Indonesia’s Payment ID delayed as concerns mount

The early rollout of the new Payment ID system has been cancelled in Indonesia. Bank Indonesia (BI) said Payment ID remains in the sandboxing stage while the system’s technical specifications go unpublished. 

Until the cancellation, August 17 was scheduled as the start date of when Payment ID was expected to be mandatory for transactions exceeding 10 million Indonesian rupiah per day ($617) before expanding to smaller amounts. Digital transactions via the system would generate sender, receiver, amount and purpose details — the Payment ID. 

Payment ID would’ve assigned Indonesian citizens with a unique code connected to their national ID number (Nomor Induk Kependudukan or NIK). The system is designed to improve financial data quality, under the Indonesian government’s overarching digital transformation, which includes BI’s Indonesia Payment Systems Blueprint (BSPI). 

Dr. Aziz Fajar, a lecturer at Universitas Airlangga’s Faculty of Advanced Technology and Multidiscipline (FTMM), said with an integrated system such as Payment ID, the government could track financial transactions via a single entry point rather than having to manually review annual data. This would target illegal lending, money laundering and fraud. 

BI says Payment ID will enhance the distribution accuracy of non-cash social assistance (bansos). However, The Jakarta Post made the point that there is wariness the system could “become a tool to surveil [Indonesians’] financial activities.” This stems from Payment ID’s potential to monitor a citizen’s financial activities, from income to retail transactions. 

“If our data is compromised, unauthorized parties could monitor our spending patterns,” Fajar said. “That information could then be sold to private companies, such as online lending platforms.” System security and the willingness of people to trust and believe in its effectiveness is critical, the academic warned. 

A personal data authority – an institution required by the Personal Data Protection (PDP) Law (Law No. 27/2022) – has yet to be established, which means oversight of sensitive personal data is absent. The original roadmap had Payment ID fully deployed in 2029, with initial implementation in 2027, under the original BSPI 2030 roadmap. The decision to launch earlier had observers puzzled, especially with the lack of governance in place, but this is now moot. 

Indonesia’s central bank aims to clamp down on online gambling, seen as a significant problem, and the unregulated (shadow) banking that enables such activities, and which is difficult to track. Payment ID is seen as a way to address this policy objective, but the rushed timeline – now abandoned – attracted concern over the mismatch between design and aim. 

For example, Law No. 1/2024 which updates the Electronic Information and Transactions (ITE) Law (Law No. 11/2008) introduces a key amendment — a “high-risk” transaction category. This is defined broadly to include any exchanges conducted without in-person interaction, with transactions required to use the digital trust service of e-signatures.

This requirement has sparked criticism about a lack of technological neutrality. Industry observers say the government risks entrenching a monopoly with the mandate for use of a specific third-party service. The “high-risk” designation has also been labelled overly expansive as it groups routine purchases, such as groceries, with high-value financial activities like mortgage agreements.

The planning and implementation of critical digital infrastructure requires technical, regulatory and public awareness harmonization, to put it simply, but the accelerated timeline for both the ITE amendments and Payment ID has sparked concern. 

Industry players have flagged the financial and operational strain of rapidly integrating e-certification into transaction systems, The Jakarta Post argues. Since these costs are unlikely to be passed on to consumers, payment providers would have to absorb them. Doubts also persist about the measure’s ability to curb fraud, as incidents arising from compromised or stolen devices is an issue that transaction-level e-certification does not resolve.

Beyond this, the next 12 to 24 months will be an eventful period for Indonesia’s digital transformation and digital ID as the country lines up biometrics procurements, funded by the World Bank. 

Article Topics

data privacy  |  data protection  |  digital ID  |  digital payments  |  financial inclusion  |  Indonesia  |  national ID  |  Nomor Induk Kependudukan (NIK)  |  Payment ID