Phishing in the Banking Sector: Between Cybercrime and Consumer Protection
Abstract
The escalating utilization of electronic banking services corresponds with a heightened threat of cybercrime, particularly phishing, leading to significant financial losses for customers and eroding public trust in the digital banking system. This research aims to analyze the forms of legal protection available and the construction of banks’ civil liability, as well as to identify the legal remedies accessible to customers victimized by phishing under Law Number 8 of 1999. Employing a normative legal research methodology integrating statute and conceptual approaches, the study analyzed relevant legislation and legal doctrines. Findings indicate that banks bear specific legal obligations mandated by Financial Services Authority Regulations, Law Number 27 of 2022, and Law Number 8 of 1999, about the assurance of system and data security. Consequently, banks’ civil liability for phishing-induced losses can be established, primarily on the grounds of unlawful acts (tort), contingent upon proof of failure to discharge these specific duties involving fault or negligence. However, the practical determination of liability remains complex, invariably factoring in customer contributory negligence. Victims possess options including criminal reporting and general civil litigation, yet Law Number 8 of 1999 offers a more structured consumer dispute resolution pathway. This pathway encompasses mandatory internal complaints submitted to the bank, potentially followed by escalation to LAPS SJK as the principal forum for out-of-court settlement. The study concludes that while the legal framework establishes a basis for bank liability, the adequate protection of customers is heavily contingent upon evidentiary success in disputes and the optimized functioning of resolution mechanisms, particularly LAPS SJK.
Downloads
References
Banjarnahor, A. C., & Priyana, P. (2022). Analisis Yuridis Cybercrime terhadap Penanganan Kasus Phising Kredivo. Hermeneutika: Jurnal Ilmu Hukum, 6(1), 32-36. https://doi.org/10.33603/hermeneutika.v6i1.6754
Colonial Regulations, Staatsblad Number 23 of 1847 on the Burgerlijk Wetboek voor Indonesie/the Civil Code. https://jdih.mahkamahagung.go.id/legal-product/kitab-undang-undang-hukum-perdata/detail
Damayanti, M., & Priyono, E. A. (2022). Legal Consequences for LDMO Disclosing Personal Data of Transacting Parties: A Study of Legal Protection. SIGn Jurnal Hukum, 4(2), 221-232. https://doi.org/10.37276/sjh.v4i2.217
Ekawati, D. (2018). Perlindungan Hukum terhadap Nasabah Bank yang Dirugikan Akibat Kejahatan Skimming Ditinjau dari Perspektif Teknologi Informasi dan Perbankan. Unes Law Review, 1(2), 157-171. https://doi.org/10.31933/law.v1i2.24
Erdiyanto, R. P. (2023). Penipuan Mengatasnamakan Bank Berbentuk Phising. Jurnal Inovasi Global, 1(2), 71-79. https://doi.org/10.58344/jig.v1i2.11
Ferdiansyah, D. S., Ameeralia, N. V., Putri, A. A. K., & Fikrie, S. N. (2024). Peran OJK dalam Perlindungan Konsumen terhadap Kebocoran Data pada Konsumen Jasa Keuangan Indonesia. Media Hukum Indonesia, 2(3), 301-305. Retrieved from https://ojs.daarulhuda.or.id/index.php/MHI/article/view/482
Gadjong, A. A. (2023). The Agreement of Personal Shopping Service through E-Commerce Platforms: A Case Study of Consumer Protection. SIGn Jurnal Hukum, 4(2), 388-401. https://doi.org/10.37276/sjh.v4i2.230
Government Regulation in Lieu of Law of the Republic of Indonesia Number 2 of 2022 on Job Creation (State Gazette of the Republic of Indonesia of 2022 Number 238, Supplement to the State Gazette of the Republic of Indonesia Number 6841). https://peraturan.go.id/id/perppu-no-2-tahun-2022
Hasanudin, A. F., & Babussalam, A. B. (2024). Perlindungan Hukum bagi Korban Kejahatan Phising yang Menguras Saldo M-Banking. Jurnal Gagasan Hukum, 6(1), 16-29. https://doi.org/10.31849/jgh.v6i01.18827
Irmawati, E., Pieries, J., & Widiarty, W. S. (2024). Perlindungan Hukum atas Data Pribadi Nasabah Bank Pengguna Mobile Banking dalam Perspektif UU No 27 Tahun 2022 tentang Kebocoran Data. Jurnal Syntax Admiration, 5(1), 12-27. https://doi.org/10.46799/jsa.v5i1.964
Irwansyah. (2020). Penelitian Hukum: Pilihan Metode & Praktik Penulisan Artikel. Mirra Buana Media.
