Is Indonesia’s Digitalisation Push Leaving MSMEs Exposed?

Indonesia’s aggressive digitalisation agenda has accelerated fintech adoption, yet the nation now grapples with a cyber‑threat landscape that outpaces many peers. According to the 2025 Indonesia Threat Landscape Report, the finance sector accounts for 24.42% of phishing incidents, while the OJK notes scam frequencies three to four times higher than in comparable economies. This surge is not limited to large banks; it permeates the informal economy where MSMEs dominate, creating a systemic vulnerability that could ripple through the country’s growth trajectory.

MSMEs are uniquely exposed because they typically operate without dedicated IT staff, formal security policies, or regular training. Common attacks—fake QRIS codes, counterfeit supplier invoices, and WhatsApp Business impersonation—directly target the intersection of personal finance and business operations. Platform‑level defenses such as biometric login or two‑factor authentication assume a vigilant user who can spot malicious URLs, an expectation that most small‑business owners cannot meet. Consequently, a single successful scam can wipe out a shop’s cash flow, jeopardising livelihoods and eroding trust in digital payment ecosystems.

Regulators have responded with financial‑literacy drives and digital‑literacy campaigns, but these initiatives stop short of embedding protection into the tools MSMEs rely on daily. The real solution lies in shifting responsibility to fintech providers and the regulatory framework that mandates their services. Mandatory transaction‑validation layers, real‑time fraud‑simulation tools, and shared liability models would create a safety net that does not depend on individual vigilance. By aligning platform accountability with government oversight, Indonesia can preserve the momentum of its digital economy while safeguarding the most vulnerable participants.