Positive impact and security risks of QRIS in banking transactions
Technological advancements in the banking sector have created a significant impact, providing convenience for customers in conducting financial transactions. One notable recent innovation is the QRIS (Quick Response Code Indonesia Standard), a QR code-based payment standard developed by Bank Indonesia. QRIS aims to facilitate QR-based payments domestically, offering a more efficient and modern way to handle financial transactions.
This QRIS standard comes with various advantages, including simplifying payment processes, accelerating transaction speeds, and enabling transactions without the need for carrying physical cash or cards. This not only facilitates customers but also reduces the risk of cash loss or theft.
However, behind the convenience for customers in transactions lies a vulnerability exploited by wrongdoers.
Modes of embezzlement
In a recent case, a viral video confession revealed a cashier who embezzled company funds by using her personal QRIS. In this scheme, the cashier employs her personal QRIS when customers make transactions instead of using the company’s QRIS. Exploiting this weakness, perpetrators take advantage of the fact that customers generally do not scrutinize QRIS codes closely. Consequently, the purchase funds go directly into the perpetrator’s personal account. To conceal their tracks, the wrongdoer reprints receipts from previous transactions, which are then handed to customers who have just conducted transactions.
Fraud cases through QRIS are not isolated incidents. Earlier this year, mosques in Jakarta were in the spotlight due to cases of QRIS misuse for fraudulent purposes. QRIS, intended for virtual donation boxes for congregants, was replaced with the perpetrator’s personal QRIS.
Integrity Asia’s employment background screening service: Initial mitigation steps
Fraud cases like the one mentioned above are uncovered when companies or organizations experience a decline in revenue. After conducting audits and investigations, it was revealed that the employee themselves played a role in the fraudulent activities.
The modus operandi of QRIS fraud by employees highlights the need for preventive action. Several mitigation steps that companies can take include rigorous recruitment processes, thorough background checks on potential employees, and collaboration with third-party companies like Integrity Asia to conduct comprehensive candidate background checks.
The case underscores the importance of mitigation steps that companies need to take to anticipate potential issues. Mitigation can be initiated from the recruitment process to audits as part of the control system :
- Tightening the employee recruitment process: Ensure the company conducts thorough reference and background checks on potential employees. Lifestyle analysis, social media, and credit check are also necessary to gain a deeper understanding of the candidate’s financial condition.
- Enhancing supervision of employees, especially those with access to company finances or assets, is imperative. This can be achieved by installing CCTV systems or conducting regular internal audits. This step aims not only to secure company assets but also to minimize the risk of fraud.
- Conducting periodic financial audits: Regularly perform stock audits to monitor the balance between sold goods and revenue, ensuring financial compliance and integrity.
Image by Freepik