Endgame with Gita Wirjawan - How AI-Enabled Organized Crimes & Systemic Scams Work - Niki Luhur
Episode Date: March 7, 2026AI’s greatest disruption may not be automation — but trust. From deepfakes and adversarial attacks to cyber fraud funding organized crime, the risks are no longer theoretical. In an age where cont...rolling your own data feels increasingly impossible, Niki Luhur (Founder & Group CEO, VIDA), argues that only a zero-trust redesign of digital systems can prevent the next systemic crisis.Learn how to protect yourself and your business in the age of scamdemics: https://vida.id/en/wheresthefraud#Endgame #GitaWirjawan #NikiLuhur------------------Get your copy of Gita Wirjawan’s book, “What It Takes: Southeast Asia”, NOW: https://sgpp.me/what-it-takes-ytAnd leave your review here:https://www.goodreads.com/book/show/241922036-what-it-takes------------------Watch Niki’s first episode on Endgame:https://youtu.be/yIGS5ZXVnJU?si=6zgyvMmnu7QyA91CYou might also like:https://youtu.be/HXM089acVZ0?si=q_BgjGBqKpiSQMuthttps://youtu.be/xUdCSq4W1Kk?si=_Kf4OrGHH2M6wwayhttps://youtu.be/yln9TcNRw8w?si=vn3EBVY4110IsIr3------------------
Transcript
Discussion (0)
We lose trust, and our economy and our digital economy, especially in this case, can move backwards.
If you still believe that a password is a secure factor, that's definitely very questionable, but it's still accepted.
If you believe that a SMSOTP is also a secure factor, the proof is the majority of the fishing and the biggest threat,
today, the number one attack method or vector is through fishing.
And what are they fishing for?
They're fishing for that SMS with TP.
They will be weaponized.
Already has been.
Already has been.
Geopolitics is also intertwined today with cyber-related risks,
whether it's cyber espionage, it's spread of disinformation,
or it's literally cyber-enabled fraud and identity theft used to fund
nuclear weapons programs. I mean, it sounds crazy, but it's actually true. I don't believe it's
enough to say, well, we need to educate the consumer. I believe that the call to action is to step in
and say, we need to change the system. Hi, friends. It's a pleasure to tell you that my book,
What It Takes Southeast Asia, has been released in English and Bahasa Indonesia. You can buy it through
books.endgame. ID or at any of these stores. Now back to the show.
This is Gita Wideawat. I don't usually do endorsements like this,
but this opportunity is only for people who trust my judgment. If you believe that,
this is a deep thick and next time there may be no warning.
Hello, time. Today, today we're coming Nikki Luhur,
with a time to my Godfey
as founder and the pinpinan
from Vida.
Nikki, so good to see you.
Good to see you again, Pagita.
Welcome back.
It's been around four years
since we last talked on a podcast.
Let's talk about AI.
What's your general
view about AI?
I mean, as
everyone has talked about
the incredible
advancements of
you know, essentially
the democratization of intelligence.
It's not just about access to information
of what the internet has brought,
but I think we've seen very materially
since we last book four years ago.
I mean, it was at a nascent, almost conceptual stage.
So now it's everyday, everyone can and probably is using AI to some degree.
And the rate of improvement is just,
going exponentially.
I mean, one of the simple statistics is the state of the art
technologies, right, each model,
there's a half-life of how fast it's moving.
You know, GPT4 stood, you know,
at the top of the game for maybe about 12 months.
And if you fast forward to the most recent models being released,
now they're probably being outpaced and redundant,
or being a new state of the art is coming out every two weeks.
So even in the past year, I don't think we fully comprehend the exponential curve that we're really facing.
It's just hard for us to think in those, in that time frame.
So we're still in the very early days.
And yet, I don't think we fully grasp.
how fast things are moving and how much faster they will continue to move.
So there's a lot of promise.
I think personally,
I love the fact that there's a lot more focus on things like personalized health.
And being able to leverage AI to give me a fully custom tailored view
on all of my reports,
all my diagnostic,
all of my vitamins,
my supplements and my diet, my nutrition,
it actually can synthesize all of those micro signals.
Right?
Because if we think about health, I mean, let's think about the foundations.
You know, it comes down to your sleep and you have devices that help track our sleep,
our exercise, our nutrition.
And there isn't these sort of blunt force approaches anymore.
So I think there is a real promise that I'm very excited about for AI when it comes to
things like personalized health.
I think it was very much becoming a reality.
And especially if we start looking at, you know, even on the research side, things like
peptides and where that's going.
It's very, very exciting.
So I think there's an amazing view there at the same time professionally.
Since we're in the cybersecurity space, we directly see some terrifying things.