Ismail, N., Ramlee, Z., & Abas, A. (2022). The Legal Proof of Macau Scam in Malaysia. Malaysian Journal of Syariah and Law, 10(1), 23-33. https://doi.org/10.33102/mjsl.vol10no1.307
Juniamalia, A., & Fadlian, A. (2023). Perspektif Undang-Undang Tentang Informasi dan Transaksi Elektronik terhadap Cyber Crime dalam Bentuk Phising. De Juncto Delicti: Journal of Law, 3(1), 30-46. https://doi.org/10.35706/djd.v3i1.7985
Law of the Republic of Indonesia Number 1 of 1946 on the Penal Code Regulations. https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/814
Law of the Republic of Indonesia Number 1 of 1960 on Amendment of the Penal Code (State Gazette of the Republic of Indonesia of 1960 Number 1, Supplement to the State Gazette of the Republic of Indonesia Number 1921). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/1357
Law of the Republic of Indonesia Number 7 of 1992 on Banking (State Gazette of the Republic of Indonesia of 1992 Number 31, Supplement to the State Gazette of the Republic of Indonesia Number 3472). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/622
Law of the Republic of Indonesia Number 10 of 1998 on Amendment to Law Number 7 of 1992 on Banking (State Gazette of the Republic of Indonesia of 1998 Number 182, Supplement to the State Gazette of the Republic of Indonesia Number 3790). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/468
Law of the Republic of Indonesia Number 8 of 1999 on Consumer Protection (State Gazette of the Republic of Indonesia of 1999 Number 22, Supplement to the State Gazette of the Republic of Indonesia Number 3821). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/409
Law of the Republic of Indonesia Number 11 of 2008 on Electronic Information and Transactions (State Gazette of the Republic of Indonesia of 2008 Number 58, Supplement to the State Gazette of the Republic of Indonesia Number 4843). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/138
Law of the Republic of Indonesia Number 8 of 2010 on Prevention and Eradication of the Crime of Money Laundering (State Gazette of the Republic of Indonesia of 2010 Number 122, Supplement to the State Gazette of the Republic of Indonesia Number 5164). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/232
Law of the Republic of Indonesia Number 19 of 2016 on Amendment to Law Number 11 of 2008 on Electronic Information and Transactions (State Gazette of the Republic of Indonesia of 2016 Number 251, Supplement to the State Gazette of the Republic of Indonesia Number 5952). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/1683
Law of the Republic of Indonesia Number 27 of 2022 on Personal Data Protection (State Gazette of the Republic of Indonesia of 2022 Number 196, Supplement to the State Gazette of the Republic of Indonesia Number 6820). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/1814
Law of the Republic of Indonesia Number 6 of 2023 on Enactment of Government Regulation in Lieu of Law Number 2 of 2022 on Job Creation Into Law (State Gazette of the Republic of Indonesia of 2023 Number 41, Supplement to the State Gazette of the Republic of Indonesia Number 6856). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/1825
Law of the Republic of Indonesia Number 1 of 2024 on the Second Amendment to Law Number 11 of 2008 on Electronic Information and Transactions (State Gazette of the Republic of Indonesia of 2024 Number 1, Supplement to the State Gazette of the Republic of Indonesia Number 6905). https://www.dpr.go.id/dokumen/jdih/undang-undang/detail/1842
Manangin, S. A. (2022). The Clause of the Murabahah Financing Agreement in Sharia Banking. SIGn Jurnal Hukum, 3(2), 135-150. https://doi.org/10.37276/sjh.v3i2.160
Manga, A. F. C., & Dianti, F. (2023). Legal Consequences of Unlawful Acts against Banks in Letter of Credit Transactions. SIGn Jurnal Hukum, 5(2), 292-311. https://doi.org/10.37276/sjh.v5i2.292
Oktana, R., Akub, S., & Maskun, M. (2023). Social Media in the Process of Evidence of Electronic Information and Transaction Crimes. SIGn Jurnal Hukum, 4(2), 320-331. https://doi.org/10.37276/sjh.v4i2.252
Orji, U. J. (2019). Protecting Consumers from Cybercrime in the Banking and Financial Sector: An Analysis of the Legal Response in Nigeria. Tilburg Law Review, 24(1), 105-124. https://doi.org/10.5334/tilr.137
Paminto, S. R., Amalia, M., Mulyana, A., & Auliya, A. H. (2024). Peran Hukum dalam Melindungi Korban Penipuan Media Sosial Perspektif Sosiologi. Journal Customary Law, 2(1), 1-18. https://doi.org/10.47134/jcl.v2i1.3335
Putri, R. A. T., & Sugiyono, H. (2024). Tanggung Jawab Bank terhadap Tindakan Phising dalam Sistem Penggunaan E-Banking (Studi: Kasus Phising pada PT. Bank Rakyat Indonesia (Persero) Tbk). Jurnal Interpretasi Hukum, 5(1), 682-690. https://doi.org/10.22225/juinhum.5.1.8318.682-690
Qamar, N., & Rezah, F. S. (2020). Metode Penelitian Hukum: Doktrinal dan Non-Doktrinal. CV. Social Politic Genius (SIGn).
