Article Sidebar

Download
PDF
Statistic
Read Counter : 14 Download : 5

Main Article Content

Abstract

Purpose: This study analyzes the mechanisms of quishing attacks within QRIS transactions, examines users' vulnerability to QR-code-based fraud, and evaluates mitigation efforts and legal protection in Indonesia's digital payment ecosystem.


Research Method: A sequential explanatory mixed-methods design was employed. Quantitative data were collected through online questionnaires distributed to QRIS users in Bandung using purposive sampling. Of the 100 questionnaires distributed, 89 valid responses met the inclusion criteria. Qualitative data from documented fraud cases and relevant literature were used to explain the quantitative findings.


Results and Discussion: Although 89.9% of respondents were aware of QR code fraud risks, 38.2% had experienced financial losses, and 31.5% had nearly become victims. Routine payment activities (44.6%) and promotional offers (24.1%) emerged as the dominant triggers for scanning fraudulent QR codes. Furthermore, 39.5% of respondents reported being redirected to phishing websites, indicating that quishing frequently facilitates credential theft and account takeover through social engineering techniques.


Implications: The findings highlight the need for stronger cybersecurity governance through dynamic QRIS implementation, enhanced security features, and continuous consumer education.


Originality: This study integrates behavioral evidence from QRIS users with legal and cybersecurity perspectives to provide a comprehensive understanding of quishing in Indonesia's digital payment ecosystem.

Keywords

QRIS quishing social engineering account takeover cybersecurity governance

Article Details

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite
Hamka, N. M., Nopiya, S., Pebyani, T., Fitriani, S., Limbong, V., & Yulianah, Y. (2026). Analysis of QRIS Misuse Mode as a Means of Personal Data Theft and Account Takeover in Bandung City, Indonesia. Advances in Community Services Research, 4(2), 68–81. https://doi.org/10.60079/acsr.v4i2.878
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX

References

  1. Alam, M. A., Sarna, S. A., Rakibuzzaman, M., & Reza, J. (2025). Strengthening Cybersecurity Protocols to Safeguard U.S. Financial Infrastructure Against Emerging Threats. Advances in Economics & Financial Studies, 3(2), 71–82. https://doi.org/10.60079/aefs.v3i2.506
  2. Andriyani, F., Siagian, B., Suciati, P., & Citra, A. (2025). QRIS Adoption and Utilization: Examining Gen Z’s Digital Payment Behavior Among Indonesian Vocational Students. Jurnal Vokasi Indonesia, 13(1), 7. https://doi.org/10.7454/jvi.v13i1.1233
  3. Anisa, F. N., & Andraini, F. (2023). Perlindungan Hukum Terhadap Konsumen Dalam Transaksi Menggunakan Sistem Pembayaran Berbasis QRIS (Quick Response Code Indonesian Standard). Jurnal Cahaya Mandalika, 4(2), 909–918.
  4. Bank Indonesia. (2023). Peraturan Bank Indonesia Nomor 3 Tahun 2023 tentang Perlindungan Konsumen Bank Indonesia. https://www.bi.go.id/id/publikasi/peraturan/Pages/pbi_250323.aspx
  5. Bank Indonesia. (2024). Quick Response Code Indonesian Standard (QRIS). Bank Indonesia.
  6. Baottong, M. H., Kausar, A., Taufiq, M. I., & Krisnanto, B. (2025). Mitigating QR-Phishing Risks in Indonesian Digital Payments Through Security Behavior Intentions Scale. Jurnal Manajemen Perbankan Keuangan Nitro, 1(3), 78–92. https://doi.org/10.56858/jmpkn.v1i3.757
  7. Coils. (2023). The Puzzle of the Spread of Fake QRIS in Jakarta Mosques. Jakarta: KumparanNEWS.
  8. Hamzah Muchtar, E., Trianto, B., Maulana, I., Alim, M. N., Marasabessy, R. H., Hidayat, W., Junaedi, E., & Masrizal. (2024). Quick response code Indonesia standard (QRIS) E-payment adoption: customers perspective. Cogent Business & Management, 11(1), 2316044. https://doi.org/10.1080/23311975.2024.2316044
  9. Herryani, M. R. T. R. (2023). Enhancing Legal Protection for Digital Transactions: Addressing Fraudulent QRIS System in Indonesia: Meningkatkan Perlindungan Hukum dalam Transaksi Digital: Mengatasi Sistem QRIS Palsu di Indonesia. Rechtsidee, 11(1), 10.21070/jihr.v12i1.990. https://doi.org/10.21070/jihr.v12i1.990
  10. Indonesia, B. (2019). Implementation of the National Standard Quick Response Code for Payments. Rules of the Board of Governors (p . No.21/18/PADG/2019). Jakarta: Bank Indonesia.
  11. Otoritas Jasa Keuangan. (2023). Peraturan Otoritas Jasa Keuangan Republik Indonesia Nomor 22 Tahun 2023 tentang Pelindungan Konsumen dan Masyarakat di Sektor Jasa Keuangan. https://ojk.go.id/id/regulasi/Pages/POJK-Nomor-22-Tahun-2023.aspx
  12. Purwatiningsih, A. P., Fitria, S., Indriani, A., & Kuriawan, C. S. (2025). Adoption of QRIS digital payment in Indonesia and Malaysia: A technology acceptance and knowledge perspective. International Journal of Innovative Research and Scientific Studies, 8(6), 704–713.
  13. Rahayu, T. P. (2024). Analisis Perlindungan Hukum bagi Pelaku Usaha Penyedia Sistem Pembayaran Qris (Quick Response Indonesian Standard) berdasarkan Undang-Undang Nomor 8 Tahun 1999. Proceedings Series on Social Sciences & Humanities, 17, 444–449.
  14. Rahman, A. (2024). Financial Inclusion through Technological Advancements in Banking Institutions: An Analytical Review. Advances: Jurnal Ekonomi & Bisnis, 2(3), 163–173. https://doi.org/10.60079/ajeb.v2i3.303
  15. Santika, A. Z., Musyaffi, A. M., & Zairin, G. M. (2024). Factors influencing the adoption of QRIS digital payments in MSMEs. Jurnal Akuntansi, Perpajakan Dan Auditing, 5(1), 172–187. https://doi.org/10.21009/japa.0501.13
  16. Sarkhi, M., & Mishra, S. (2024). Detection of QR Code-based Cyberattacks using a Lightweight Deep Learning Model. Engineering, Technology & Applied Science Research, 14(4), 15209–15216. https://doi.org/10.48084/etasr.7777
  17. Sasra, A. D., & Baidhowi, B. (2025). Perlindungan Hukum Dalam Transaksi Nontunai Berbasis Quick Response Code Indonesian Standards (QRIS) Berdasarkan Perspektif Hukum Perbankan. Jurnal Ilmiah Nusantara, 2(4), 266–274. https://doi.org/10.61722/jinu.v2i4.5030
  18. Sharevski, F., Devine, A., Pieroni, E., & Jachim, P. (2022). Phishing with malicious QR codes. Proceedings of the 2022 European Symposium on Usable Security, 160–171.
  19. Sharevski, F., Mossano, M., Veit, M. F., Schiefer, G., & Volkamer, M. (2024). Exploring phishing threats through QR codes in naturalistic settings. Symposium on Usable Security and Privacy (USEC) 2024, 208, 1–25. https://doi.org/10.14722/usec.2024.23050
  20. Singkeruang, A. W. T. F., Susanto, S. E., & Saeni, N. (2025). Mitigating the Risk of Qushing Threats (QR Phishing) using the Security Behavior Intentions Scale (SeBIS) in supporting digital economic security. Paradoks: Jurnal Ilmu Ekonomi, 8(2), 685–696. https://doi.org/10.57178/paradoks.v8i2.1196
  21. Suseno, F. (2025). Evaluating QRIS Adoption: a pathway to inclusive digital payment for indonesia MSMEs. GIC Proceeding, 3, 93–103. https://doi.org/10.30983/gic.v3i1.850
  22. Tandel, S., Chordiya, J., & Patil, P. S. H. (2025). Tricked by the Square: Investigating the Rise and Reach of Quishing Attacks. No. April.
  23. Trad, F., & Chehab, A. (2025). Detecting quishing attacks with machine learning techniques through qr code analysis. ArXiv Preprint ArXiv:2505.03451. https://doi.org/10.48550/arXiv.2505.03451
  24. Utami, N. (2025). Adopsi pembayaran digital melalui QRIS dan dampaknya terhadap kinerja finansial UMKM di Daerah Istimewa Yogyakarta. TRANSAKSI, 17(1), 1–13. https://doi.org/10.25170/transaksi.v17i1.7116
  25. Wang, Z., Zhu, H., & Sun, L. (2021). Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities, and Attack Methods. IEEE Access, 9, 11895–11910. https://doi.org/10.1109/ACCESS.2021.3051633
  26. Weinz, M., Zannone, N., Allodi, L., & Apruzzese, G. (2025). The impact of emerging phishing threats: Assessing quishing and llm-generated phishing emails against organizations. Proceedings of the 20th ACM Asia Conference on Computer and Communications Security, 1550–1566. https://doi.org/10.1145/3708821.3736195
  27. Windani, S., Fakhirah, P., Saleh, F., & Alamsyah, M. (2025). Legal Protection of Personal Data in Electronic Transactions through the QRIS Payment System in Indonesia. Proceedings of International Conference on Islamic Community Studies, 818–824. https://proceeding.pancabudi.ac.id/index.php/ICIE/article/view/581