Scenario-Based Risk and Control Formulation for Electronic Banking Channels ATM and EDC in Indonesian Commercial Banks

Authors

  • Navya Kirana Safitri Telkom University
  • Sinung Suakanto Telkom University
  • Basuki Rahmad Telkom University

DOI:

https://doi.org/10.59261/jequi.v8i3.353

Keywords:

ATM, EDC, Scenario-Based Risk Management, Risk Control, Indonesian Banking

Abstract

Background: ATMs and EDCs remain critical infrastructure components within Indonesia’s national payment system. However, their extensive utilization exposes commercial banks to various technological, operational, human, physical, and third-party risks. Despite recurring incidents comprehensive studies that formulate ATM and EDC risk scenarios and corresponding control measures within the Indonesian banking context remain limited.

Objective: This study formulates risk scenarios and corresponding control measures for ATM and EDC electronic banking channels in Indonesian commercial banks.

Methods: A structured literature review was conducted using six academic databases: Google Scholar, ScienceDirect, ResearchGate, Scopus, Wiley Online Library, and MDPI. The identified risks were analyzed using the ISACA Risk IT Framework and mapped to the NIST Cybersecurity Framework (CSF) 2.0 and ISO/IEC 27001:2022 standards. The proposed model was validated by six Subject Matter Experts (SMEs) with expertise in banking operations, IT risk management, information security, and payment systems using a 1–5 Likert scale.

Results: The study identified 25 risk scenarios across six categories and formulated 25 consolidated control measures. Each scenario links risk sources or threat actors, risk events, potential impacts, and corresponding controls. The controls were classified as preventive, detective, and corrective measures and mapped across the people, process, and technology dimensions. Expert validation produced an average score of 4.13/5.00 (83%), indicating a high level of acceptance.

Conclusion: As a proposed model derived from a systematic literature review and expert validation, this study provides a structured reference framework for risk management practitioners and policymakers in Indonesian commercial banking institutions.

Downloads

Download data is not yet available.

References

Ali, S. M., Hoq, S. N., Bari, A. M., Kabir, G., & Paul, S. K. (2022). Evaluating factors contributing to the failure of information system in the banking industry. Plos one, 17(3), 1–21. https://doi.org/10.1371/journal.pone.0265674

Amsaroka, M. H., Yadiati, W., & Winarningsih, S. (2024). Literature Review: the Relationship Between Internal Control System of the Government (SPIP), Good Government Governance (GGG), And Fraud Prevention. JASa (Jurnal Akuntansi, Audit Dan Sistem Informasi Akuntansi), 8(1), 122–136. https://doi.org/10.36555/jasa.v8i1.2440

Andri, A., & Lastiati, A. (2024). The Influence Of Brand Awareness, Transaction Fees On Consumer Intention In Transacting Using ATM Off Network/Off Us With Consumer Trust As A Moderating Variable. Accruals (Accounting Research Journal of Sutaatmadja), 8(02). 86–97.

Aspan, H., Nasution, A. P., & Malikhah, I. (2022). Digital Banking in Indonesia : The Development of Cashless Culture and Regulations. 9(January), 534–543.

Bank Indonesia. (2025a). Tabel 5a. ATM dan ATM + Debet. 8.

Bank Indonesia. (2025b). Tabel 5b. Infrastruktur Alat Pembayaran Menggunakan Kartu (APMK) dan Uang Elektronik (UE) Table 5g . Card-Based Payment Instruments (APMK) and Electronic Money (UE) Infrastructures Jumlah Merchant Juta Transaksi / Millions of Transaction Juta Tra.

