Stay updated
  • Expert Opinion

Addressing Legal Ambiguities and Regulatory Gaps: Defining Online Fraud and Scams in Indonesia

In this piece, Joanna Octavia, a researcher at Safer Internet Lab, explores the critical need for clear and consistent definitions of online fraud and scams in Indonesia, highlighting how regulatory ambiguity and fragmentation hinder effective action and coordination in combating these evolving threats.


By: Joanna Octavia, Researcher, Safer Internet Lab

Indonesia, with its high internet penetration rates, rapid adoption of digital financial services, and significant digital and financial literacy gaps, has emerged as a fertile ground for online fraud and scams. However, regulatory frameworks are struggling to keep pace in terms of providing clear and consistent definitions, which carries several implications for legal and regulatory understanding.

International definitions often emphasise distinct characteristics of online fraud and scams. Online fraud can be broadly defined as suspicious activity involving an individual’s account that they are unaware of, such as unauthorised credit card use. Unlike other forms of fraud that may operate without the victims’ direct involvement, online scams typically leverage social engineering tactics that exploit psychological triggers like fear, urgency, or trust to manipulate the victims into actively participating in the act, for instance by granting access to their accounts or transferring funds voluntarily.

Social engineering scams are a common type of fraud that occur almost daily in Indonesia, primarily through phishing tactics using emails, text messages, or phone calls to trick victims into revealing personal information, such as one-time passwords to verify payments. The Ministry of Communication and Digital (Komdigi) noted that the second and third most common types of fraud are investment scams and shopping scams. However, the terms used to describe these activities are often conflated or fragmented, which can cause several challenges in operational clarity and institutional coordination outlined below.


Overview of definitions and challenges in Indonesia

The conflation of definitions primarily arises from the broad use of the term “penipuan”, which translates to both “fraud” and “scam” in Bahasa Indonesia and does not distinguish between technical mechanisms. Meanwhile, fragmentation in the regulatory landscape is due to several regulations addressing fraud with varying levels in detail, while others do not define it at all, leading to inconsistencies in interpretation.

The broad use of the term “penipuan” stems from the lack of specificity in the Indonesian Penal Code (KUHP), which defines fraud as deceitful practices aimed at gaining something from another person through lies, trickery, or misrepresentation. The Electronic Information and Transactions Law No. 11/2008 (UU ITE), later updated by Law No. 19/2016 and Law No. 1/2024, indirectly addresses fraud in digital environments, but does not explicitly define them nor distinguish between fraud types, relying instead on general terms like “misleading” or “false” information that result in harm. These provisions are broad and applicable to various contexts, not exclusively fraud. This leads to law enforcement often applying the KUHP in conjunction with UU ITE to prosecute online scams. The lack of clear distinction can lead to data collection challenges, which may impact analysis and targeted prevention efforts. Conflation also becomes problematic in the face of rapidly evolving scam techniques, such as AI-generated impersonations, as seen in neighbouring Malaysia. When definitions are not clear enough to account for new tactics, victims could be blamed for negligence, leading to a problematic view that falling for such scams are solely their fault.

On the other hand, fragmentation in the definitions used across regulatory domains can lead to coordination challenges. Scammers typically operate via several components, such as social media for initial contact and banking app or digital wallet to complete transactions. The Financial Services Authority (OJK)’s regulation on anti-fraud measures POJK 12/2024 provides an inclusive definition of fraud, including scams involving deception, but are focused on financial services institutions. Meanwhile, digital wallets, which are increasingly used in scams due to their widespread use and instant transaction capabilities, are regulated by the central bank, with regulations such as PBI No. 19/12/PBI/2017 on Financial Technology and PBI No. 20/6/PBI/2018 on Electronic Money broadly discussing consumer protection but not explicitly defining fraud. Moreover, the lack of a specific definition of online scams in UU ITE makes it challenging for Komdigi to provide a legal foundation to request the removal of scam-related content from international platforms. Jurisdictional boundaries and the lack of a common understanding of what qualifies as an online scam limit regulators’ ability to systematically tackle the issue.

 

Key Recommendations

Several recommendations can help address the challenges posed by the conflation and fragmentation of definitions in Indonesia:

1. Establishing a unified framework that clearly delineates online fraud and scams across regulatory texts can prevent ambiguities

Laws and regulations concerning fraud and scams such as the KUHP, UU ITE, and POJK 12/2024 should be aligned to ensure consistency in how fraudulent activities are defined. For instance, explicit legal definitions can be developed for terms such as ‘online fraud’ and ‘online scam’.

Since the multifaceted nature of these fraudulent activities necessitates a cross-sectoral collaboration, consistency in defining the terms can reduce the risk of misinterpretation, thus improving jurisdictional and operational clarity across domains. Aligning these definitions with global standards can further facilitate robust cross-border cooperation in tackling the increasingly global nature of online scams, particularly in light of emerging threats like the potential use of the ASEAN QR code for transnational scams.

2. Standardising data collection based on clear definitions for better categorisation of incidents

This can be done by mapping detailed sub-categories of online fraud and scam types, as well as channels where these activities commonly take place. While organisations such as banks and technology companies often develop proprietary fraud typologies, they are usually tailored to the unique nature of each organisation’s services, making direct comparisons challenging. Consistent categories will standardise data collection across organisations, helping stakeholders to identify trends and tackle scams more effectively. It remains imperative, however, that definitions are designed flexibly to account for rapidly evolving fraud methods.