And, you know, some of the first.
fraud we used to see of deep fakes.
We would back then call them four years ago cheap fakes.
I mean, they're very laughable.
I mean, you can look at it and you could see,
that's clearly, you know, a fake.
That background does not look real at all.
That face swap is so rough.
It looks like, you know, a third grader cut, cut, you know,
and crafted a new ID by pasting someone's face, you know,
on an old ID.
to then what we've seen last year of generative AI,
stable diffusion models being used to craft extremely realistic deep fakes
and not just one at scale, rapidly, targeted, organized.
And not just all of that, but there are some that we've seen that are so sophisticated.
they actually have inserted what's called adversarial noise,
which is it looks like this grain in image,
but it's designed to attack AI models
that are trying to detect fraud.
So it's a counterattack that's embedded in the image itself,
which means the scammers, the fraudsters,
actually have a team of data science engineers behind them,
crafting this.
So that's what I think
has been
the big shift is there's such
a big polarity. The technology
is undeniable
of how fast it's improved,
how incredible it's improved.
But we've also seen really
positive and very negative
applications of that technology.
And
I think that's where
a lot of topics about
governance are coming
out. But that's the, I would say, the dual-sided coin of what AI has to bring in terms of promise
and also in terms of the concerns and the threats that are very real. This is not some theoretical
distant future threat. I mean, there's attacks that are emptying people's bank accounts and
their entire life savings today. Are we at a level where it is so simple to do it or only,
Only very finite numbers of people.
They can do it.
Anyone can do it today.
Oh, my gosh.
Anyone can do it.
You literally can download an application.
And within five minutes, create a hyper-realistic custom deep fake.
And in fact, we can make one of you, Bob.
I saw.
We made one of you just to show you and just to prove you.
And that was actually you, right?
Talking.
That was me talking.
what shows up is my face talking with my voice.
With your voice, a professional voice clone,
and every gesture from a hand gesture to my facial movements
or your facial movements,
because it's already been trained on your podcast data.
And it's, you only need, at least today,
and this will get better,
you only need about 15 minutes of a decent audio,
clip to make a professional voice clone of someone.
So this is where...
It could also scrape my thought processes that are online.
Well, because every single video that's online,
there's plenty of AI that can turn any video and any audio into transcripts
and then analyze your mannerisms, analyze the way you speak,
the topics you think about, your mental model,
how you dissect information,
your large views on geopolitics,
on the macro environment,
on infrastructure,
and of course your views on Indonesia
on Southeast Asia,
it can give a very concise summary today.
In fact,
I could probably just pull out chat GPT
and I could give you a summary of your views,
but.
When we're,
when,
We met four years ago, you probably didn't think it was going to go this fast, right?
No, you have some or better feel of the velocity and acceleration that this train is moving at.
Picture or draw a picture of what it's going to look like in five years.
Or it's unimaginable because it just might supersede anybody's expectations or anybody's reality.
I think going to five years is actually quite difficult nowadays.
But even thinking about what's going to happen in the next one or two years,
because we're in cybersecurity, we tend to think of the negative and the risks quite a lot.
How much can anyone be able to eyeball whether this is real or not?
I believe within a year or two will be near impossible.
So the spread and the risk, of course, if you talk about geopolitics, of misinformation,
is an incredibly large risk.
And in today's day and age, I don't think that we fact check or verify information being spread.
in a scalable way.
It's often just trust and not trust and verify.
And I think that's something that we need to structurally change
because those risks will become very large geopolitical risks.
These are not things that are small amateur issues anymore.
And they will be webbing.
It already has been.
It already has been, but I think even more so.
And not just weaponize at large, you know, political agendas or even state sanction agendas, but down to, you know, criminal organizations that are not at that level of a state level, but able to, you know, pose a very significant.
economic risk. In fact, I mean, this is the week of, I don't know, a bunch of people are in Davos today, right, for the World Economic Forum.
And the number one risk that, global risk that World Economic Forum, in fact, highlighted even then since we last talked four years ago,
cyber-related fraud and identity theft and cyber-related cybersecurity risk, infrastructure risk, we're already called out back then.
And if anything, it's become a bigger issue.
The number one issues that, of course, everyone's talking about today is definitely geopolitics.
But geopolitics is also intertwined today with cyber-related risks, whether it's cyber espionage,
it's spread of disinformation, or it's literally cyber-enabled fraud and identity theft used to fund nuclear.
weapons programs. I mean, it sounds crazy, but it's actually true. So even at the global scale,
you have this number one issue, but actually it's intertwined with these cybersecurity threats.
