DOI: https://doi.org/10.14710/mmh.54.2.2025.214-226

STRENGTHENING LEGAL PROTECTIONS AGAINST SOCIAL ENGINEERING IN DIGITAL BANKING: CHALLENGES, GAPS, AND RECOMMENDATIONS

*Putu Devi Yustisia Utami  -  Faculty of Law, Universitas Udayana, Indonesia
Ni Putu Purwanti  -  Faculty of Law, Universitas Udayana, Indonesia
Open Access Copyright (c) 2025 Masalah-Masalah Hukum under http://creativecommons.org/licenses/by-nc/4.0.

Citation Format:
Abstract

Social engineering is a form of manipulation used by malicious actors in digital banking services, exploiting social interaction mechanisms that can lead to financial losses for customers. Under Article 55 of the Financial Services Authority Regulation on Consumer Protection, financial institutions are obligated to safeguard customer funds. However, these protections often fail during social engineering incidents. This study utilizes both normative and empirical legal research methods to analyze common social engineering schemes, such as the distribution of APK files containing malware, phishing, pretexting, baiting, and quid pro quo. Consumer protection in the banking sector is regulated by several legal instruments, including the Consumer Protection Act, Financial Sector Development and Strengthening Act, and Financial Services Authority Regulation on Consumer Protection. Although these frameworks include fundamental consumer protection principles, they are inadequate in addressing the specific needs of customers affected by social engineering. Legal remedies for affected customers include filing complaints with banks or the Financial Services Authority, and pursuing litigation following fraud reports to the police, as stated in Article 378 of the Indonesian Criminal Code. The study recommends that the government issue more detailed implementing regulations under the Financial Services Authority's Consumer Protection framework to provide effective legal remedies for victims. Additionally, banks should implement financial literacy programs, and customers should exercise caution to avoid disclosing sensitive information in digital banking services.

Fulltext View|Download
Keywords: Social Engineering; Digital Banking; Consumer Protection; Fraud Schemes; Financial Services

Article Metrics:

Article Info
Section: Articles
Language : EN
Recent articles
DISSEMINATION OF COMMUNISM/MARXISM-LENINISM AS POLITICAL OFFENSE IN INDONESIAN: NATIONAL SECURITY PROTECTION OR ACADEMIC FREEDOM THREAT AUTHORITY, DISCRETION, AND INCLUSION: A SOCIO-LEGAL ANALYSIS OF MARRIAGE REGISTRARS AND SENSORY DISABILITIES IN INDONESIA REDEFINING CHILDHOOD: ADDRESSING LEGAL INCONSISTENCIES AND THE ROLE OF TRANSITIONAL AGE IN JUVENILE JUSTICE More recent articles
Most cited articles
PRISMATIKA HUKUM SEBAGAI DASAR PEMBANGUNAN HUKUM DI INDONESIA BERDASARKAN PANCASILA (Kajian terhadap Hukum Kekayaan Intelektual) FORMULASI MODEL PENGELOLAAN HAK ULAYAT LAUT DI PROVINSI MALUKU KONFLIK STATUS HUKUM TANAH TIMBUL DI WILAYAH PESISIR PROVINSI BALI URGENSI HUKUM PERIZINAN DAN PENEGAKANNYA SEBAGAI SARANA PENCEGAHAN PENCEMARAN LINGKUNGAN HIDUP HUKUM (SANKSI) PIDANA ADAT DALAM PEMBAHARUAN HUKUM PIDANA NASIONAL More cited articles
  1. Adenansi, R., & Novarina, L. A. (2017). Malware Dynamic. JOEICT (Journal of Education and Information Communication Technology), 1(1), 37–43. https://doi.org/10.29100/.v1i1.91
  2. Airehrour, D., Vasudevan Nair, N., & Madanian, S. (2018). Social Engineering Attacks and Countermeasures in the New Zealand Banking System: Advancing a User-Reflective Mitigation Model. Information, 9(5), 110. https://doi.org/10.3390/info9050110
  3. Al Qwaid, M. (2025). Cybersecurity Threats: Ransomware, Phishing, and Social Engineering. In Complexities and Challenges for Securing Digital Assets and Infrastructure (pp. 399–434). IGI Global Scientific Publishing. https://doi.org/10.4018/979-8-3373-1370-2.ch018
  4. Aslan, Ö., Aktuğ, S. S., Ozkan-Okay, M., Yilmaz, A. A., & Akin, E. (2023). A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions. Electronics, 12(6), 1333. https://doi.org/10.3390/electronics12061333
  5. Atmaja, Y. S., & Paulus, D. H. (2022). Partisipasi Bank Indonesia Dalam Pengaturan Digitalisasi Sistem Pembayaran Indonesia. Masalah-Masalah Hukum, 51(3), 271–286. https://doi.org/10.14710/mmh.51.3.2022.271-286
  6. Butarbutar, R. (2023). Kejahatan Siber Terhadap Individu: Jenis, Analisis, Dan Perkembangannya. Technology and Economics Law Journal, 2(2), 297–316. https://doi.org/10.21143/TELJ.vol2.no2.1043
  7. Darmaningrat, E. W. T., Ali, A. H. N., Herdiyanti, A., Pribadi, A., Subriadi, S., Muqtadiroh, F. A., Astuti, H. M., & Susanto, T. D. (2022). Sosialisasi Bahaya dan Upaya Pencegahan Social Engineering untuk Meningkatkan Kesadaran Masyarakat tentang Keamanan Informasi. SEWAGATI, Jurnal Pengabdian Kepada Masyarakat - LPPM ITS, 6(2), 160–169. https://doi.org/10.12962/j26139960.v6i2.92
  8. Gallo, L., Gentile, D., Ruggiero, S., Botta, A., & Ventre, G. (2024). The Human Factor in Phishing: Collecting and Analyzing User Behavior When Reading Emails. Computers & Security, 139, 103671. https://doi.org/10.1016/j.cose.2023.103671
  9. Hakim, M. R., & Putra, M. R. S. (2025). Analysis of Digital Bank Customer Protection Against Loss of Funds in Accounts Reviewed According to Indonesian Positive Law. Jurnal Usm Law Review, 8(2), 813–824. https://doi.org/10.26623/julr.v8i2.12073
  10. He, D., Chan, S., & Guizani, M. (2015). Mobile Application Security: Malware Threats and Defenses. IEEE Wireless Communications, 22(1), 138–144. https://doi.org/10.1109/MWC.2015.7054729
  11. Hewage, C., Nawaf, L., Khan, I., & Alkhalil, Z. (2021). Phishing Attacks: A Recent Comprehensive Study and a New Anatomy. Frontiers in Computer Science, 3(6), 563060. https://doi.org/10.3389/fcomp.2021.563060
  12. Ibrahim, J., & Sirait, Y. H. (2021). Kejahatan Transfer Dana: Evolusi Dan Modus Kejahatan Melalui Sarana Lembaga Keuangan Bank. Sinar Grafika (Bumi Aksara)
  13. Indrajit, R. E., & Teknik, S. B. (2017). Social Engineering. SERI, 999, 6
  14. Indrawati, Y. (2025). Independence of Bank Indonesia Post Law No. 4 of 2023 on Development and Strengthening of the Financial Sector. Journal of Central Banking Law and Institutions, 4(2), 203–226. https://doi.org/10.21098/jcli.v4i2.280
  15. Jakobsson, M., & Ramzan, Z. (2008). Crimeware: Understanding New Attacks and Defenses. Addison-Wesley Professional
  16. Javadpour, A., Ja’fari, F., Taleb, T., Shojafar, M., & Benzaïd, C. (2024). A Comprehensive Survey on Cyber Deception Techniques to Improve Honeypot Performance. Computers & Security, 140, 103792. https://doi.org/10.1016/j.cose.2024.103792
  17. Kaur, S. J., Ali, L., Hassan, M. K., & Al-Emran, M. (2021). Adoption of Digital Banking Channels in an Emerging Economy: Exploring the Role of in-Branch Efforts. Journal of Financial Services Marketing, 26(2), 107–121. https://doi.org/10.1057/s41264-020-00082-w
  18. Longtchi, T. T., Rodriguez, R. M., Al-Shawaf, L., Atyabi, A., & Xu, S. (2024). Internet-Based Social Engineering Psychology, Attacks, and Defenses: A Survey. Proceedings of the IEEE, 112(3), 210–246. https://doi.org/10.1109/JPROC.2024.3379855