Broby, D. (2021). Financial technology and the future of banking. Financial Innovation, 7(1). https://doi.org/10.1186/s40854-021-00264-y

Chandra, S., & Kumar, M. (2023). An Overview of Cyber Security in Digital Banking Sector. East Asian Journal of Multidisciplinary Research, 2(1), 43–52. https://doi.org/10.55927/eajmr.v2i1.1671

Ciaccio, J., & Onat, I. (2025). An Analysis of ATM and Point-of-Sale Skimming. In Orion Policy Institute. Orion Policy Institute. https://doi.org/10.13140/RG.2.2.24913.03680

CNBC. (2025). Kronologi Bank DKI Error Seminggu Lebih hingga Direktur IT Dipecat. https://www.cnbcindonesia.com/market/20250409151436-17-624624/kronologi-bank-dki-error-seminggu-lebih-hingga-direktur-it-dipecat

CNN Indonesia. (2022). RI Dihantam 700 Juta Serangan Siber di 2022, Modus Pemerasan Dominan. https://www.cnnindonesia.com/teknologi/20220701164212-192-816150/ri-dihantam-700-juta-serangan-siber-di-2022-modus-pemerasan-dominan

Diener, F. (2021). Digital Transformation in Banking : A Managerial Perspective on Barriers to Change.

Degadwala, S., & Bharatbhai, P. T. (2024). Advancements in ATM Security for Movement and Tampering Detection: A Review. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 10(5), 79–89. https://doi.org/10.32628/cseit2410587

Eka, K. W. D., & Umar Gazali, I. M. (2025). Law Enforcement of Skimming as a Cyber Crime: Digital Forensic Challenges and Evidence in Court. In Pena Justisia (Vol. 24, Number 1).

Espos. (2023). Penipuan lewat Mesin EDC, Mantan Karyawan Bank Ternama di Semarang Ditangkap.

https://regional.espos.id/penipuan-lewat-mesin-edc-mantan-karyawan-bank-ternama-di-semarang-ditangkap-1781400

Gerald, N., Oluwapelumi, O., & Eli, K. A. (2024). Quality control in financial operations: Best practices for risk mitigation and compliance. World Journal of Advanced Research and Reviews, 24(1), 735–749. https://doi.org/10.30574/wjarr.2024.24.1.3100

Hakki, T. W., Sofianty, D., Simanungkalit, J., & Alvionita, D. (2026). Pencegahan Fraud Melalui Internal Control dan Governance Risk Management Compliance. JEMSI, 7(5). https://doi.org/10.38035/jemsi.v7i5

Harasheh, M., & Provasi, R. (2023). A need for assurance: Do internal control systems integrate environmental, social, and governance factors? Corporate Social Responsibility and Environmental Management, 30(1), 384–401. https://doi.org/10.1002/csr.2361

Hidayat, A., & Kassim, S. (2023). The Digital Banking Services: A Selection Model From Islamic. 8(1), 41–58.

Ilmiha, J., & Shah Suboh, A. (2024). The Effectiveness of Internal Control in Preventing Accounting Fraud in Financial Companies. East Asian Journal of Multidisciplinary Research (EAJMR), 3(6), 2181–2192. https://doi.org/10.55927/eajmr.v3i6.9952

ISACA. (2020). Personal Copy of Basuki Rahmad (ISACA ID: 206164) RISK IT PRACTITIONER GUIDE, 2nd Edition 2 About ISACA Reservation of Rights. www.isaca.org

Joseph, E. K. Z., Frederick, O. A., Nicholas, N., & Bernard, O. A. (2024). Effectiveness of internal controls mechanisms in preventing and detecting fraud. Finance & Accounting Research Journal, 6(7), 1259–1274. https://doi.org/10.51594/farj.v6i7.1322

Kraus, S., Jones, P., Kailer, N., Weinmann, A., & Chaparro-banegas, N. (2021). Digital Transformation: An Overview of the Current State of the Art of Research. https://doi.org/10.1177/21582440211047576

Kumar, L. M. S. (2025). Developing Protocol Translation Mechanisms for Legacy Banking Systems. International Journal of Innovative Research in Science Engineering and Technology (IJIRSET), 14(5). https://doi.org/10.15680/IJIRSET.2025.1405004

Machado, A. D. B., Secinaro, S., Calandra, D., Secinaro, S., & Calandra, D. (2022). Knowledge management and digital transformation for Industry 4.0: a structured literature review. Knowledge Management Research & Practice, 20(2), 320–338. https://doi.org/10.1080/14778238.2021.2015261