And the threats have actually, if we look at the evolution, especially in this last year,
there's been a lot of change and what has been the traditional threat of a traditional
cybersecurity threats, whether we're talking about ransomware attacks. Definitely still a big issue.
But CEO's number one concern today is cyber-related fraud and identity theft. And a lot of that
coincides with the advancement of AI technology and Gen AI and the ability to personalize
that attack, the ability for me to.
to take on a stolen identity and be able to create a hyper-realistic deep fake, visually, audio.
It's already extremely difficult.
And someone can do this in five minutes.
And if they're really good, they can do it in a minute.
And it's not hard.
So this is where fighting this problem will be an expert.
exponentially harder problem.
And I think that's where we need to flip a lot of the way we think about it as
opposed to just using, of course, there's AI versus AI and you continue to have, you know,
on our side, we build neural networks to do a lot of the fraud detection to analyze lots of
signals.
But on the other side, it's how do we actually rethink trust?
Yeah.
And a lot of it is being able to actually develop a clearer way to track provenance and a clear way to link that trust from the point of creation all the way through the distribution.
I want to pick up on geopolitics.
The world order has become much more multipolar.
than ever
or then maybe
10 years ago
and it's much more structured
it's more structured
it's more structured
in the sense that you can better identify
who's an enemy
who is a friend
and who can swing
and you know
pops in my mind just
some observations
with respect to what you've alluded to earlier
I just kept
thinking of vulnerabilities
whether you're a friend, a foe, or a swinger.
I'm in a camp that believes that Southeast Asia can swing between China and the West.
But the vulnerabilities with respect to Southeast Asia outside Singapore, of course, because they're just a high-income country.
The first vulnerability I keep thinking is the cognitive development.
of the citizenry, right?
To the extent that
you know, the people are not well educated,
you combine that with the ability of anybody
with a funny idea to spread misinformation,
much less disinformation,
which is essentially misinformation on steroids.
The vulnerability is there, structurally.
That's the first vulnerability that I can point out.
And unfortunately, Southeast Asians, for the most part, are not as educated at both the non-turtiary and tertiary levels as they should be compared to the Chinas of the world and the Western countries of the world.
The second is energy, right?
And energy doesn't get talked about as much as it should be in a context of that being the,
unequalizer. People talk about inequalities in the context of wealth, income, opportunities, right?
But some villages may not have as much or nearly as much as energy as the bigger towns,
secondary or primary. Some countries have a lot of less energy. What do you think of these two
vulnerabilities, lack of energy and lack of cognitive development? Are those, I mean, they're not going to get
remedied anytime soon, right?
Those are the recipes for systemic vulnerabilities for frauds or scams, right?
How do you remedy this?
So, I mean, if it takes one guy to, just 10 to 15 minutes to create a scam onto a lay
person who is not well educated, who's not well off, the vulnerability is there and who's not
well energized. What's the quick fix? I think the quick fix is regulations. And simply put,
if we looked at whether it's a financial regulator or we look at a regulator in charge of
digital infrastructure or the digital economy, I mean, we can easily reference anywhere
in the world, electronic transaction acts, personal data protection acts, cyber
security acts, anti-fraud or scamming acts, these are actually some of the new ones coming out.
And ultimately, one of the things that is always most important from all of these regulators's, you know, priorities is always consumer protection.
And whether it's a technology standard or a data security standard or privacy standard,
it's really the job of, I believe, the regulators to set an appropriate minimum bar
for the institutions, the industry to operate in how they serve consumers.
because I agree with you.
I mean, for us to continue to believe that as long as we educate,
hey, don't share your OTP, that fraud's going to go away, it's not.
Those quizzes and those education campaigns have gone on for 10 years, and they're still going on.
But fraud is at an all-time high.
Scams are an all-time high.
So giving these quizzes and being able to
find temporary workarounds like, oh, we'll put it in a cooling off period.
I mean, those are maybe patches.
But at the end of the day, you know, if we think about the physical world, you know, when a bank has a physical vault, there's a standard of what security that's allowed.
Or, you know, if you talk about transportation networks, airports, once there's a big incident, everyone has to change about.
What is the minimum bar to maintain security in an airport?
The same is true in the digital world.
It cannot be a static standard.
And the good news is there are global standards that are very well defined.
And the good news is that a lot of Indonesian regulations,
whether it's our, you know, unang unang i.e te'a, unang pelep,
a lot of it is already benchy,
marking global standards.
So to me,
really the onus is, of course,
it's in the interest of the government
to make sure that consumers
and citizens are protected.
And they need to define
the regulations appropriate
of responding to the risks
that we face today.
At the same time,
it should be up to the industry
to then be not
not only for the government to enforce,
but for the industry to implement those standards appropriately.
