Scenario-Based Risk and Control Formulation for Electronic Banking Channels ATM and EDC in Indonesian Commercial Banks
DOI:
https://doi.org/10.59261/jequi.v8i3.353Keywords:
ATM, EDC, Scenario-Based Risk Management, Risk Control, Indonesian BankingAbstract
Background: ATMs and EDCs remain critical infrastructure components within Indonesia’s national payment system. However, their extensive utilization exposes commercial banks to various technological, operational, human, physical, and third-party risks. Despite recurring incidents comprehensive studies that formulate ATM and EDC risk scenarios and corresponding control measures within the Indonesian banking context remain limited.
Objective: This study formulates risk scenarios and corresponding control measures for ATM and EDC electronic banking channels in Indonesian commercial banks.
Methods: A structured literature review was conducted using six academic databases: Google Scholar, ScienceDirect, ResearchGate, Scopus, Wiley Online Library, and MDPI. The identified risks were analyzed using the ISACA Risk IT Framework and mapped to the NIST Cybersecurity Framework (CSF) 2.0 and ISO/IEC 27001:2022 standards. The proposed model was validated by six Subject Matter Experts (SMEs) with expertise in banking operations, IT risk management, information security, and payment systems using a 1–5 Likert scale.
Results: The study identified 25 risk scenarios across six categories and formulated 25 consolidated control measures. Each scenario links risk sources or threat actors, risk events, potential impacts, and corresponding controls. The controls were classified as preventive, detective, and corrective measures and mapped across the people, process, and technology dimensions. Expert validation produced an average score of 4.13/5.00 (83%), indicating a high level of acceptance.
Conclusion: As a proposed model derived from a systematic literature review and expert validation, this study provides a structured reference framework for risk management practitioners and policymakers in Indonesian commercial banking institutions.
Downloads
References
Ali, S. M., Hoq, S. N., Bari, A. M., Kabir, G., & Paul, S. K. (2022). Evaluating factors contributing to the failure of information system in the banking industry. Plos one, 17(3), 1–21. https://doi.org/10.1371/journal.pone.0265674
Amsaroka, M. H., Yadiati, W., & Winarningsih, S. (2024). Literature Review: the Relationship Between Internal Control System of the Government (SPIP), Good Government Governance (GGG), And Fraud Prevention. JASa (Jurnal Akuntansi, Audit Dan Sistem Informasi Akuntansi), 8(1), 122–136. https://doi.org/10.36555/jasa.v8i1.2440
Andri, A., & Lastiati, A. (2024). The Influence Of Brand Awareness, Transaction Fees On Consumer Intention In Transacting Using ATM Off Network/Off Us With Consumer Trust As A Moderating Variable. Accruals (Accounting Research Journal of Sutaatmadja), 8(02). 86–97.
Aspan, H., Nasution, A. P., & Malikhah, I. (2022). Digital Banking in Indonesia : The Development of Cashless Culture and Regulations. 9(January), 534–543.
Bank Indonesia. (2025a). Tabel 5a. ATM dan ATM + Debet. 8.
Bank Indonesia. (2025b). Tabel 5b. Infrastruktur Alat Pembayaran Menggunakan Kartu (APMK) dan Uang Elektronik (UE) Table 5g . Card-Based Payment Instruments (APMK) and Electronic Money (UE) Infrastructures Jumlah Merchant Juta Transaksi / Millions of Transaction Juta Tra.