Mahardinata, P., & Imaroh, T. S. (2025). Risk Management Analysis to Minimize the Occurrence of Fraud in ATM Machine Activities (A Study at XY Company in the Jakarta Area). Jurnal Doktor Manajemen (JDM), 8(1), 112. https://doi.org/10.22441/jdm.v8i1.33125

Maulidya, G. P., & Afifah, N. (2021). Perbankan Dalam Era Baru Digital: Menuju Bank 4 . 0. Jurnal Proceeding Seminar Bisnis Seri V, 278–288.

Moon, I. T., Shamsuzzaman, M., Musfiqur, M., Mridha, R., Sayed, A., & Rahaman, M. (2022). Towards the Advancement of Cashless Transaction: A Security Analysis of Electronic Payment Systems. 103–129. https://doi.org/10.4236/jcc.2022.107007

Nisa, F. Z., Febrianti, G. D., & Ajrina, N. N. (2023). Systematic Literature Review: Analisis Implementasi Manajemen Risiko TI Menggunakan Framework COBIT di Sektor Industri Jasa. Bulletin of Computer Science Research, 4(1), 66–74. https://doi.org/10.47065/bulletincsr.v4i1.313

Nuryana, I. (2024). Perkembangan Industri Perbankan di Era Digital. Jurnal Manajemen Dan Keuangan, 13(2), 162–179.

Pangestu, A., & Baskoro, R. A. (2022). Analysis of the Development of the National Payment Gateway (GPN) as a Symbol of Domestic Retail Transaction Sovereignty in Indonesia. (December 2020). https://doi.org/10.4108/eai.27-7-2021.2316817

Plachkinova, M., & Knapp, K. (2023). Least Privilege across People, Process, and Technology: Endpoint Security Framework. Journal of Computer Information Systems, 63(5), 1153–1165. https://doi.org/10.1080/08874417.2022.2128937

Putra, I. M. A. M., & Kosasih, J. I. (2021, December). Modes of Bank Fund Transfer Crime in Digital Transactions. In 2nd International Conference on Business Law and Local Wisdom in Tourism (ICBLT 2021) (pp. 167-171). Atlantis Press.

Saputra, S. (2025). Analisis Perbandingan Format Pesan ISO 8583 dan JSON pada Sistem Transaksi Keuangan. Bulletin of Computer Science Research, 6(1), 548-557. https://doi.org/10.47065/bulletincsr.v6i1.839

Sarker, S. K. (2025). Bridging IT Risk Governance in Bangladesh: A Comparative Gap Analysis of Bangladesh Bank’s Guideline on ICT Security v4.0 and ISACA’s Risk IT Framework. International Journal of Innovative Science and Research Technology, 626–630. https://doi.org/10.38124/ijisrt/25oct257

Tandra, R. (2024). The Best Machine Learning for Fraud Detection in Banking Sector : A Systematic Literature Review. 7(2). https://doi.org/10.32877/eb.v7i2.1474

Tempo. (2025). BCA Investigasi Kasus Pembobolan Rekening Nasabah. https://www.tempo.co/ekonomi/bca-investigasi-kasus-pembobolan-rekening-nasabah-2069111

Ulrich-Diener, F., Dvouletý, O., & Špaček, M. (2025). The future of banking: What are the actual barriers to bank digitalization? BRQ Business Research Quarterly, 28(2), 491–513. https://doi.org/10.1177/23409444231211597

Wang, R., & Ziegel, J. F. (2021). Scenario-based risk evaluation. Finance and Stochastics, 25(4), 725–756. https://doi.org/10.1007/s00780-021-00460-9

Widjajarto, A., Lubis, M., & Lubis, A. R. (2024). Service Level Agreement (SLAs) Model for Disaster Recovery Center (DRC) Based on Computational Resource Model of Virtual Machine. Procedia Computer Science, 234, 1476–1483. https://doi.org/10.1016/j.procs.2024.03.148

Downloads

Published

2026-07-16