Indonesia has moved towards cashless payments remarkably quickly over the years. Mobile phones have become central to daily financial activity, with people using them to scan QR codes at warungs, transfer money through apps, and pay bills without cash. This shift has brought significant convenience and efficiency to everyday transactions. However, it has also introduced new risks. As mobile devices increasingly serve as gateways to personal finances, they have become attractive targets for cybercriminals, leading to a rise in attacks focused on smartphones and digital payment platforms.
Cybersecurity in Indonesia is therefore more important than ever. Banks and fintech companies are investing significant efforts to protect sensitive information, but security is a shared responsibility that extends to everyday users. When security breaches occur, public trust in digital systems can quickly erode. The following sections examine how Indonesia arrived at this point and explore the measures that can help reduce cybersecurity risks.
Smartphone adoption is widespread across Indonesia, with mobile connections exceeding the population in many regions. Such high levels of connectivity have fueled the rapid growth of digital payments. Popular e-wallets are used for everything from everyday purchases to larger financial transactions, while QRIS, the national QR code payment standard, links millions of merchants across the country. Many of these merchants are micro, small, and medium-sized enterprises (MSMEs), highlighting the broad reach of Indonesia’s digital payment ecosystem.
Transaction numbers, as a result, have continued to rise as digital payment adoption expands across Indonesia. QRIS transactions have grown rapidly in recent years, while the BI-FAST system enables instant interbank transfers around the clock. In some payment categories, cash now accounts for less than half of all transactions, reflecting a broader shift toward digital financial services. Government initiatives have further accelerated this transition by promoting financial inclusion, particularly for adults who remain underserved by traditional banking. Mobile-based financial tools are helping bridge this gap by providing easier access to payment and banking services.
Furthermore, digital payment activity now reaches billions of transactions within relatively short periods. The growth is driven by a combination of fintech innovation and supportive public policies. Indonesia’s National Payments Roadmap emphasizes expanding access to financial services in remote and underserved areas. As a result, people in rural communities can manage accounts, make payments, and transfer funds without visiting a physical bank branch. At the same time, the popularity of e-commerce platforms and multifunctional super-apps has concentrated an increasing share of economic activity on mobile devices, further strengthening the country’s digital payment ecosystem.
Phones serve as the main entry point for cashless services. At the same time, they create weaknesses that attackers exploit. Several issues appear repeatedly.
Phishing messages frequently appear to come from legitimate banks, payment providers, or other trusted financial institutions. These messages often claim that there is a problem with an account and urge recipients to click a link, verify their identity, or enter a security code.
By creating a sense of fear or concern, attackers increase the likelihood that users will respond without carefully assessing the message’s authenticity. To enhance credibility, cybercriminals often imitate the branding, language, and format of genuine notifications sent by popular banks and e-wallet services.
Harmful software often sits inside apps that appear normal. Users sometimes download these from places outside official stores. Once on the device, the malware quietly collects login details or watches transactions. Fake versions of banking apps copy the design of genuine ones. People enter information thinking the app is real. Reports show that malware forms a large share of detected attacks. Programs that steal information spread through ads or compromised sites.
Cybercriminals often gather personal information from social media platforms or data breaches before attempting SIM-swapping attacks. They then impersonate victims and persuade telecommunications providers to issue replacement SIM cards linked to the victims’ phone numbers. Once they gain control of a phone number, attackers can intercept one-time passwords and verification codes sent by banks and other financial institutions, allowing them to bypass certain security measures. Reports of SIM-swapping incidents have become increasingly common, prompting authorities and telecommunications providers to issue regular warnings about the threat.
These risks continue to grow as more financial transactions are conducted through mobile devices. To improve their chances of success, attackers constantly adapt their tactics, often using the Indonesian language and referencing current events, popular services, or government programs to make fraudulent messages and scams appear more convincing. As digital financial services become more widespread, users face an increasingly sophisticated threat landscape.
The effects extend beyond the loss of money from a single account. Savings accumulated over time can disappear within hours, leaving families struggling to cover school fees or hospital expenses. Merchants also face challenges, including chargebacks when customers report fraud following a QR code payment.
Bigger cases shake confidence across the system. One fraud incident linked to the BI-FAST network involved around 200 billion rupiah. Banks responded by tightening checks. Such events make people question whether digital payments remain reliable. Some users return to cash even though it creates extra hassle.
Small businesses suffer when daily digital income gets interrupted. Services in health or government that depend on mobile payments face delays. News of breaches spreads and reduces overall trust. Older adults and those with limited experience online often face higher risks. The goal of cashless systems includes bringing more people in. Security shortfalls can push certain groups away or leave them exposed.
Authorities recorded billions of cyberattacks in the first half of 2025, with a majority targeting financial information. Total losses from various forms of online fraud have reached significant levels. Recovery requires both time and resources, and the broader economy feels the strain as such incidents occur repeatedly.
Protection works best when different parties take clear actions. Several measures have shown results when applied consistently.
People provide the initial line of defence. Enable two-factor authentication wherever possible for banking and payment apps. Check the sender carefully before opening links or sharing codes. Stick to official app stores when downloading applications. Keep operating systems and apps updated. Use strong, unique passwords for important accounts. Review transaction alerts as soon as they arrive and contact the bank about anything unusual. Avoid using open Wi-Fi networks for financial transactions.
Companies that offer financial services need to design security into their systems from the beginning. They should add extra checks for larger transfers and monitor activity that does not match normal patterns. Regular system testing is also important. Employees should be trained to recognize internal security risks. Privacy information should be clear and easy to understand. Applications should be built to resist common types of malware and include simple ways for users to report suspicious activity.
Regulators help set the direction. The Financial Services Authority requires banks in Indonesia to carry out annual cyber risk management reviews. Institutions must report issues quickly and maintain dedicated security teams. Coordination continues between Bank Indonesia, the national cyber agency, and industry bodies. Awareness campaigns and education in schools help improve general understanding of digital risks. Telecom operators, banks, and payment providers also share information to help block threats such as SIM swapping.
Indonesia gains significant advantages from expanding cashless systems. Mobile technology connects communities and supports business activity across the country. At the same time, these interconnected systems require continuous attention to cyber threats in Indonesia and in banking services specifically. Progress remains possible when users, companies, and authorities work together to implement practical protections.
Events that bring together specialists and decision-makers help translate discussion into action. The IndoSec summit, scheduled for 15–16 September 2026 at The Ritz-Carlton Jakarta, Pacific Place provides a timely platform where current developments are examined and practical approaches to cybersecurity challenges are shared. It reflects the growing need for collaboration as Indonesia continues its digital transformation.
With its combination of expert dialogue, industry participation, and practical knowledge exchange, the summit serves as a key meeting point for shaping cybersecurity strategy in one of Southeast Asia’s fastest-growing digital economies.
Register today!
