“Factors influencing the effectiveness of credit card fraud prevention in Indonesian issuing banks”

The increase in online credit card transactions in the digital era has caused an increase in credit card cyber incidents. This is happening globally, including in Indonesia. Thus, it will affect a bank’s reputation as well as its financial losses. Therefore, optimal fraud risk management is needed in a banking effort to prevent credit card fraud. In response, this article intended to study credit card fraud prevention by examining the relationship between digital security required for customer data security; fraud brainstorming to identify process weaknesses; and compliance management to manage regulatory compliance. The next step was to test whether the anti-fraud specialist is competent to moderate this relationship. This study used a quantitative approach. This study included 27 Indonesian card issuers. Primary sources were used to collect data for this study. The primary data were analyzed using a structural equation model (SEM). The results of the study show that digital security, fraud brainstorming, and compliance management were positively and significantly related to the prevention of credit card fraud, at a significance level of 5%, the t-statistic has a numerical value of 6.161, 5.079, and 5.98 each. Furthermore, testing the moderating effect obtained t-statistic values of 7.330, 4.161, and 7.694. Competency results obtained with positive and significant influence moderate the relationship between these factors and credit card fraud prevention. These findings have policy implications for banking and government objectives in fighting credit card fraud through implementing prevention strategies.


INTRODUCTION
According to FST Media (2016) in the Economics of Fraud Survey, Indonesia has a high rate of credit card fraud due to its high online banking activity.As a country in Asia Pacific, Indonesia ranks 4.6 out of 5, where 5 is the worst.Indonesia is at high risk of credit card fraud by 86%, China by 70%, and Malaysia by 65%.Based on the AKKI (Indonesian Credit Card Association) report, banks in Indonesia suffered losses due to credit card fraud in 2007, reaching around IDR 70 billion.Similarly, 14 members of the EDC data breaching syndicate were arrested in 2011 for stealing up to 81 billion IDR from customer credit card balances.
In dealing with cybercrimes including credit card fraud, a strong information security management system is needed, which is built on three pillars: people, process, and technology.The condition that is happening in Indonesia is that currently Indonesia still needs 10 thousand cybersecurity experts through optimizing existing resources, including in the banking world, to anticipate carding attacks that continue to increase in Indonesia.Internal auditors, compliance func-tions, and risk management as competent specialists are expected to have CFE or CISA qualifications and understand digital and cybersecurity, to combat technology-based fraud including carding.The aim is to oversight, assess the effectiveness of the anti-fraud program, and report the effectiveness of risk management to the Board of Directors, considering that cyberattacks in carding are very high and involve a lot of losses related to data security (ITG.ID, 2019).
From the Indonesian Cyber and Crypto Security Technology department, it was stated that in dealing with the rise of carding as a form of cybercrime, the concept of cyber development is needed, where the forming element is the development of specialist competencies, in addition to process and technology.In fulfilling specialist competencies to handle card security; cybersecurity literacy, workshops and knowledge sharing or brainstorming, fraud examiner certification, digital security for cyber incidents and awareness related to personal data protection, are required.In Indonesian banking practice, categorizing and identifying the risks of credit card fraud is not an easy thing to do, considering the complexity and dynamics of credit card fraud schemes.Lack of reliability and accuracy of data, as well as an understanding of providing categories and calculating losses, can lead to different interpretations in assessing the risk of credit card fraud in the banking industry.Likewise, digital security in banking in Indonesia is still considered weak, such as in dealing with identity theft from credit card customers or carding, where the mode is increasingly sophisticated.In addition, various bank fraud cases including carding were also acknowledged by Bank Indonesia to occur due to weak internal controls and compliance management, so banks need to rearrange internal controls by optimizing fraud risk management.Therefore, how to improve digital security, strengthen compliance management, fraud brainstorming and anti-fraud specialist competencies are important issues for issuer banks in Indonesia that must be anticipated to prevent credit card fraud from continuing to increase.

