Security Risk Analysis of QRIS Implementation in Public Locations Using ISO 31000:2018 Framework
DOI:
https://doi.org/10.30871/jaic.v9i4.9877Keywords:
QRIS, ISO 31000:2018, Risk Management, Digital Payment Systems, Public SpacesAbstract
This study aims to analyze the security risks associated with the implementation of the QRIS (Quick Response Indonesia Standard) payment system in public spaces and provide appropriate mitigation recommendations. The research employs a case study approach with a qualitative research design to explore the perceptions of users and business owners regarding the potential risks involved. Data were collected through semi-structured interviews, risk perception surveys, and document analysis related to QRIS security policies and practices. The findings reveal that the primary risks faced by users and business owners include QR code manipulation, social engineering attacks, unstable internet connections, and low digital literacy. Based on the identified risks, the study suggests several mitigation strategies, including the use of dynamic QRIS, user security education, infrastructure improvements, and the implementation of regular audits. In conclusion, to enhance security and user trust in QRIS, a comprehensive approach is needed, incorporating technical, procedural, and educational aspects in an integrated manner.
Downloads
References
[1] D. N. Kristanty, “Tren dan Tantangan Keamanan Bertransaksi dengan Qris dalam Era Transformasi Sistem Pembayaran Digital,” J. Syntax Admiration, vol. 5, no. 10, pp. 3923–3933, Oct. 2024, doi: 10.46799/jsa.v5i10.1538.
[2] H. Lonardi and N. Legowo, “Analysis of Factors Affecting Use Behavior of QRIS Payment System in DKI Jakarta,” 2021.
[3] L. Fauziyah and M. I. Prajawati, “Persepsi dan Risiko QRIS sebagai Alat Transaksi Bagi UMKM,” Ekon. J. Econ. Bus., vol. 7, no. 2, p. 1159, Sep. 2023, doi: 10.33087/ekonomis.v7i2.987.
[4] Musa F. Silaen, Sepbeariska Manurung, and Christine D. Nainggolan, “Effect Analysis Of Benefit Perception, Ease Perception, Security And Risk Perception Of Merchant Interest In Using Quick Response Indonesia Standard (Qris),” Int. J. Sci. Technol. Manag., vol. 2, no. 5, pp. 1574–1581, Sep. 2021, doi: 10.46729/ijstm.v2i5.313.
[5] A. N. Fadilla, “Preferensi Konsumen Terhadap Penggunaan Sistem Pembayaran Non Tunai QR CODE Indonesia Standart (QRIS): Studi Kasus di Kota Tegal,” Sosio E-Kons, vol. 14, no. 3, p. 293, Dec. 2022, doi: 10.30998/sosioekons.v14i3.13654.
[6] L. W. Hawu, M. Ratu, and F. W. Ballo, “Implementasi Transaksi Non Tunai Qris Di Desa Detusoko Barat Kabupaten Ende,” Res. J. Account. Bus. Manag., vol. 6, no. 2, p. 203, Dec. 2022, doi: 10.31293/rjabm.v6i2.6655.
[7] R. S. Alfani and K. R. Ariani, “Pengaruh Persepsi Manfaat, Persepsi Kemudahan, Risiko Dan Kepercayaan Terhadap Keputusan Menggunakan Uang Elektronik (QRIS),” vol. 08, no. 01, 2023.
[8] A. Gunawan, A. F. Fatikasari, and S. A. Putri, “The Effect of Using Cashless (QRIS) on Daily Payment Transactions Using the Technology Acceptance Model,” Procedia Comput. Sci., vol. 227, pp. 548–556, 2023, doi: 10.1016/j.procs.2023.10.557.
[9] F. Rahmawati and S. Merlinda, “The effect of perceived benefits,ease of use, and risk on culinary MSMEs’ interest in utilizing QRIS,” J. Bus. Bank., vol. 14, no. 1, pp. 19–38, Oct. 2024, doi: 10.14414/jbb.v14i1.4674.
[10] C. T. Tatian, Nurabiah, R. Ridhawati, and H. T. P. Thao, “From wallets to screens: Exploring the determinants of QRIS payment adoption among Millennials in Eastern Indonesia,” JEMA J. Ilm. Bid. Akunt. Dan Manaj., vol. 21, no. 1, pp. 87–113, Apr. 2024, doi: 10.31106/jema.v21i1.21712.
