banking.
b) Banks must take steps to ensure that the customer confidentiality provisions are applied in accordance with applicable in the country where the bank provides products and services E-banking.
c) Banks must have contingency planning procedures effective and continuous efforts to ensure the availability of systems and E-banking services.
d) Banks should develop an adequate treatment plan to manage, resolve and minimize problems arising from unexpected events (internal and external) that may impede the provision of systems and services E-banking.
e) In terms of the implementation of the internet banking system carried out by a third party (outsourcing), the bank must establish and implement monitoring procedures and thorough due diligence and continuing to manage the relationship with the third-party bank.
b. The application of the principle of Know Your Customer (KYC)
Other efforts undertaken by Bank Indonesia in order to minimize the occurrence of Internet fraud crimes is setting an obligation for banks to apply the principle of know your customer, or better known as the principle of Know Your Customer (KYC). Regulation on the application of KYC principles contained in the Bank Indonesia Regulation No. 3/10 / PBI / 2001 on the application of KYC (Know Your Customer Principles) as amended by Bank Indonesia Regulation No. 3/23 / PBI / 2001 and Bank Indonesia Circular 6/37 / DPNP on 10 September 2004 on the assessment and Imposition of Sanctions on the Application of Know Your Customer and Other Obligations Related to the Law on Money Laundering.
c. Activity Tool Based Payment Cards and Bank Product Transparency
Other regulations issued by Bank Indonesia related to internet fraud is to minimize the regulations on the implementation of the activities with the Card-Based Payment Instrument (APMK), considering APMK a tool or media that is often used in internet fraud crime. The provisions regarding the conduct of APMK contained in Bank Indonesia Regulation No. 6/30 / PBI / 2004 regarding Organization Payment Instrument Cards and Bank Indonesia Circular Letter No. 7/60 / DASP dated December 30, 2005 concerning the Client Protection Principles and Prudential, and Enhancing Security Organization Card Payment Instrument.