LITERATURE REVIEW AND THE HYPOTHESES
The emergence of various forms of cybercrime, especially carding, which involves credit card transactions, in the digital era is a negative side of the development of society and the fact is that crime is always developing, along with the development of society (Sidoti & Devasagayam, 2010).Because of that, along with the emergence of cybercrime, efforts to prevent and deal with it are important issues (Lee, 2019).
The development of a digital society (digital society), which has high expectations for a perfect customer experience, the availability of good infrastructure, demands effective service and protection of sensitive data, namely customer data.Digital security is needed to protect customer assets as valuable assets in cyberspace.This asset refers to company resources, which will face cyber threats and then need protection from these cyber threats (Badadare et al., 2018).For this reason, a digital security system that is managed properly is needed well, including in tackling credit card fraud.Companies that use compliance management to ensure compliance with rules through certain system mechanisms must be supported by senior leaders to reduce fraud (Coglianese & Nash, 2021).Another study also suggests that a certain system, namely an automated knowledge-based compliance management system, is needed to overcome the limitations of special personnel in studying the rules that become standard compliance in companies, including anti-fraud compliance (S.Kim & Y. Kim, 2017).
Several previous researchers found that fraud brainstorming has an influence on fraud risk assessment as an effort to prevent fraud (Carpenter, 2007;Mohd-Nassir et al., 2016).Brainstorming will improve the accuracy of judgments in assessing fraud risk to prevent fraud.In addition, a study by Dewi et al. (2023) explains that the fraud risk management team using the brainstorming method can provide a more accurate credit card fraud risk assessment as an effort to prevent fraud, especially in terms of its causes.fraud and the impact of credit card fraud.Fraud brainstorming helps to discuss the emergence of fraud, detail fraud, and think like a fraudster so that you can find strategies to prevent and anticipate fraud.Talamantes (2020) further shows that knowledge sharing between anti-fraud specialists is very important.This is because cybercriminals will find data and software vulnerabilities that are used at any time, including in the banking industry.Therefore, experts must share information to face challenges and determine reactions to potential cybercrime threats such as carding related (Viswanathan et al., 2005).
The competence of specialists who control anti-fraud banks can strengthen the link between digital security, compliance management, and fraud brainstorming on fraud prevention efforts, including credit card fraud.Pearson  which helps explain the relationship between principals (shareholders) and stewards.This theory explains that the agent as a steward believes that personal needs will also be fulfilled by themselves by fulfilling the principal's interests for the progress of the company.This can be achieved because the agent has good competence.
Another theory is that put forward by Neumann and Morgenstern.This theory consists of rules that create competitive situations to maximize one's winnings.Game theory is defined as a study model of conflict and cooperation among rational decision makers, where this technique is used to analyze situations in which two or more people make decisions that may affect their well-being (Myerson, 2002).Banks can use this game theory to explain that digital security uses analysis where fraud perpetrators will choose a certain level of fraud (Vatsa et al., 2007), and vice versa, banks will also create certain security systems that can compensate for fraudster strategies in committing fraud.
Another factor, namely compliance management, can also be explained by signaling theory.This theory is to explain the existence of a condition when two parties (individuals and companies) have access to different information.The sender or giver of the signal will choose what and how to communicate information, and the receiver will choose how to interpret the signal (Connelly et al., 2011).Signaling theory can be related to the importance of compliance management in the banking system.
The brainstorming fraud factor can be explained by Social Judgment theory.An individual's attitude towards a particular issue results from a process of consideration that occurs within them towards the issue at hand (Hovland & Sherif, 1980).
In general, it can be explained that knowing someone's motivation to do carding in taking a fraud prevention strategy is very important.Several factors that cause the possibility of external and internal bank actors committing crimes are pressure, opportunity, rationalization, ability, arrogance, and collusion.Collusion between the two parties to commit fraud on third parties can cause changes in employee culture and behavior from honest to dishonest (Vousinas, 2019).
For this reason, this study tries to broaden the scope by integrating all variables related to people, process and technology, to handle carding related credit card transactions.Based on the various opinions above, this study tries to analyze whether factors such as digital security, fraud brainstorming, compliance management, competency of anti-fraud specialists can influence the effectiveness of credit card fraud prevention.Therefore, the hypotheses are as follows: H1: Digital security has a positive effect on credit card fraud prevention.
H2: Compliance management has a positive effect on credit card fraud prevention.
H3: Fraud brainstorming has a positive effect on credit card fraud prevention.
H4: Competence of an anti-fraud specialist has a positive effect as a moderator of the relationship between digital security and credit card fraud prevention.
H5: Competence of an anti-fraud specialist has a positive effect as a moderator of the relationship between compliance management and credit card fraud prevention.
H6: Competence of an anti-fraud specialist has a positive effect as a moderator of the relationship between fraud brainstorming and credit card fraud prevention.