  19. Martinelli, I. (2021). Menilik Financial Technology (Fintech) dalam Bidang Perbankan yang dapat Merugikan Konsumen. Jurnal SOMASI (Sosial Humaniora Komunikasi), 2(1), 32–43. https://doi.org/10.53695/js.v2i1.353
  20. Meyer, K. E., Li, J., Brouthers, K. D., & Jean, R.-J. ‘“Bryan.”’ (2023). International Business in the Digital Age: Global Strategies in a World of National Institutions. Journal of International Business Studies, 54(4), 577–598. https://doi.org/10.1057/s41267-023-00618-x
  21. Mishra, A., Alzoubi, Y. I., Anwar, M. J., & Gill, A. Q. (2022). Attributes Impacting Cybersecurity Policy Development: An Evidence from Seven Nations. Computers & Security, 120, 102820. https://doi.org/10.1016/j.cose.2022.102820
  22. Natalis, A., & Djohan, N. H. (2025). Cybersex Trafficking: Legal Challenges and Protection for Women and Children in Indonesia. International Cybersecurity Law Review, 6(3), 421–456. https://doi.org/10.1365/s43439-025-00149-1
  23. Oyewole, A. T., Oguejiofor, B. B., Eneh, N. E., Akpuokwe, C. U., & Bakare, S. S. (2024). Data Privacy Laws and Their Impact on Financial Technology Companies: A Review. Computer Science & IT Research Journal, 5(3), 628–650. https://doi.org/10.51594/csitrj.v5i3.911
  24. Purkait, S. (2012). Phishing Counter Measures and Their Effectiveness – Literature Review. Information Management & Computer Security, 20(5), 382–420. https://doi.org/10.1108/09685221211286548
  25. Rakocevic, S. B., Rakic, N., & Rakocevic, R. (2025). An Interplay Between Digital Banking Services, Perceived Risks, Customers’ Expectations, and Customers’ Satisfaction. Risks, 13(3), 39. https://doi.org/10.3390/risks13030039
  26. Ratulangi, C. H. (2021). Tindak Pidana Cyber Crime Dalam Kegiatan Perbankan. Lex Privatum, 9(5), 179-187. https://ejournal.unsrat.ac.id/index.php/lexprivatum/article/view/33510
  27. Silalahi, P. R., Daulay, A. S., Siregar, T. S., & Ridwan, A. (2022). Analisis Keamanan Transaksi E-Commerce Dalam Mencegah Penipuan Online. Profit: Jurnal Manajemen, Bisnis Dan Akuntansi, 1(4), 224–235. https://doi.org/10.58192/profit.v1i4.481
  28. Siswanto, & Lenita, M. D. (2024). Prinsip Kehati-Hatian Nasabah Perbankan Dalam Menjaga Keamanan Bisnis Dari Social Engineering Fraud. JUSTITIABLE - Jurnal Hukum, 7(1), 82–100. https://doi.org/10.56071/justitiable.v7i1.855
  29. Tay, L.-Y., Tai, H.-T., & Tan, G.-S. (2022). Digital Financial Inclusion: A Gateway to Sustainable Development. Heliyon, 8(6), e09766. https://doi.org/10.1016/j.heliyon.2022.e09766
  30. Turillazzi, A., Taddeo, M., Floridi, L., & Casolari, F. (2023). The Digital Services Act: An Analysis of Its Ethical, Legal, and Social Implications. Law, Innovation and Technology, 15(1), 83–106. https://doi.org/10.1080/17579961.2023.2184136
  31. Triamanda, V. (2022). Kejahatan Soceng Semakin Marak, Ratusan Nasabah Lapor ke OJK. https://economy.okezone.com/read/2022/06/22/320/2616233/kejahatan-soceng-semakin-marak-ratusan-nasabah-lapor-ke-ojk
  32. Usanti, T., & Setiawati, A. (2024). Customer Protection of Digital Services by Commercial Banks Concerning Consumer and Community Protection in the Financial Services Sector. The International Journal of Politics and Sociology Research (IJOPSOR), 11(4), 493–499. https://doi.org/10.35335/ijopsor.v11i4.223
  33. Utami, P. D. Y., Purwanti, N. P., Yudaasmini, N. W. J., Manek, A. U., & Tantra, K. S. P. (2025). Edukasi Dan Literasi Keuangan Berbasis Digital: Penerapannya Dalam Mencegah Modus Social Engineering Pada Sektor Perbankan Digital. Kertha Semaya : Journal Ilmu Hukum, 13(4), 625–638. https://doi.org/10.24843/KS.2025.v13.i04.p12
  34. Wiedyasari, A. B., & Yuspin, W. (2024). Protection of Customer Personal Data of Bank Syariah Indonesia Reviewed From POJK Number 6/POJK.07/2022. Unram Law Review (ULREV), 8(1), 1–17. https://doi.org/10.29303/ulrev.v8i1.331
  35. Workman, M. (2008). Wisecrackers: A Theory-Grounded Investigation of Phishing and Pretext Social Engineering Threats to Information Security. Journal of the American Society for Information Science and Technology, 59(4), 662–674. https://doi.org/10.1002/asi.20779
  36. Xia, L., Baghaie, S., & Mohammad Sajadi, S. (2024). The Digital Economy: Challenges and Opportunities in the New Era of Technology and Electronic Communications. Ain Shams Engineering Journal, 15(2), 102411. https://doi.org/10.1016/j.asej.2023.102411
  37. Yuspin, W., Putri, A. O., Fauzie, A., & Pitaksantayothin, J. (2024). Digital Banking Security: Internet Phishing Attacks, Analysis and Prevention of Fraudulent Activities. International Journal of Safety and Security Engineering (IJSSE), 14(6), 1699–1706. https://doi.org/10.18280/ijsse.140605

Last update:

No citation recorded.

Last update: 2025-10-10 05:42:26

No citation recorded.