And for that to be table stakes to operate,
because otherwise we lose trust.
And our economy and our digital economy,
especially in this case, can move backwards.
So this is not, you know,
the development of a digital economy is not only moving
in one direction of forward.
It can move backwards.
How much trust?
Do you think has been lost since the last time we did a podcast?
I've, we have done interviews of victims who have lost their entire life savings.
And the thing about fraud is and scams is it's indiscriminate, whether you're a high net worth individual or you are, you know, and where you live at what socioeconomic strata you're from.
They will just simply exploit the technical vulnerability and also the social vulnerability.
And being able to just launch these scams at scale, for scammers and fraudsters, it's just a numbers game.
In fact, they don't really try and attack a specific organization per se.
They would just exploit the technical vulnerability of any organization that has this vulnerability.
they will just exploit it, regardless of the size of the company.
And the same as goes, of course, for consumers and citizens.
So, you know, I think this is where...
So you think the equalizer would be the regulator, right?
And I guess the follow-up question is whether, in your view, the regulatory framework is on the ball already
in terms of the level of sophistication, its ability to...
anticipate greater risk in the future in order to mitigate, you know, whatever.
So I think in across Southeast Asia, we're already seeing a response to this unprecedented level of
scams and fraud.
Ojika launched the Indonesia Scam Center, which is.
a cross-ministerial cross-multi-government body that is able to coordinate between OJK, Bank, Indonesia,
the police, PEPA-Tka, and being able to analyze these scams and frauds more effectively.
In Malaysia, Bang Nagara, Malaysia has gone very, very prescriptive of how.
how much the technologies for KYC, for example, onboarding must adhere to industry
accreditations.
We must be able to detect deep fakes.
And then even in the Philippines, there's a latest anti-financial account scamming act,
Afasa, that has just been released at the end of last year to also go into deeper levels
of transaction monitoring.
device intelligence to be able to mitigate the risk of scams and fraud.
And I think the industry is being forced, frankly, to converge on and the government
are being pushed hard because the problem is very large.
And there's no way to deny that.
And a lot of money is being lost.
I mean, one of the recent, I would say, bus, you know, that.
involved even
multiple governments
was actually involving
in Cambodia and in
Myanmar. That was pretty serious.
And that was a, and they managed to seize
$14 billion of
Bitcoin. And that's not
the only assets, but they managed
to seize $14 billion of Bitcoin.
And it just shows how
this problem is scaled and is a global
problem.
And to also connect that, more recently there was an organized crime bust even in Sleman
that is linked to a lot of these global syndicates.
So it shows that this is not a problem that is domestic or local or purely a foreign problem.
It's fully connected and highly organized.
And I think that's something that is making the problem.
So significant.
These activities are being backed by people, personalities, or organizations that knew that they could arbitrage upon the weakness of the respective places, right?
What added sophistication that they come with that allowed them to be able to just basically exploit upon the weaknesses of the victims?
Well, I think what's really changed is that.
the technical capabilities today.
These fraud syndicates are not just a bunch of people in a call center.
They're equipped with proper technology.
And we know that some of them are actually in forced labor camps.
And actually, they're coming into what they believe,
is a job opportunity and software engineers, data scientists are being conned and then
put into forced labor and being given targets. So they're highly equipped with extremely
sophisticated talent with full technical skills to then conduct these attacks. So even when
we look at the attacks and the nature of the attacks, there are
trends that we've identified. And I think some of the obvious ones is the timing, a lot of the
historical timing that we've analyzed, coincides with, of course, money flows. And one of the ones that's
coming up is Tejaer. So as soon as a couple of months, a couple of months when Tejaheir drops and
payday hits and now it's not just a regular payday, but there's an extra month of bonus.
That's when there's a much higher rate of attack.
So these are not accidental events.
They're carefully planned.
They're carefully orchestrated.
So the nature of the attacker and the nature and the, for example, we already see in the deep fakes that we have to fight against.
The sophistication is very clear from a technological point of view.
But beyond just the technology they're using is how.
organized and how orchestrated that these syndicates operate in.
So that's the, I would say, the other big piece that, you know, we want to dispel the
myth that this is just some single actor, you know, a hacker wearing a hoodie out of some
cafe that is doing this.
It's not.
It's an entire industrial compound.
There could be people flying in from different continents or countries, right, operating
in some country.
That's right.
Right.
And I think just the other day, there was an article of there were 800 Indonesians
queuing at the embassy in Cambodia trying to come home because they were in forced labor in these
scam compounds.