Broby, D. (2021). Financial technology and the future of banking. Financial Innovation, 7(1). https://doi.org/10.1186/s40854-021-00264-y
Chandra, S., & Kumar, M. (2023). An Overview of Cyber Security in Digital Banking Sector. East Asian Journal of Multidisciplinary Research, 2(1), 43–52. https://doi.org/10.55927/eajmr.v2i1.1671
Ciaccio, J., & Onat, I. (2025). An Analysis of ATM and Point-of-Sale Skimming. In Orion Policy Institute. Orion Policy Institute. https://doi.org/10.13140/RG.2.2.24913.03680
CNBC. (2025). Kronologi Bank DKI Error Seminggu Lebih hingga Direktur IT Dipecat. https://www.cnbcindonesia.com/market/20250409151436-17-624624/kronologi-bank-dki-error-seminggu-lebih-hingga-direktur-it-dipecat
CNN Indonesia. (2022). RI Dihantam 700 Juta Serangan Siber di 2022, Modus Pemerasan Dominan. https://www.cnnindonesia.com/teknologi/20220701164212-192-816150/ri-dihantam-700-juta-serangan-siber-di-2022-modus-pemerasan-dominan
Diener, F. (2021). Digital Transformation in Banking : A Managerial Perspective on Barriers to Change.
Degadwala, S., & Bharatbhai, P. T. (2024). Advancements in ATM Security for Movement and Tampering Detection: A Review. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 10(5), 79–89. https://doi.org/10.32628/cseit2410587
Eka, K. W. D., & Umar Gazali, I. M. (2025). Law Enforcement of Skimming as a Cyber Crime: Digital Forensic Challenges and Evidence in Court. In Pena Justisia (Vol. 24, Number 1).
Espos. (2023). Penipuan lewat Mesin EDC, Mantan Karyawan Bank Ternama di Semarang Ditangkap.
Gerald, N., Oluwapelumi, O., & Eli, K. A. (2024). Quality control in financial operations: Best practices for risk mitigation and compliance. World Journal of Advanced Research and Reviews, 24(1), 735–749. https://doi.org/10.30574/wjarr.2024.24.1.3100
Hakki, T. W., Sofianty, D., Simanungkalit, J., & Alvionita, D. (2026). Pencegahan Fraud Melalui Internal Control dan Governance Risk Management Compliance. JEMSI, 7(5). https://doi.org/10.38035/jemsi.v7i5
Harasheh, M., & Provasi, R. (2023). A need for assurance: Do internal control systems integrate environmental, social, and governance factors? Corporate Social Responsibility and Environmental Management, 30(1), 384–401. https://doi.org/10.1002/csr.2361
Hidayat, A., & Kassim, S. (2023). The Digital Banking Services: A Selection Model From Islamic. 8(1), 41–58.
Ilmiha, J., & Shah Suboh, A. (2024). The Effectiveness of Internal Control in Preventing Accounting Fraud in Financial Companies. East Asian Journal of Multidisciplinary Research (EAJMR), 3(6), 2181–2192. https://doi.org/10.55927/eajmr.v3i6.9952
ISACA. (2020). Personal Copy of Basuki Rahmad (ISACA ID: 206164) RISK IT PRACTITIONER GUIDE, 2nd Edition 2 About ISACA Reservation of Rights. www.isaca.org
Joseph, E. K. Z., Frederick, O. A., Nicholas, N., & Bernard, O. A. (2024). Effectiveness of internal controls mechanisms in preventing and detecting fraud. Finance & Accounting Research Journal, 6(7), 1259–1274. https://doi.org/10.51594/farj.v6i7.1322
Kraus, S., Jones, P., Kailer, N., Weinmann, A., & Chaparro-banegas, N. (2021). Digital Transformation: An Overview of the Current State of the Art of Research. https://doi.org/10.1177/21582440211047576
Kumar, L. M. S. (2025). Developing Protocol Translation Mechanisms for Legacy Banking Systems. International Journal of Innovative Research in Science Engineering and Technology (IJIRSET), 14(5). https://doi.org/10.15680/IJIRSET.2025.1405004
Machado, A. D. B., Secinaro, S., Calandra, D., Secinaro, S., & Calandra, D. (2022). Knowledge management and digital transformation for Industry 4.0: a structured literature review. Knowledge Management Research & Practice, 20(2), 320–338. https://doi.org/10.1080/14778238.2021.2015261
Mahardinata, P., & Imaroh, T. S. (2025). Risk Management Analysis to Minimize the Occurrence of Fraud in ATM Machine Activities (A Study at XY Company in the Jakarta Area). Jurnal Doktor Manajemen (JDM), 8(1), 112. https://doi.org/10.22441/jdm.v8i1.33125
Maulidya, G. P., & Afifah, N. (2021). Perbankan Dalam Era Baru Digital: Menuju Bank 4 . 0. Jurnal Proceeding Seminar Bisnis Seri V, 278–288.
