When the World Economic Forum names cyber-related fraud and identity theft as major global risks, it reflects a structural shift. Fraud is no longer a side issue in the digital economy. It has become part of its operating environment.
In the Endgame podcast with Gita Wirjawan, Niki Luhur, Founder and Group CEO VIDA, outlined five key shifts that show why fraud must be treated as a systemic risk, not just a security problem.
When Fraud Behaves Like an Industry
One of the clearest tensions raised in the discussion is that fraud no longer resembles petty crime. It increasingly resembles an industry.
Fraud identifies vulnerabilities, tests them systematically, and scales tactics that work. Attacks are rarely isolated incidents, but rather are coordinated campaigns that combine compromised devices, manipulated biometrics, stolen credentials, and psychological pressure in a single sequence.
“These fraud syndicates are not just a bunch of people in a call center. They are equipped with proper technology,” Niki emphasized. “Some operate in forced labor camps, where individuals who believed they were taking legitimate job opportunities.”
What Niki was referring to are the scam compounds reported in parts of Southeast Asia, including Cambodia, where foreign nationals, including Indonesians, have been trafficked or coerced into working in organized online fraud operations. Many were initially promised legitimate employment, only to have their passports confiscated and be forced to conduct large-scale scam activities targeting victims across the region.
When Awareness Is Not Enough
For years, digital fraud prevention has leaned heavily on awareness campaigns. Users have been reminded not to share OTP codes, not to click suspicious links, and to remain cautious when receiving unexpected messages. Awareness is necessary, but it has limits.
When SMS-based OTP mechanisms remain a primary attack vector despite years of public education, institutions must ask whether those mechanisms still meet an acceptable security threshold.
“The call to action is to change the system and raise the standards of how we operate,” said Niki.
If the same authentication method continues to be exploited repeatedly at scale, the issue cannot be explained solely by user negligence. It becomes a question of architecture.
Fraud Follows the Money
Another key insight discussed in the podcast is the synchronization between fraud activity and liquidity cycles. According to the VIDA 2026 SEA Digital Identity Fraud Outlook, fraud attempts show consistent concentration during periods of mass fund distribution, including payday cycles, bonus disbursements, and Tunjangan Hari Raya (THR).
This alignment reflects economic logic. When users expect incoming funds, promotional offers, or account notifications, urgency feels legitimate. High transaction volume reduces friction and lowers suspicion. Fraudsters anticipate these behavioral shifts and time their operations accordingly.
Komdigi has recorded increased social engineering during Ramadan. Bank Indonesia has identified the Ramadan-to-Lebaran period as high risk within digital payment systems. OJK data shows that many cases exploit urgency and emotional pressure. These observations reinforce a broader reality: fraud does not operate randomly. It follows financial momentum and adapts to predictable human behavior.
How Fake BTS Exploits Trust in Digital Communication
Modern fraud increasingly targets the assumptions embedded in digital infrastructure itself. It is no longer confined to deceptive emails or suspicious links.
The use of unauthorized base transmitter stations, or fake BTS systems, illustrates this shift. In practice, attackers can deploy portable transmitters in urban areas, effectively impersonating legitimate telecom infrastructure. Because mobile devices automatically connect to the nearest signal tower, phones may unknowingly attach to these rogue transmitters.
Once connected, the fraudulent BTS can broadcast messages using spoofed sender IDs, including names of trusted banks or financial institutions. Messages that appear to originate from official bank channels can then be injected into what looks like legitimate communication streams.
Raising the Bar and Redesigning Defense
Across Southeast Asia, regulators are strengthening electronic transaction laws, data protection frameworks, cybersecurity mandates, and anti-fraud rules, all anchored in consumer protection. But the minimum security standards they define cannot remain static while fraud techniques continue to scale.
Niki highlighted a common blind spot among institutions. “The biggest blind spot is when companies believe they are already secure because they’ve implemented a piece of software once. The reality is fraud evolves rapidly. And to think that you can have one and done silver bullet solution deployed one time and you’re good forever is a big blind spot.”
As attacks become layered, coordinated, and data-driven, defense must be equally integrated. Device integrity checks, stronger authentication, presence verification, and behavioral analysis need to operate as a cohesive, layered system rather than fragmented checkpoints. Without that integration, gaps between systems become the very spaces where industrialized fraud thrives.
The Endgame podcast with Gita Wirjawan discussion reframed fraud not as a series of isolated scams, but as a structural turning point. The threat landscape has matured into a coordinated, technology-enabled industry. Recognizing that reality is the first step. Raising standards and redesigning defense for the world as it exists today is the necessary next step.
Read more VIDA Whitepaper: https://vida.id/wheresthefraud
.png)