Nikki, on the assumption that the regulator is the best, if not one of the best equalizers,
you think they're the regulatory frameworks, you think they're already.
highly sophisticated, right, by way of emulating the GDPRs of the world.
If we embrace that premise, what's the level of compliance or adherence, body operators or participants?
I think you're right on the point, Pakita.
And it's today, yeah, UNDANGER PILUGAN data-PRIBadi is already, you know, very much
crafted and interoperable to some degree with GDPR.
are. We look at unang undang yi-e and it's actually quite, there's quite a lot of detail already.
And when we go further into Comdiji and Comdigi's regulations, there actually is a standard
verifici identity das, and autenticasi. And that standard is based on global standards.
They're based on, and they've very clearly defined what are, how do I prove someone's identity?
and they even rank different levels of assurance or trust, right?
What's level one?
What's level two?
What's level three?
And not just how do I prove your identity, but also how do I authenticate?
So not just when you want to create an account the first time,
but later when you come back and you want to transact,
how do I make sure it's you again, that this is Bakita again?
So it's not just the first time of onboarding,
but when you want to continue to transact,
online that we really have
strong level of
assurance or confidence
that it's you.
And
actually all the standards already exist
in Indonesia.
All of the standards
but maybe, yeah,
maybe the time of it's
now that time it's
to implement.
Blum there's deadline.
So I think that's
one of the biggest challenges
today is how
do we align and not just on the financial sector, but this impact health. This impacts, frankly,
even government infrastructure, education. These are critical assets for an infrastructure for
the country. It keeps coming back to me. Education is key. I know it hasn't worked out the way
it was probably designed in the last 10 years, but assuming the regulatory framework,
is perfect or near perfect, assuming that the compliance rate is high.
You've got a bank that complies with the regulations.
But for some reason, the customers of the bank get an SMS for OTP confirmation from some fraudster.
He or she could still be exposed, right?
Yes.
You know, as to transfer money to some guy living in Caracas or whatever.
And that could still happen, right?
So you've got a perfect scenario of a well-implemented regulatory framework, a well-operated, well-complying organization,
all of the financial institution, but the vulnerability still prevails.
Well, let me step in there and maybe clarify.
So I think that the high-level regulatory framework is there.
Okay.
And some of the technical definitions exist.
does it mean that they are being enforced?
Okay.
So and are organizations complying?
So I think there is still a compliance gap and there is still an enforcement gap.
Okay.
And a lot of this sometimes is, especially when we deal with cybersecurity standards, they can be seen to be quite technical.
and I do believe there should be a balance between what is the macro prudential view of regulations
and to make sure we're not being too prescriptive and understand that point of view.
And usually that's where the balance is setting regulations and then being able to collaborate
with industry to define very clear industry standards.
and then to make sure that the enforcement and the compliance are managed by independent bodies like auditors.
Same way that financial compliance, we can define what is the overall rules of taxation.
Right?
That's something from the government point of view.
But when it comes down to defining gap, the accounting standards, that should come from,
industry. And then you need an accounting or you need to have an audit body to be able to then
verify that those principles are actually being implemented appropriately. And that should be
run by an independent audit body. So I think what's missing in the cybersecurity space today is
being able to have
very well
agreed industry standards
across many industries.
I think it exists
at the Comdiji level,
but being able to see that
enforced consistently
across sectoral
ministries as well.
And this is where
again, different countries have different approaches, but we've seen in
Malaysia, Manglingar of Malaysia
has outwardly
banned SMS OTPs for authentication.
It's become very, very specific because...
And that's something that we could adopt.
You could.
And that's a very straightforward regulation policy,
and there can be a clear timeline to enforce.
And I think that is what is shifting in the financial industry in Malaysia
is shifting very rapidly.
MAS in Singapore has done the same thing.
Philippines has now just recently announced this act, which is also doing the same thing.
And really, when we think about it is if we talk about authentication standards need to be improved,
it can be a bit vague of what the call to action is.
If we call out a specific type of technology can no longer be used and we must progress to a new technology,
whether that's leveraging, for example, biometrics or cryptography, then it's very clear.
And the call to action is clear.
And I think that level of clarity needs to be there and a clear deadline to also enforce that the whole industry will move together at the same time is going to be important.
Talk about what you mentioned earlier in a separate conversation about how these fraudsters are traveling in a car with telecommunication capabilities, you know, fishing around.
Yeah.
So I think that's a, that's a new thing to me.
It's quite crazy.
So actually, you know, even where we're sitting right now, there are fraudsters driving around on Tsudirban with a, an unauthorized base transmitter station, a BTS.
And the way that our phones work is, will attach, the phones will attach to the closest base transmitter station, a BTS.
and that BTS can claim whichever ID they want.
