Indonesian financial institutions are pushing for proactive fraud prevention as scams proliferate across the Asia-Pacific region.

Financial institutions in Indonesia are facing mounting pressure to combat fraud and scams in real time, while also keeping pace with rapidly evolving regulatory requirements, according to senior banking figures. Experts at a banking roundtable in Jakarta have expressed concerns about the increasingly sophisticated nature of scams and fraud, which are often orchestrated from outside the country. The roundtable discussed AI-driven fraud prevention, real-time analytics, and regulatory compliance for APAC financial institutions.

Participants in the roundtable were drawn from the technology, financial services and regulatory compliance fields. Speakers included representatives from BioCatch, Google Cloud, and ANZ Bank, and all called for greater cross-sector collaboration to combat the common threat of financial crime.

Rising fraud challenges

Sai Prasad, chief technology officer at Google Cloud Indonesia, said the rapid evolution of AI was both a threat and a defensive tool when it comes to bank fraud and scams. Prasad said the accessibility of AI meant it was playing a dual role in advancing fraud prevention and enabling bad actors.

“The amount of innovation that’s happening is very difficult to keep pace with,” Prasad said, noting that concerns about data security dominate discussions with financial institutions. He cited Google’s M-Trends report, which identifies stolen credentials, phishing, and account takeovers as prevalent threats, exacerbated by scams on legitimate social media platforms.

To counter these threats, Prasad highlighted how Google Cloud is actively collaborating with financial institutions. He pointed to the collaboration with Indonesia's Bank Jago as a case in point. Bank Jago leverages Google Cloud's advanced data analytics and artificial intelligence tools to bolster its security posture and manage fraud and other risks in real time.

Richard Booth, BioCatch’s senior vice president for the Asia Pacific region, elaborated on the scale of data analysis required for effective fraud prevention. He said that technology was providing unprecedented levels of insight into transactions, mining data that could be used to identify fraudulent transactions with far greater accuracy.

“During a digital banking session, BioCatch analyses as many as 3,000 different signals,” Booth said. “These include behavioural, network, and physical device attributes, recorded throughout every millisecond of every step of every digital banking session.” This real-time analysis enables banks to intervene before fraudulent transactions occur, by declining payments, requiring additional authentication, and/or flagging suspicious transactions for human analysts.

ANZ Bank’s fraud prevention journey

Johnny Simons, head of digital fraud analytics at ANZ Bank, said technology was allowing banks to better target their resources and expertise. He said data analytics had allowed ANZ to reduce false positives significantly.

Simons provided an overview of ANZ’s phased implementation of BioCatch’s fraud and scam models. In 2022, ANZ deployed BioCatch’s fraud model for its web browsing channel, followed by a scams model later that year. It implemented both models for its mobile app by around mid-2023. This was followed by ANZ introducing real-time scores and mule account detection by late 2024, helping to enable proactive identification of suspicious recipient accounts.

“The mule model helps us detect mule accounts using our own tools,” Simons explained. In addition, BioCatch’s network model provides risk indicators for the recipient based on data from participating banks.

Financial crime intelligence-sharing network

The BioCatch network, which launched in Australia in late 2024, facilitates real-time, bank-to-bank information sharing while ensuring the data is encrypted and “hashed”. Booth said that BioCatch acts as a hub, providing risk indicators on hashed data, rather than sharing raw customer data between banks.

“We’re not sharing Bank A data with Bank B,” Booth explained. “We now provide risk indicators between the two banks on either side of the payment.” This approach has helped ANZ detect hard-to-identify scams, such as business email compromise and voice impersonation scams, by flagging suspicious recipient accounts.

Simons said that the network has driven “fantastic results” in detecting scams where customers are misled into making payments. “An ANZ customer may try to pay a recipient whom no other ANZ customer has ever paid before,” he said, explaining how BioCatch uses data from other network members to help assess recipient risk.

This model of privacy-preserving, collaborative intelligence is gaining traction elsewhere. Prasad noted that Google Cloud is also working with Swift to develop anti-fraud technologies using advanced AI and federated learning. This technology allows a global fraud detection model to be trained across multiple banks without the institutions having to share their sensitive, proprietary customer data.