RESEARCH METHODOLOGY
This study used a quantitative design with descriptive research methods to describe phenomena according to the identified variables.It was designed to provide systematic information.The researchers decided to use a survey because it is the most widely used and effective strategic tool in economic and business research (Sekaran & Bougie, 2016).Surveys are also a tool for collecting quantitative data in an effective and systematic way so as to run statistical tests and obtain generalizable results (Bryman, 2016).
This research sample was taken based on the non-probability sampling method through total quota sampling, namely sampling, with the entire population from the unit of analysis determined by the researcher.The unit of analysis or members of this research population are 27 credit card issuing banks in Indonesia with the observation units being banking committee members that supervise anti-fraud controls.They supervise a Risk Management, Compliance, and Internal Audit Unit in the Credit Card Business.Because it involved the practice of implementing fraud prevention at each bank, the identities and responses given by respondents through this questionnaire were kept confidential.63 questionnaire questions were analyzed to determine research findings.The respondents recorded the implementation of digital security practices, fraud brainstorming sessions, compliance management and competence of anti-fraud control units at their respective banks.Participants were also asked to provide details regarding position in the company, participation in anti-fraud training and ownership of Fraud Examiner Certificates.
In filling out this research survey, all 215 respondents were asked to provide answers in the form of levels of approval and disapproval of questions on a Likert response scale consisting of 5 points, namely with a score range of 5 for strongly agree, to a score of 1 for strongly disagree.
Furthermore, as a method of analysis, the

Hypothesis test
The criteria for testing the hypothesis in this study is a significance level (α) of 5% and is determined by the following criteria: • the hypothesis is accepted if t-test > t-table (1.96); • the hypothesis is rejected if t-test < t-table (1.96).
The P-value can also determine the hypothesis test, with these criteria: • the hypothesis is accepted if P-value < 0.05; • the hypothesis is rejected if P-value > 0.05.

Conversion to the equation system
The path diagram conversion can be explained in the equation as follows: where Y = Credit Card Fraud Prevention; X 1 = Digital Security; X 2 = Compliance Management;

RESEARCH RESULTS
In demographic survey, the results showed that there were 50 people (23%) in the Compliance Unit Supervision, 99 people (46%) in the Risk Management Unit Supervision, and 66 people (31%) in the Internal Audit Unit Supervision.There were 96 (45%) males and 119 (55%) females, of which 177 people (82%) were graduates, 23 people (11%) were postgraduates, and 15 people (7%) had diplomas degrees.Related to the age of the respondents, 45 people (21%) were under the age of 30, 104 people (48%) were between the ages of 31 and 40, 66 people (31%) were over the age of 40.
The next was validity test as a stage of the outer model analysis (see Table 1).The structural model test in this study was carried out with the R-square value.According to Ozili (2023), the R-Square Category is 0-0.09= weak, 0.10-0.50= moderate, and 0.51-0.99= strong.Moreover, the Goodness of Fit (GoF) was calculated for the model as follows: 2 0.723 0.780 0.751.
Based on Hair's criteria, it was concluded that the research model formed was good (> 0.36), namely 0.751.

HYPOTHESIS TESTING
Hypothesis testing used 5,000 bootstrapped samples with a 95 percent confidence interval.The results of data processing and bootstrap in the SEM-PLS analysis show that the relationship hypothesized in the formal research model is statistically significant, because the p-value is less than 0.05, reaching the required level at 95% reliable.In other words, the hypothesis in the research model is accepted.
The results of the sample bootstrapping are presented below.
H1: Digital Security.Based on Table 4, the t-statistics value is greater than the t-table, namely 5.079 > 1.96 at a significance level = 5%.In addition, the p-value (0.027) < 0.05 then H 0 is rejected.The compliance management has a significant effect on fraud prevention.
Based on Table 4, the value of the t-statistics is greater than the t-table, namely 5.98 > 1.96 at a significance level = 5%.In addition, the p-value (0.00) < 0.05 means that H 0 is rejected.Fraud brainstorming has a significant effect on fraud prevention.