They can claim that they are a bank's channel as well.
So from there, they can start to send messages and rogue messages
and assume it's part of a legitimate network.
And then send messages and authorize messages that appear to come from an authorized
bank channel.
And in fact, the biggest real.
risk is it's very hard for your average consumer to know that that's fraud because the
the SMS before and the SMS after that fishing link is actually legitimate in the same channel
with the same header. So it can say this is bank ABC but underneath and you may have just
been shopping online
and you got your OTP
for a legitimate
OTP from the bank and a legitimate
transaction
and then you get this fraud link that says
generally speaking it's hey
you know, Tukur point, Bapa
d'apa d'aput voucher
and you can use this
to munasie, you know,
tagia in Bapa, just click this
and it's very
credible and believable
because
the previous
communication was an authorized channel.
So they're able to essentially hijack
what is in your perception,
in your phone, is seemingly a trusted channel.
And that's really one of the limitations of the technology.
So this is where, you know,
in today's day and age, I think one of the other ways we think about it
in terms of security, so I was mentioning earlier,
it's not just about AI.
new technologies, but there's actually ways for us to track the provenance.
What could have been done by the relevant bank to prevent that from proceeding in a bad way?
I mean, assuming that they're complying?
Yes.
100% with the pre-existing regulatory framework.
There's not much the bank can do, actually.
So this is a technology limitation to prevent a rogue BTS from sending out this fishing link
and claiming they're a bank channel,
there's almost nothing that the bank can do.
But if the bank had complied completely perfectly,
that link that was provided
was not going to be able to allow that customer to penetrate.
It's actually highlighting that that technology,
that method of communication,
should no longer be considered secure.
Okay.
And we need to evolve.
So perfectly complying financial institution
probably would not be considering.
So authentication through that means, right?
So I think today a lot of the way that as the security is seen is, you must have two-factor authentication or multi-factor authentication, which, again, principle-wise is not incorrect.
It is about multi-factor authentication.
The question is which factors?
So if you still believe that a password is a secure factor, right?
that's definitely very questionable, but it's still accepted.
If you believe that a SMSOTP is also a secure factor,
the proof is almost the majority of the fishing and the biggest threats today,
the number one way that all of these cyber-related fraud issues are,
you know, the number one attack method or vector,
is through fishing.
And what are they fishing for?
They're fishing for that SMS with TP.
So the reality is there's so much fraud
because of a combination of social engineering
and us being able to, you know,
send fraudsters to be able to trick you
that this is a trusted channel.
This is a trusted bank representative
talking to you and offering you this.
And you incorrectly click on a link
that looks like the bank's website.
and you put in your details there.
We have to question whether or not,
if this is actually happening at scale,
by definition, that's a systemic risk issue.
And I don't believe it's enough to say,
well, we need to educate the consumer.
We need to warn the consumers.
I believe that the call to action is to step in and say,
we need to change the system.
we need to change the standards of how we operate.
If that vulnerability, if that method continues to be exploited,
then the question is, is that method still secure or not?
And the good news is we do have other methods that actually we already use every day.
How do you unlock your phone, Batita?
I can press the six digits.
Fingerprint or a fingerprint or a face.
Yeah.
Right.
Facial recognition.
And if you log into a new device, let's say, you know, your email account on a new device on a new laptop, what happens?
Right.
You get a push authentication to your phone.
You get an alert, hey, is this you?
And that's because at the earlier stage at some point, you mark that, hey, you mark that, hey,
I want to trust this device.
And what happened was a set of private keys were put and were generated in the secure part of your phone.
And now your phone becomes a clear way to check that this is really you.
And really, when we think about multi-factor authentication or, you know, it's just keep it simple.
it's the three categories is something you are, your biometrics, something you have,
which is generally your phone, everyone carries their phone all the time nowadays, or something
you know.
And I think it's this last part of something you know that gets manipulated all the time.
Because passwords are something you know.
And unfortunately, a lot of that data leaks.
and there's breaches.
And including, you know, with the issue of the SMSOTP,
it's not actually generating the OTP and generating the six digit code.
That's still done in a secure way.
But the way it's distributed allows for somebody to then be in the conduit.
The person ends up being has the knowledge.
And that knowledge can be passed to somebody by accident.
And that's how social engineering works.
So this SMSOT.
because of we have to manually enter it in.
But imagine the system just automatically entered it in.
Then you actually don't have that problem.
Because if somebody asks you for the code,
you don't know what the code is.
You can't give it away.
And actually all those technologies already exist today.
So, you know, whether consumer tech is called the pass key,
which is again, like it's a little bit,
is it easy to understand?