3. Issuing sector-specific regulations or guidelines within the broader online fraud framework to delineate the roles of various stakeholders

For example, regulatory bodies such as Komdigi (content regulation), OJK (financial scams), and law enforcement. One critical gap is that existing regulations do not comprehensively cover the role of digital wallets and online platforms or hold them to the same scrutiny as banks, even though they are often a core part of an online scam workflow. Consistent interpretation of definitions used in sector-specific regulations can pinpoint responsibility, enhance accountability, and improve coordination, especially if the scams involve communication through online platforms or are complex multi-platform scams.

4. Addressing social engineering tactics used in online scams

Indonesia would benefit from a more explicit definition of online scams that employ social engineering tactics, which account for a large proportion of fraud cases targeting Indonesian users. The definition should clearly emphasise the manipulative psychological tactics that scammers use to deceive victims and account for technologies like the use of AI-based deepfake video calls on social media platforms.

The lack of a precise definition for social engineering means that regulators often overlook scams that exploit human psychology, leaving stakeholders such as banks, digital wallets, and online platforms without uniform guidelines for addressing these specific threats. While existing regulations by OJK and BI have focused on improving operational security standards, these scams tend to exploit user trust rather than technical weaknesses.

Overall, it is crucial for Indonesia to establish clear definitions as a foundation for future actions. The current conflation and fragmentation in the country’s definitions of fraud and scams create challenges in terms of operational clarity and institutional coordination. By establishing precise definitions, regulators can adopt a more comprehensive approach to addressing online fraud in Indonesia, particularly social engineering scams that exploit the widespread lack of digital and financial literacy.

 

About the writer

Joanna Octavia is a researcher at the Safer Internet Lab, a joint initiative by the Centre for Strategic and International Studies (CSIS) Indonesia and Google. Her expertise includes areas such as the digitalisation of labour and the societal impacts of technology in developing economies. She was previously Head of Programming at Asia House, a London-based think tank, and Senior Public Policy Associate at Uber in Indonesia.


The views and recommendations expressed in this article are solely of the author/s and do not necessarily reflect the views and position of the Tech for Good Institute.

Download Report

Download Report

Latest Updates

  • Articles

Navigating AI Governance and Ethics Across ASEAN

Latest Updates​
  • Articles
Navigating AI Governance and Ethics Across ASEAN

Tag(s):

, ,

Follow us on Linkedln

Interested in learning more about our work? Get the latest.

Contact Us
3 Media Close Singapore 138498 Republic of Singapore
The Institute
Legal Terms​
Connect with us
Thank you for your interest in the Tech for Good Institute. Follow us on social media to stay updated with our latest events, reports and insights.
Linkedin Youtube
Contact us

All rights reserved. © 2021 Tech For Good Institute​

Connect with us​

Linkedin Youtube
Stay updated
Linkedin Youtube

Keep pace with the digital pulse of Southeast Asia!

Never miss an update or event!

Subscribe now ➞

Mouna Aouri

Programme Fellow

Mouna Aouri is an Institute Fellow at the Tech For Good Institute. As a social entrepreneur, impact investor, and engineer, her experience spans over two decades in the MENA region, South East Asia, and Japan. She is founder of Woomentum, a Singapore-based platform dedicated to supporting women entrepreneurs in APAC through skill development and access to growth capital through strategic collaborations with corporate entities, investors and government partners.

Dr Ming Tan

Founding Executive Director

Dr Ming Tan is founding Executive Director for the Tech for Good Institute, a non-profit founded to catalyse research and collaboration on social, economic and policy trends accelerated by the digital economy in Southeast Asia. She is concurrently a Senior Fellow at the Centre for Governance and Sustainability at the National University of Singapore and Advisor to the Founder of the COMO Group, a Singaporean portfolio of lifestyle companies operating in 15 countries worldwide.  Her research interests lie at the intersection of technology, business and society, including sustainability and innovation.

 

Ming was previously Managing Director of IPOS International, part of the Intellectual Property Office of Singapore, which supports Singapore’s future growth as a global innovation hub for intellectual property creation, commercialisation and management. Prior to joining the public sector, she was Head of Stewardship of the COMO Group and the founding Executive Director of COMO Foundation, a grantmaker focused on gender equity that has served over 47 million women and girls since 2003.

 

As a company director, she lends brand and strategic guidance to several companies within the COMO Group. Ming also serves as a Council Member of the Council for Board Diversity, on the boards of COMO Foundation and Singapore Network Information Centre (SGNIC), and on the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

In the non-profit, educational and government spheres, Ming is a director of COMO Foundation and Singapore Network Information Centre (SGNIC) and chairs the Asia Advisory board for Swiss hospitality business and management school EHL. She also serves on  the Council for Board Diversity and the Digital and Technology Advisory Panel for Esplanade–Theatres on the Bay, Singapore’s national performing arts centre.

 

Ming was educated in Singapore, the United States, and England. She obtained her bachelor’s and master’s degrees from Stanford University and her doctorate from Oxford.