H4: Digital Security was moderated by
Competence of an anti-fraud specialist.
Based on Table 4, the t-statistics value is greater than the t-table, namely 7.330 > 1.96 at a significance level = 5%.In addition, the p-value (0.005) < 0.05 means that H 0 is rejected.Competence has a significant effect as a moderator of the relationship between digital security and fraud prevention.
H5: Compliance Management System was moderated by Competence of an anti-fraud specialist.
Based Table 4, the t-statistics value is greater than the t-table, namely 4.161 > 1.96 at a significance level = 5%.In addition, the p-value (0.031) <0.05 means that H 0 is rejected.Competence has a significant effect as a moderator of the relationship between compliance management on fraud prevention, or competence can strengthen the relationship between compliance management and credit card fraud prevention.
H6: Fraud Brainstorming was moderated by Competence of an anti-fraud specialist.
Based on Table 4, the t-statistical value is greater than the t-table, namely 7.694 > 1.96 at a significance level = 5%.In addition, the p-value (0.004) < 0.05 means that H 0 is rejected.It means that competence has a significant effect as a moderator of the relationship between fraud brainstorming and fraud prevention.

DISCUSSION
The next is the discussion to find out the estimation results of the statistical data processing with applicable theory and practice.
Hypothesis testing showed that digital security has a significant positive effect on credit card fraud prevention; the higher the digital security, the higher the credit card fraud prevention.So, this study is in accordance with research from Auchey (2020), maintaining digital security requires data analytics to prevent potential threats to technological systems.This is where agency theory becomes the basis for understanding the strategy of company management in maximizing the use of data analytics, both for the audit process and for fraud prevention, so as to reduce operational costs due to the impact of fraud losses that arise.

Shiva et al. (2010)
explained that game theory is a potentially good solution for managing dynamic analytical mechanisms in digital or cybersecurity because, although there are advances in information technology in securing digital aspects (confidentiality, integrity, and availability of data security), they still cannot keep up with cybercrimes such as dynamic credit card data theft.
In practice, issuing banks in Indonesia need to improve data authentication mechanisms, as well as more continuous audits of system access.The entire digital security process must comply with the banking code of ethics, local guidelines, Information Security Management System (SMKI), and international (PCI DSS, NIST Framework).The SMKI uses SNI (Indonesia National Standard) and ISO/IEC 27001:2013 rules which are information security guidelines that explain the requirements for creating, implementing, analyzing, maintaining, and documenting information to keep it safe.
Currently, digital security governance in Indonesia is still partial, so the handling of cybersecurity issues is not yet integrated.This makes cyber threats even more real, such as data security in credit card businesses.For this reason, up-to-date IT Governance and a comprehensive GRC are needed to create awareness regarding best practices in cybersecurity to reduce the risk of cyber fraud.
Therefore, cybercrimes such as carding as a form of credit card fraud in cyberspace require preventative action.This preventive action is urgently needed because issuing banks in Indonesia are still lacking in protecting cardholders' personal data through their digital and cybersecurity, under the umbrella of the Personal Data Protection Law.
Based on the test results, it is known that the compliance management had a significant positive effect on fraud prevention and provided positive results.These results support the research hypothesis through empirical evidence that the better the compliance management, the better the fraud prevention.According to Holt et al. (2016), signaling theory is used as a basis for seeing whether there are detectable signals from actions that lead to fraud, by using compliance management.This is mainly performed by forensic accountants or auditors to catch indications of fraud, so that fraud can be prevented.
Survey results on issuing banks in Indonesia show that there is a need to improve a number of things, such as a culture of communication and compliance.Company ethics and legal requirements must be implemented, not just as an empty item on the checklist, but as a compliance culture in action.As explained in PBI 13/2/PBI/2011, compliance management functions to formulate strategies to encourage the creation of a culture of compliance, ensure systems, and company procedures comply with the law.
The survey results showed that fraud brainstorming had a significant positive effect on fraud prevention.According to Brazel et al. (2010), two or more auditors who interact with each other, either between auditors or with groups outside them, can influence the success of making fraud prevention policy formulations.Based on social judgment theory, it can support the success of fraud brainstorming in developing fraud prevention strategies.
From the survey results, fraud brainstorming has been carried out in issuing banks in Indonesia but is not continuous, especially in discussing the audit plan design.In practice, the brainstorming that has been carried out at this time is mostly carried out after the occurrence of fraud, which is based on cardholder reports.This causes an increase in the burden of reserves for losses as a bank risk expected loss due to fraud.
According to the empirical results obtained based on the survey, there are several dimensions that need improvement, namely fraud brainstorming related to assessing the environment, assessing data, assessing employees, and assessing the process.
In line with previous research, there are weaknesses in the detailed discussion regarding the several dimensions above that can make banks less focused on strategic planning sessions to obtain ideas related to cyber risk mitigation (Hubs, 2012) Research results proved, the influence of compliance management on credit card fraud prevention is strengthened by competence.Quick and Sayar (2021) argue that a bank's compliance management can achieve its goal of systematically preventing and sanctioning violations of company regulations if the competence of its supporting specialists is strengthened.Based on agency theory, agents can take different actions from the goals set by the principals.This will have a bad impact on the company if the principal has poor skills to anticipate it.Specialist skills are needed to oversee optimal compliance management implementation.
Research results also proved that the effect of fraud brainstorming on fraud prevention is strengthened by the competence of anti-fraud specialists.
Brainstorming can help anti-fraud specialists to identify the types of fraud based on the evidence gathered.