[11] S. Sahibu, A. Sakti, and A. Iskandar, “Risk Management Analysis of SMK Telkom Makassar’s Integrated Academic Information System in Compliance with ISO 31000 Standards,” Ingénierie Systèmes Inf., vol. 29, no. 1, pp. 205–218, Feb. 2024, doi: 10.18280/isi.290121.
[12] Tierza Widy Chrisanty and J. Tambotoh, “Analisis Manajemen Risiko Sistem Informasi Menggunakan ISO 31000:2018 di PT. XYZ,” ZONAsi J. Sist. Inf., vol. 5, no. 2, pp. 371–380, Jun. 2023, doi: 10.31849/zn.v5i2.13198.
[13] T. Sendjaja, D. J. Rachbini, R. Astini, and D. Asih, “The Effectiveness of QRIS Transaction Implementation During the COVID-19 Pandemic,” Int. J. Sci. Soc., vol. 5, no. 5, pp. 871–878, Dec. 2023, doi: 10.54783/ijsoc.v5i5.952.
[14] R. F. Chandra, H. Satria, P. D. Novrina, F. B. Nasution, and E. Setiawan, “Pengendalian Internal Atas Penggunaan Sistem Pembayaran Quick Response Code Indonesia Standart (QRIS) Pada UMKM Kepripunyecerite,” J. Ilm. Raflesia Akunt., vol. 10, no. 2, pp. 772–778, Oct. 2024, doi: 10.53494/jira.v10i2.606.
[15] M. R. Navri, S. Semaun, and M. K. Zubair, “Effectiveness of Using the Indonesian Standard Quick Response Code (QRIS) to Ease Transactions at Paddy’s Market, Kendari City,” vol. 6, no. 2, 2024.
[16] B. Widyawan, A. Barlian, J. Haryanto, and M. Haddad Bayhaqi, “Exploring the Benefits and Barriers of QRIS Adoption Among Micro Businesses in North Bogor,” J. Account. Finance Manag., vol. 5, no. 4, pp. 636–643, Sep. 2024, doi: 10.38035/jafm.v5i4.740.
[17] C. Wirabuana, R. Marbanie, D. I. Sensuse, D. Sumirat Hidayat, and E. H. Purwaningsih, “Perceptions of the Use of Quick Response Code Indonesian Standard (QRIS) for Payment and its Impact on Consumer Behavior,” J. Sist. Inf., vol. 20, no. 2, pp. 1–17, Oct. 2024, doi: 10.21609/jsi.v20i2.1416.
[18] C. Catal, A. Ozcan, E. Donmez, and A. Kasif, “Analysis of cyber security knowledge gaps based on cyber security body of knowledge,” Educ. Inf. Technol., vol. 28, no. 2, pp. 1809–1831, 2023.
[19] S. A. Dewi, “Analisis Manajemen Risiko Terhadap Hadirnya QRIS Sebagai Alat Transaksi Bagi UMKM,” vol. 13, no. 9, 2025.
[20] T. Duběda, “Risk perception and risk management in legal translation: a questionnaire survey,” Perspectives (Montclair), pp. 1–17, Sep. 2024, doi: 10.1080/0907676X.2024.2386447.
[21] A. Z. Yonatan, S. Susanto, P. Sukapto, T. Y. M. Zagloel, and E. Timotius, “Navigating Risks with ISO 31000 for A Sustainable Future: A Strategic Approach in The Indonesia Textile Industry,” Manag. Syst. Prod. Eng., vol. 33, no. 1, pp. 82–92, Mar. 2025, doi: 10.2478/mspe-2025-0009.
[22] L. Purwanti, I. Triyuwono, G. Maski, D. Pusposari, A. Prakoso, and M. Ibrahim, “The impact of ISO 31000 adoption on the performance of banking companies in Indonesia,” Cogent Bus. Manag., vol. 12, no. 1, p. 2507222, Dec. 2025, doi: 10.1080/23311975.2025.2507222.
[23] M. Aprikasari, L. Benedicta, N. A. Adrielvino, and A. T. Ayunda, “Penerapan ISO 31000:2018 untuk Manajemen Risiko IT pada Sistem Penerbitan PT. X,” J. Inf. Sains Dan Teknol., vol. 7, no. 2, pp. 154–167, Dec. 2024, doi: 10.55606/isaintek.v7i2.269.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 M. Fadhli Ma'arif, Melwin Syafrizal, Jeki Kuswanto, Aiko Nur Hendry Yansyah
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) ) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
