In this digital era, cyber crimes continue to lurk and banking customers are one of the objects targeted by crime and various types of fraud. Various forms of fraud aim to steal confidential data of bank customers, so that fraudsters can carry out illegal transactions. Customer awareness to maintain transaction data is realized by PT Bank Rakyat Indonesia (Persero) Tbk (IDX: BBRI), Indonesia’s leading bank, which provides massive education to its customers. Education to customers is carried out through various official bank platforms, both through social media (Instagram, TikTok, YouTube, X, and Facebook) and mass media. Even to provide in-depth education, BRI made a short film entitled “Bilang Aja Gak!” (Just Say No!) which is aired on the company’s social media platforms.
Besides on social media platforms, BRI also shared tips on safe transactions in mass media. BRI also conducts direct education to customers via email, whatsapp blast, and also through alerts on its mobile banking channel. Although data protection from the customer side is very important, BRI also continues to ensure that it has data protection and governance that refers to international standards that are industry references.
BRI reveals its latest initiatives to combat cybersecurity risks and protect customer data. In response to the evolving cyber landscape, BRI has implemented a holistic strategy encompassing people, procedure, and technology. On the personnel front, BRI has established a specialized Information Security team led by an experienced Chief Information Security Officer (CISO) in Cyber Security. The bank conducts extensive educational programs for employees and customers through various channels, including social media and in-person sessions. Incident management for data privacy is overseen by the Information Security Desk within the Cyber Security Incident Response Team (CSIRT).
In terms of procedures, BRI adheres to internationally recognized standards such as the NIST (The National Institute of Standards and Technology) Cybersecurity Framework, PCI DSS (Payment Card Industry Data Security Standard), and regulation released by Indonesia Financial Authority (POJK No.38/POJK.03/2016). The bank holds certifications, including ISO27001:2013 and ISO20000-1:2018, ensuring adherence to industry standards.
Arga M. Nugraha, BRI’s Director of Digital & Information Technology, emphasized the adoption of stringent data protection practices aligned with global standards. “Our commitment to data security is evident in our internal policies and the establishment of the CISO. We consistently upgrade network security and utilize advanced technologies like Data Loss Prevention (DLP) to strengthen our defenses.”
Regarding technology, BRI adopts a comprehensive approach based on the NIST framework (Identify, Protect, Detect, Respond) to minimize the risk of customer data breaches. The bank utilizes artificial intelligence (AI) to detect fraudulent patterns and threats, enabling proactive responses to cyber risks.
Despite BRI’s proactive measures, the bank stresses the importance of customer vigilance in protecting personal and banking information. Customers are urged to exercise caution and refrain from disclosing sensitive information to unauthorized individuals.
Ardi Sutedja, Chairman of the Indonesia Cyber Security Forum, echoed BRI’s sentiments, advising the public to exercise caution when sharing personal or banking data. “If you receive a call from an unfamiliar number, just block it. Legitimate institutions don’t use prepaid numbers for their call centers. And never open links shared from those suspicious numbers”. Some examples of scams that are popular in Indonesia, fraudsters send APK files in the form of wedding invitations, delivery packages, election invitation letters, transfer rate change letters, etc.
Arga stresses collaboration among institutions to combat banking crimes, stating, “Cybercrimes demand a unified response from the financial sector.” Through collaboration with law enforcement, BRI proactively works to apprehend banking criminals, including those engaged in social engineering tactics.