Regulation of Minister of Trade of the Republic of Indonesia Number 72 of 2020 on the Consumer Dispute Resolution Agency (Bulletin Gazette of the Republic of Indonesia of 2020 Number 1039). https://peraturan.go.id/id/permendag-no-72-tahun-2020
Regulation of the Financial Services Authority of the Republic of Indonesia Number 18/POJK.03/2016 on the Implementation of Risk Management for Commercial Banks (State Gazette of the Republic of Indonesia of 2016 Number 53, Supplement to the State Gazette of the Republic of Indonesia Number 5861). https://peraturan.go.id/id/peraturan-ojk-no-18-pojk-03-2016-tahun-2016
Regulation of the Financial Services Authority of the Republic of Indonesia Number 61/POJK.07/2020 on Alternative Dispute Resolution Agencies in Financial Services Sector (State Gazette of the Republic of Indonesia of 2020 Number 290, Supplement to the State Gazette of the Republic of Indonesia Number 6599). https://peraturan.go.id/id/peraturan-ojk-no-61-pojk-07-2020-tahun-2020
Regulation of the Financial Services Authority of the Republic of Indonesia Number 11/POJK.03/2022 on the Implementation of Information Technology by Commercial Banks (State Gazette of the Republic of Indonesia of 2022 Number 5/OJK, Supplement to the State Gazette of the Republic of Indonesia Number 5/OJK). https://peraturan.go.id/id/peraturan-ojk-no-11-pojk-03-2022-tahun-2022
Regulation of the Financial Services Authority of the Republic of Indonesia Number 22 of 2023 on Consumer and Public Protection in the Financial Services Sector (State Gazette of the Republic of Indonesia of 2023 Number 40/OJK, Supplement to the State Gazette of the Republic of Indonesia Number 62/OJK). https://peraturan.go.id/id/peraturan-ojk-no-22-tahun-2023
Sampara, S., & Husen, L. O. (2016). Metode Penelitian Hukum. Kretakupa Print.
Sari, P., & Sutabri, T. (2023). Analisis Kejahatan Online Phising pada Institusi Pemerintah/Pendidik Sehari-Hari. Jurnal Digital Teknologi Informasi, 6(1), 29-34. https://doi.org/10.32502/digital.v6i1.5620
Sihombing, R. P., Kusno, K., & Siregar, A. A. (2024). Investigative Effectiveness in the Digital Era: A Case Study of Technological Innovation at the Rokan Hilir Police Resort. SIGn Jurnal Hukum, 6(2), 52-67. https://doi.org/10.37276/sjh.v6i2.368
Sinaga, E. P., & Maulisa, N. (2022). The Rights of Creditors of Guarantee Holders in a Limited Liability Company Declared Bankrupt. SIGn Jurnal Hukum, 4(1), 72-86. https://doi.org/10.37276/sjh.v4i1.171
Sirait, R. U., Sudirman, L., & Disemadi, H. S. (2025). Legal Protection for Banking Institutions in Small and Medium Enterprise Credit Agreements. SIGn Jurnal Hukum, 6(2), 468-481. https://doi.org/10.37276/sjh.v6i2.408
Situmeang, S. M. T. (2021). Penyalahgunaan Data Pribadi sebagai Bentuk Kejahatan Sempurna dalam Perspektif Hukum Siber. Sasi, 27(1), 38-52. https://doi.org/10.47268/sasi.v27i1.394
Suhyana, F. A., Suseno, S., & Ramli, T. S. (2021). Transaksi Ilegal Menggunakan Kartu ATM Milik Orang Lain. SIGn Jurnal Hukum, 2(2), 138-156. https://doi.org/10.37276/sjh.v2i2.92
Tanudiharja, G. F., Handayani, T., & Yuanitasari, D. (2024). Pertanggungjawaban Hukum Bank atas Kelalaian Melaksanakan Identifikasi dan Verifikasi dalam Penyelenggaraan Layanan Perbankan Digital. Media Hukum Indonesia, 2(4), 34-46. Retrieved from https://ojs.daarulhuda.or.id/index.php/MHI/article/view/792
Tompul, V. B. R. (2022). Data Nasabah Dibocorkan oleh Oknum Pegawai Bank. Binamulia Hukum, 11(2), 171-176. https://doi.org/10.37893/jbh.v11i2.300
Yusuf, D. M. M., Yola, V., Maiharani, D., & Dwi, E. (2022). Analisis terhadap Modus-Modus dalam Hukum Cyber Crime. Jurnal Hukum, Politik dan Ilmu Sosial, 1(2), 64-70. https://doi.org/10.55606/jhpis.v1i2.725
Copyright (c) 2025 Dian Ekawati, Dadan Herdiana, Amelia Haryanti
This work is licensed under a Creative Commons Attribution 4.0 International License.
