JAKARTA - Fictitious loans and misuse of personal data in the midst of rampant offers of credit from various banks and financial technology (fintech) are inevitable. This opportunity is supported by the lack of specification of personal data management regulations.

Managing Director of a Sharia Rural Bank (BPRS) in Tangerang, Daniel was one of the victims of this fictitious loan and the misuse of personal data.

Daniel is said to have borrowed Rp. 9 million from Amar Bank in December 2019. Over the past two months, there have been arrears of Rp1, 8 million that have stuck.

The profiteers used all the data on Daniel's KTP. The data recorded by Amar Bank is Daniel's name, address and KTP number. The only difference is in the part of the photo which - according to the bank - looks edited so that it is not a picture of Daniel.

Another oddity was that the money was sent to an account number at Bank Mandiri. However, when Daniel checked it, Bank Mandiri even admitted that it never had an account number like that.

In the data from the Financial Services Authority (OJK), the profiteering job is an entrepreneur who works as a clothes seller. In fact, the real Daniel is a director of a BPRS in Tangerang with the position of President Director. Obviously, this problem is detrimental to him personally and to his office.

"In fact, I was in the process of due diligence for additional capital, and it was disturbed because there was a record of overdue loans on behalf of me," Daniel told VOI, Thursday, February 27.

Regarding the case that happened to Daniel, the Research Director of the Center of Reform on Economics (CORE) Indonesia Piter Abdullah actually questioned the credibility of Amar Bank, which disbursed this fictitious credit. Because, he said, applying for a loan or credit, the process is very strict.

"Actually, if a financial institution is credible, this will be difficult to happen. That's why we must be careful when dealing with non-credible financial institutions. If a financial institution is credible, before it provides a credit loan, it must know exactly who applied for the loan," said Piter. , to VOI, in Jakarta, Friday, March 13.

According to Piter, if a fictitious credit case occurs, then there is a strong suspicion that some elements from Amar Bank will be involved. Because, in applying for credit, personal identity is very difficult to fake.

"There must be someone inside playing. The system at the bank is very strict. It is impossible to channel credit to a non (original) person. It must be a violation of the law if it happens like that," he explained.

Likewise, Banking Observer Paul Sutaryono said that a person's personal data should be protected by law (UU). According to him, the bank, in this case Amar Bank, should be able to verify the personal data of the prospective customer who applied for the loan before providing a credit loan.

"I don't know why it happened. But banks should have matched the original data of a prospective customer with the owner before distributing a loan. In addition, almost all banks still require that prospective customers have to come in person to apply for a loan or loan. Not represented," Paul said at the time. contacted VOI.

Meanwhile, the Complaints Staff of the Indonesian Consumers Foundation (YLKI) Rio Priyambodo told VOI that to minimize cases like this from happening again, victims can report this to the authorities. The goal is to investigate whether there is potential for fraud in the process of applying for credit to Amar Bank.

"If this happens, report it to the police because that's called the sale and purchase of personal data. Those things are actually indications of a criminal act. Now that can be reported, the police will investigate whether there is an indication of buying and selling personal data or not," he explained.

A victim of Amar Bank's fictitious credit who visited Amar Bank's office in the Thamrin area, Thursday, February 27. (Moksa Hutasoit / VOI)

According to Rio, currently there have been many cases of selling personal data. So, it is necessary to ask how Amar Bank verifies the personal data of its prospective customers.

"That goes back to banks, how do they verify the data of their prospective customers. Whether the verification is in the form of a physical form or being visited directly is verified. There is verification of files, personality. Examples of home, office surveys and so on have actually been implemented that mitigate the risk of personal data misuse , also mitigate the misuse of loan funds, "he said.

The Need for Regulation on Personal Data Management

When contacted by VOI, Commission XI member Puteri Komarudin said, so far, personal data protection has been regulated in the Minister of Communication and Information Technology Regulation number 20 of 2016 concerning Personal Data Protection in Electronic Systems.

However, according to Puteri, this regulation does not regulate criminal sanctions or fines for perpetrators of personal data theft, only contains administrative sanctions for every person who obtains, collects, processes, analyzes, stores, displays, announces, sends, and / or disseminates personal data. without permission.

"The lack of specificity in the regulation of personal data management is indeed an opening for financial service owners who are not responsible for taking actions that are detrimental to customers. Therefore, this is what the DPR is striving for at the legislative level," said Puteri.

This Golkar politician said that the government and the DPR are currently in the process of ratifying the Personal Data Protection Bill. This bill has been included in the list of 50 Priority Prolegnas Bills 2020. This bill will later regulate the definition of personal data; types of personal data; deletion of personal data; personal data protection failure; and criminal sanctions for violations of the use of personal data.

"Hopefully this bill can be passed soon so that in the future there will be no more data theft that is detrimental to the public," he said.

Meanwhile, Member of Commission I Abdul Kadir Karding said, in an era of sophisticated information technology today, it is very easy for personal data to be accessed by many people and many parties. Moreover, if a certain person, group, or company has the ability in the field of information technology.

"In order to prevent this abuse from happening, we must encourage together the birth of regulations in the form of laws that provide guarantees and protection for the use of personal data," he explained to VOI.

The Personal Data Protection Bill, said Karding, is currently deemed necessary. Because, with the existence of regulations regarding the management of personal data, misuse can be avoided.

"How can this bill be effective so that the abuse of economic or political motives, social or personal motives can be avoided. As long as there is no regulation that regulates law enforcers cannot take a stand," he said.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)