E-commerce in Indonesia – Security

By regulation, an electronic system provider in Indonesia is obligated to guarantee the security of the software used to facilitate and administer the electronic system services, as well as to assure that an information security agreement is available. In practice, an electronic system provider is required to establish a security system that has a system and procedure for countermeasures and prevention of threats and attacks that could lead to disruptions, failure and financial loss for users.

Government Intervention and Certification Authorities

The government is obligated to prevent the distribution and use of electronic information or documents that contain prohibited materials pursuant to the prevailing laws and regulations. To prevent such distribution and use, the government is authorised to cut access or have electronic system providers cut off access to any electronic information or document that contains prohibited materials.

Law No. 11 of 2008 on Electronic Information and Transactions (the ITE Law) also recognises that government officials have certain authorities to investigate criminal acts or potential criminal acts in the field of electronic transactions and information. Such authorities include:

• receiving reports on criminal acts in the field of electronic transactions and information;
• summoning the relevant parties for further investigation;
• investigating the facts related to reports of alleged criminal acts;
• investigating the party that is claimed to have committed the alleged criminal act;
• examining the tools used in performing the alleged criminal act;
• searching certain locations where the alleged criminal act was committed;
• confiscating the tools used to perform the alleged criminal act;
• causing electronic information or data related to the criminal act to be inaccessible;
• requesting information in the electronic system or information produced by the electronic system that is relevant to the criminal act; and
• requesting experts as necessary to carry on with the investigation of the criminal act.

Electronic Payments

The Ministry of Communication and Information strictly requires electronic system providers, including those that facilitate electronic payment systems, to register with it. Electronic system providers that facilitate the use of electronic payment systems, including e-wallets, must also obtain a license from Indonesian's central bank, Bank Indonesia (BI).

Digital Currencies

BI regulates that digital currencies, including bitcoin, are not considered a valid payment instrument. Therefore, the use of digital currency as a payment instrument is restricted in Indonesia. BI further emphasizes that payment system services and financial technology providers are restricted from processing payment transactions that use digital currencies.

This first appeared in the Lexology GTDT e-Commerce 2021 global guide.