And I think that's the challenge of a lot of the cybersecurity industry is being able to keep things simple.
Do you foresee a future where we keep running into a scenario where the bad guys are always outsmarting the good guys that people might just go back to the prehistoric methodologies?
A bit of a sci-fi thing here.
I mean, you know, to some degree, if you're operating at a,
a nation state security level.
There are things where you end up going into an air gap room where it's completely offline.
Using time writers.
Go back to completely offline, right?
So I think if you face some extremely high security issues, then yes, we might have to go a bit
backwards into going offline.
But at the same time, I don't think we can go backwards in terms of
how do you reverse the digital economy?
That is the future.
And the question is,
how do we play a part in that future?
And how fast do we get there or do we get left behind?
And a big part of that is making sure
that we have the appropriate infrastructure underneath to support it.
The same way that e-commerce, right,
e-commerce could not take off without the appropriate logistics infrastructure,
without their appropriate payments infrastructure, right?
It just wouldn't be able to operate at the same level.
We take it for granted nowadays.
You know, in Indonesia, we get deliveries instantly, even sub-hour, you know?
And I think that's an amazing thing that happens in Indonesia
that beats even the best of Amazon Prime, right?
But this is where we often forget some of the enabling infrastructure underneath.
But when we think about the digital economy more broadly,
you know, someone's identity and trust, especially in financial services,
to manage, you know, compliance and risk,
risk of, you know, making sure that you do the right customer due diligence,
this is the right person.
It's not someone laundering money.
That is necessary.
And I think some of that underlying infrastructure
is exactly what Vita is trying to focus on
to help build that out.
But, you know, it's not just in financial services.
This is something that relates to health.
And someday, as we talked to in the early days,
I said, I want to have personalized health.
I'm very optimistic of AI.
Well, you're doing all right.
You're doing all right.
But I need.
need my medical records. I don't have all my medical records. And that's something that I would love
to have access to. Yeah. And one of the feign things that obviously, if I were to even go to a physical
clinic to ask for my medical records, the first thing I say is, who are you? Can I see your proof of
ID, please? Yeah. How do I know you're actually pagita? Yeah. And you hand over your Kattepe.
They'll look at you, they check you, they eyeball you. And essentially, we're doing the same thing.
And they might still give me the wrong medical records.
But, Nikki, talk about the typical blind spots for practitioners, right?
You've been talking about this, the MFAs and the idea that having an IT guy will protect you from anything and the idea that you've incurred a loss and that's well defined.
That's the extent of your exposure.
These are, I think, blind spots that a lot of people are exposed to.
I think the biggest blind spot is thinking that I already have that.
I'm already secure.
I bought that application.
I bought a piece of software.
I'm good.
The reality is fraud, scams are evolving rapidly.
And to think that.
that you can have a one and done silver bullet solution deployed one time and you're good forever
is a big mind spot.
Two is what we tend to see is, you know, the way we prove or institutions prove someone's identity
actually is very fragmented.
So the system that onboard you and the system that approves your transaction are actually two different systems and oftentimes not very well connected.
So do we even know if you're when you onboarded and you created that account, you use that phone, wouldn't it be helpful to know that?
that when you transact that you're still using the same phone.
Sure.
And that that's a real phone.
Yeah.
So I think a lot of the times thinking in, you know, these systems are siloed is also a big blind spot.
And actually, this is exactly where a lot of the fraudsters and scammers target is the
handoffs between systems and exploit the fact that these systems are not unified and don't
have a holistic view.
So that's where, you know, I guess a lot of our approach, I mean, we're very well known
for our KIC products or document verification products.
But actually, it's really about connecting that all the way into authentication and the
transactions.
So it's not just about onboarding a customer securely, but how do you make sure that the
person transacting is still the same person?
And for us, we try and keep it simple and make sure that it's just,
Is it the same face and is it the same device?
And because the first question is, is this a real ID?
Is this a real person?
Is this a real device?
And if all three are yes, okay, then we can create an account.
And from there, we remember the details of that real device.
We remember the details of that real person.
And we can challenge based on those things that we've already proven up front.
But being able to also analyze a lot more signals.
So this is where I think AI is also, as much as it's being used by the scammers and fraudsters,
it's also being used by cybersecurity practitioners for defense and to be able to analyze millions of signals,
whether that's signals about your identity documents, signals about your biometrics,
signals about your device.
And being able to give a holistic view is actually extremely important to be able to track,
you know, to some degree, what's your normal behavior and profile you to the point where
when something happens out of your profile and there's an anomaly, why are you all of a sudden
operating and transacting on a different device from a different location, from a different
IP address, you know, why are you, why is this person who's entering this information?
Why are you copy pasting your name?
