Close Menu

    Fintech News Network

    Free Newsletter

    Fintech News Network

    Payments Security

    Indonesia’s Payment Transformation Calls for Continuous Verification, Risk-Based Compliance

    As fraud activity surges and becomes more sophisticated payment service providers should embrace a continuous, risk-based compliance model that spans the entire customer lifecycle, Sumsub says.
    Fintech News IndonesiaBy 4 Mins Read
    Indonesia’s Payment Transformation Calls for Continuous Verification, Risk-Based Compliance

    Over the past decade, Indonesia’s payment landscape has undergone a profound transformation driven by the widespread adoption of real-time payments, mobile wallets, and embedded finance, all supported by government initiatives. This shift has improved access to financial services, enhanced efficiency and transparency, and reduced the costs and risks associated with cash transactions.

    However, while digital payments have brought about many benefits, they have also introduced a number of challenges. According to a new paper by fraud prevention specialist Sumsub and industry trade group Asosiasi Fintech Indonesia (AFTECH), many providers are still relying on point-in-tine checks, fragmented tools, and manual processes built for a slower environment. These systems are ill-equipped to handle modern payment methods, creating vulnerabilities that fraudsters exploit to funnel stolen funds and conduct fraudulent activities.

    The rise of fraud in Indonesia

    In a new whitepaper, the organizations examine the Indonesian payment landscape, fraud trends in the sector, and formulate recommendations for remediation.

    Indonesia consistently ranks among the higher-risk markets globally for payment fraud. Its large super-app ecosystems create a wide attack surface, where one compromised identity can unlock access to multiple services. This scale and potential payoff means that fraud attempts remain frequent even as basic controls improve.

    In 2025, identity fraud rates in Indonesia reached 5.6%, marking a significant increase from 3% in 2023, according to Sumsub’s Identity Fraud Report 2025-2026. Although this figure represents a 7% year-over-year (YoY) decline, it remains among the highest in the region, ranking second in Asia-Pacific behind only Pakistan at 5.9%.

    Top 10 APAC jurisdictions with the highest percentage of identity fraud in 2025, Source: Identity Fraud Report 2025-2026, Sumsub
    Top 10 APAC jurisdictions with the highest percentage of identity fraud in 2025, Source: Identity Fraud Report 2025-2026, Sumsub

    Deepfakes accounted for 5% of fraud attempts in 2025, a proportion that is rising as AI-generated content becomes easier to produce and deploy.

    In particular, fraud-as-a-service tools have lowered the barrier to entry considerably, enabling coordinated groups to cause losses of up to US$2.5 million within a month using an initial outlay of around US$1,000, according to Sumsub.

    Last year, a sophisticated scam targeted Indonesians using AI-generated deepfake videos of President Prabowo Subianto and other high-profile figures. The scam promoted bogus financial aid, directing victims to contact a WhatsApp number and pay an “administrative fee” ranging from IDR 250,000 to IDR 1 million (US$15-60) to receive non-existent assistance, AFP reported.

    In the payment sector specifically, Sumsub outlines several prominent fraud techniques. In particular, fraudsters are increasingly combining real and fabricated data to create synthetic identities and plausible profiles. These profiles are then used across multiple wallets and services simultaneously to maximize the scale of exploitation, evade detection, and launder stolen funds before the fraud is detected.

    Fraudsters also use mule accounts to facilitate layered micro-transactions that individually fall below monitoring thresholds. However, collectively, these transactions are moving significant sums.

    These actors also leverage QR-based payment systems for rapid fund dispersal, and can rely on embedded payments within e-commerce or social commerce apps to obscure who originated or received a transfer.

    Rethinking payment compliance in Indonesia

    Against this backdrop, Sumsub emphasizes that compliance approaches designed for slower payment environments are no longer relevant. Real-time rails, embedded finance, and growing transactions volumes are fundamentally changing what risk looks like and when it tends to appear. At the same time, the regulatory landscape is becoming more complex, with stricter requirements and regulators increasingly expecting risks to be managed on an ongoing, activity-based basis rather than only at onboarding.

    Sumsub advises adopting a model that treats compliance as an ongoing process. This model should allow for continuous verification and connect each stage of the customer lifecycle so that information flows between them, and decisions at one stage are informed by what happened at another.

    This cycle should encompass identity verification at entry, transaction level risk assessment, ongoing behavioral monitoring, anti-money laundering (AML) and sanctions screening, and risk-based escalation and reporting. Crucially, scrutiny should be intensified where risk is higher, and reduced where it is lower, in line with risk-based principles used by Indonesia regulators.

    According to Sumsub, this approach aligns with the expectations set by Bank Indonesia and OJK, Indonesia’s Financial Services Authority. Both focus on consumer protection, financial integrity, and system stability.

    Continuous verification produces clearer audit trails, more traceable decisions, and documentation that hold up to regulatory review. It also allows payment providers to show that their controls match the risks of the specific activities they are licensed to perform.

     

    Featured image: Edited by Fintech News Indonesia, based on image by freepik via Freepik

    Share.

    Author

    Avatar photo

    Related Posts