Regulatory pressures and fast payments

The roundtable highlighted the tension between regulatory demands for fast payments and robust security. Simons explained that Australia’s New Payments Platform (NPP) enables person-to-person payments to clear within seconds, with strict service-level agreements (SLAs) limiting delays. This has created greater pressure to innovate with regard to real-time analytics, as banks are limited in their ability to add “friction” to the payments processing chain.

“Casting a wide net and slowing down large amounts of payments is not a solution, because it means we will breach scheme SLAs and impact customer experience,” he said.  “It's about making sure that we are doing this appropriately, and we are targeting these channels with information.”

Data privacy and behavioural biometrics

The tension between data privacy concerns and fraud risk management was a recurring theme throughout the discussion. Booth addressed questions about compliance with data protection laws,  explaining: “User identifiers are hashed by the bank and sent to us, so we never know the person for whom the profile is built.” Data such as typing patterns and device interactions are pseudo-anonymised, helping to ensure compliance with privacy regulations.

Detecting fraud through business accounts has been a major challenge for Indonesian banks. BioCatch’s behavioural intelligence focuses on user-level profiling, even in corporate banking scenarios where an account may have multiple users. Booth explained that profiles are built for individual users and not accounts, allowing detection of anomalies in user behaviour across devices and network locations.

“We can see the change in device, the change in network location, and the change in behaviour, all tied to that user’s identity,” he said.

Building profiles

When it comes to building a baseline user profile, this may depend on factors such as the frequency of online banking logins. For individual customers, this depends on user activity and the detection models that have been deployed.

“For account takeover use cases, about 80% of the bank’s user population will have a mature profile within 90 days,” he said. On the other hand, scam and mule account models may take five to six months due to their complexity. However, immediate value is possible for specific fraud types, such as remote access fraud, where BioCatch can flag risks from day one, even without a mature profile.

Recommendations for policymakers

The roundtable underscored the need for regulatory frameworks that balance innovation, security, and customer protection. Simons highlighted the importance of introducing “targeted friction” to disrupt fraud without reducing overall payment speeds. In Australia, this approach has seen scam losses reduce by AUD 700 million in the past year. This compares with Hong Kong, which has seen losses remain stable, while Singapore has experienced a significant increase.

Booth recommended that regulators should encourage bank-to-bank collaboration through models like BioCatch’s network, which enhances detection without compromising data privacy. He pointed to partnerships between technology providers and governments as a powerful model for protecting the public, citing Google Cloud’s collaboration with the Singapore government to proactively block access to known scam and phishing sites.

Booth also urged policymakers to support technologies that reduce false positives, as operational overload can lead to missed fraud cases and increased losses to customers. “If a customer ends up losing money because of operational overload, that’s tragic,” he said.

Looking ahead

The roundtable concluded with a call for financial institutions to work together collaboratively to address Indonesia’s specific fraud challenges. As the Asia-Pacific region’s major financial centres crack down on fraud and scams, this is driving a “displacement effect” with regional scam centres pushing into the countries with less robust controls. For this reason, it is essential to lift controls across the region, participants said.

A recent report from Indonesia’s Financial Services Authority (OJK) found that between November of 2024 and February of 2025, the Indonesian economy lost about IDR 700 billion (USD 45 million) to scams. The OJK established the Indonesian Anti-Scam Center (IASC) in November 2024 to identify the scale of the problem and work on collaborative solutions.

The IASC deals with 18 types of fraud, including illegal investments, online shopping scams, unlicensed lending and social media fraud.

The insights from the first Jakarta Roundtable have highlighted the critical role of real-time analytics and collaboration in helping Indonesian banks to stay ahead of increasingly sophisticated and pervasive financial crime threats.

--

BioCatch prevents financial crime by recognising patterns in human behavior, continuously collecting more than 3,000 anonymised data points – keystroke and mouse activity, touch screen behavior, physical device attributes, and more – as people interact with their digital banking platforms. With these inputs, BioCatch's machine-learning models reveal patterns in user behavior and provide device intelligence that, together, distinguish the criminal from the legitimate. The company’s Customer Innovation Board – an industry-led initiative in partnership with American Express, Barclays, Citi Ventures, HSBC, Macquarie Bank, National Australia Bank, and others – collaborates to pioneer innovative ways of leveraging customer relationships for improved fraud detection. Today, more than 30 of the world's largest 100 banks and 311 total financial institutions deploy BioCatch solutions, analyzing 16 billion user sessions per month and protecting more than 555 million people on more than 1.6 billion devices around the world from fraud and financial crime.