Moon, I. T., Shamsuzzaman, M., Musfiqur, M., Mridha, R., Sayed, A., & Rahaman, M. (2022). Towards the Advancement of Cashless Transaction: A Security Analysis of Electronic Payment Systems. 103–129. https://doi.org/10.4236/jcc.2022.107007
Nisa, F. Z., Febrianti, G. D., & Ajrina, N. N. (2023). Systematic Literature Review: Analisis Implementasi Manajemen Risiko TI Menggunakan Framework COBIT di Sektor Industri Jasa. Bulletin of Computer Science Research, 4(1), 66–74. https://doi.org/10.47065/bulletincsr.v4i1.313
Nuryana, I. (2024). Perkembangan Industri Perbankan di Era Digital. Jurnal Manajemen Dan Keuangan, 13(2), 162–179.
Pangestu, A., & Baskoro, R. A. (2022). Analysis of the Development of the National Payment Gateway (GPN) as a Symbol of Domestic Retail Transaction Sovereignty in Indonesia. (December 2020). https://doi.org/10.4108/eai.27-7-2021.2316817
Plachkinova, M., & Knapp, K. (2023). Least Privilege across People, Process, and Technology: Endpoint Security Framework. Journal of Computer Information Systems, 63(5), 1153–1165. https://doi.org/10.1080/08874417.2022.2128937
Putra, I. M. A. M., & Kosasih, J. I. (2021, December). Modes of Bank Fund Transfer Crime in Digital Transactions. In 2nd International Conference on Business Law and Local Wisdom in Tourism (ICBLT 2021) (pp. 167-171). Atlantis Press.
Saputra, S. (2025). Analisis Perbandingan Format Pesan ISO 8583 dan JSON pada Sistem Transaksi Keuangan. Bulletin of Computer Science Research, 6(1), 548-557. https://doi.org/10.47065/bulletincsr.v6i1.839
Sarker, S. K. (2025). Bridging IT Risk Governance in Bangladesh: A Comparative Gap Analysis of Bangladesh Bank’s Guideline on ICT Security v4.0 and ISACA’s Risk IT Framework. International Journal of Innovative Science and Research Technology, 626–630. https://doi.org/10.38124/ijisrt/25oct257
Tandra, R. (2024). The Best Machine Learning for Fraud Detection in Banking Sector : A Systematic Literature Review. 7(2). https://doi.org/10.32877/eb.v7i2.1474
Tempo. (2025). BCA Investigasi Kasus Pembobolan Rekening Nasabah. https://www.tempo.co/ekonomi/bca-investigasi-kasus-pembobolan-rekening-nasabah-2069111
Ulrich-Diener, F., Dvouletý, O., & Špaček, M. (2025). The future of banking: What are the actual barriers to bank digitalization? BRQ Business Research Quarterly, 28(2), 491–513. https://doi.org/10.1177/23409444231211597
Wang, R., & Ziegel, J. F. (2021). Scenario-based risk evaluation. Finance and Stochastics, 25(4), 725–756. https://doi.org/10.1007/s00780-021-00460-9
Widjajarto, A., Lubis, M., & Lubis, A. R. (2024). Service Level Agreement (SLAs) Model for Disaster Recovery Center (DRC) Based on Computational Resource Model of Virtual Machine. Procedia Computer Science, 234, 1476–1483. https://doi.org/10.1016/j.procs.2024.03.148
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Navya Kirana Safitri, Sinung Suakanto, Basuki Rahmad

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike 4.0 International (CC-BY-SA). that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.