CONCLUSION
The findings of this study show that in preventing credit card fraud in Indonesian banks, factors such as digital security, compliance management, and fraud brainstorming are needed, which are strengthened by the competence of anti-fraud specialists.From the results of this study, it can be explained that the first factor is increasing digital security through data analytics security, which is useful for preventing potential threats to technology systems.The second is a compliance management to get to know customers, manage risks using a compliance dashboard, and organize multiple layers of defense to prevent carding.The third is fraud brainstorming which must be carried out regularly and with quality to help specialists improve the quality of fraud consideration.The success of making fraud prevention policy formulations can be affected by this interaction.
Improving digital security, compliance management, optimizing brainstorming, which is strengthened by the competence of anti-fraud specialists, are important things to maximize fraud prevention efforts in the credit card business in Indonesia.These competencies can be improved through professional training.The achievement of these conditions can have a significant impact on the proper management of fraud risk, including eradicating money laundering crimes in various modes, including through credit card fraud.
All the factors mentioned must be supported by strong competency factors from anti-fraud specialists.Competence can ensure good quality banking IT governance, strengthen the relationship between digital security and fraud prevention, overcome weaknesses in understanding local and international regulations related to payment card security standards, understand the use of big data, strengthen the effectiveness of knowledge sharing with specialists to realize optimal fraud prevention.
Fraud Brainstorming; Z = Competence; β 1 = Digital Security path coefficient to Credit Card Fraud Prevention; β 2 = Path coefficient of compliance management to Credit Card Fraud Prevention; β 3 = Coefficient of the Fraud Brainstorming Path to Credit Card Fraud Prevention; β 4 = Competency path coefficient for Credit Card Fraud Prevention; β 5 = Digital Security path coefficient moderated by Competence; β 6 = Compliance Management path coefficient moderated by Competence; β 7 = Fraud Brainstorming path coefficient with moderation by Competence; and ζ 1 = other factors' influence.

Table 1
showed the convergent validity test after reduction.It can be seen from the loading factor values and average variance extracted (AVE).
And after reducing some of the lowest indicators (X3.2.2, Y.3.3,Y.4.3, Y.4.4,Y.4.6), all remaining indicators are tested and declared valid since they have a loading factor greater than 0.5.Some of these indicators were not used because they were considered less representative in explaining the factors that make credit card fraud prevention more effective.Cronbach'sAlpha and Composite Reliability (CR) are performed to test construct reliability.Thus, it will be seen that all indicators are reliable and

Table 1 .
Convergent validity test

Table 1 (
cont.).Convergent validity testconsistently measure their respective variables.This test is useful for the various factors influencing credit card fraud prevention at Indonesian issuing banks.

Table 2
above shows that all research variables have CR values greater than 0.7 and Cornbach's Alpha values greater than 0.6.

Table 2 .
Reliability test

Table A5 .
Variable description of Credit Card Fraud Prevention