Why are you copy pasting your phone number?
You know, these are certain specific behavioral analysis that is a very simple question.
Nobody would ever copy paste their name when filling out a form.
They're just going to type it.
That's a long-term memory field, right?
And it's going into these.
is going into these details and the systems actually have these signals available.
And being able to be able to analyze those details well with the help of AI to be able to analyze millions of signals in real time can help us trigger, hey, there's an anomaly going on here.
This is not normal.
There's higher risk associated.
let's put a bit more caution.
Let's make sure that we challenge,
we give a step-up challenge to that event
to make sure it's really that person.
Let's make sure that that transaction is secure.
Oh, I want to go back to AI,
but let's talk about data, right?
Data needs to be parked somewhere at a parking lot.
What's your,
ideal definition of data sovereignty
from a fraud prevention
philosophical standpoint
I believe that most important about data
is defining the access and control
and what's more important
is the logical access and control
rather than the physical
access and control
And a lot of today's world, especially from a cybersecurity perspective, it's very hard to control your data.
It's very hard to control that your data won't be leaked because as an end user, as a customer of, let's say, an e-commerce platform, I don't have that ability to control.
Now, I think that's what generally causes a lot of concern from the regulators,
is being able to access that data to be able to control it, to be able to audit, to be able to inspect what really happened.
So from that perspective, I believe that a lot of sovereignty should be more focused around the control of the data.
and given today's technology,
my personal view is that, you know,
encryption and cryptography is the easy answer.
It's the easiest answer.
Because if I encrypt by default all of my data as an institution,
all I have to do then is I grant access to parties.
So rather than saying, hey, this data is available for everyone to read,
free to read, I actually make it, nobody can read it.
And then when I decide to do a, to engage to work with another counterparty, it's like,
okay, I'm going to give you, I'm going to give you a right.
I'm going to give you a privilege to access these data under these circumstances in this context.
But if it turns out that you go rogue or you start, I don't start trusting you or,
or simply, you know, we don't really, we didn't really find a way to work together in a,
mutually beneficial way and we want to say, okay, I no longer want to work together with you.
I can simply revoke that access or, you know, if I want to terminate the engagement,
I can revoke the key that was used to decrypt the data for you.
Yeah.
And then done.
So it really comes down to being able to manage the keys.
It doesn't matter where it's part.
It doesn't matter which cloud or what country it's in.
that data is forever encrypted and I have full control.
So in a modern cryptography architecture,
I think that's the right answer.
And it's not about cloud versus on premise
or whether the cloud is onshore or offshore.
We can control data simply by making sure we manage the keys.
Now, where those keys are stored,
how those keys are stored,
that should be under higher scrutiny.
But the actual data assets, it's important that it can flow more freely because then the digital
economy can be more interconnected, more interoperable.
That's more powerful.
And I think that's the role of digital trust infrastructure is to give that empowering
layer, not to create more friction.
In fact, it's supposed to do the opposite.
By building the architecture correctly, the economy can flow.
faster. It can be more interoperable. And it's very easy to grant the ability to, you know,
collaborate and work together across many organizations, across geographies, across, you know,
different industries and rules of law.
To what extent do you think the location of the parking space is influenced by the degree to
which the parking space has certain geopolitical affinity or animosity with the data users?
There's definitely concern, I think especially increasingly today in geopolitics of where
that data is being parked.
Because if it is being parked in certain locations, the question is access inadvertently being
granted.
So I think this is where some of the hesitation to adopt, for example, open source AI models
is fundamentally where does that data go?
And I don't think it's about the parking lot.
It's about who has access to that.
So I think that's the bigger point.
And especially since we deal with banks a lot.
I do believe that a lot of that answer comes down to being able to act from a zero trust, you know, design from the beginning.
So as long as you can manage that up front in your design, it makes life a lot easier.
And you don't have to worry as much.
But with AI models, of course, there is a lot more lack of clarity of where all the data is being transmitted and who has access to it.
What explains the fixation of regulators of onshoreing data?
Is it just the simple definition of sovereignty?
or is it something else?
I do believe that, of course, it makes it a lot easier
if you can go to a physical place and just pull the plug.
You can pull off the path, unplug it.
So there is a practical side of it.
And should you trust any infrastructure abroad?
Probably not.
But there is definitely very reputable
cloud infrastructure
being provided
today on a global basis.
So,
you know, the onshoreing,
perhaps it's more the economic
incentives of driving
foreign direct investment in that infrastructure.
There's definitely an incentive there.
They can go with that, yeah.
Job creation.
There's job creation, of course.
So that definitely helps.
Yeah.
And I think Indonesia is,
in a strong enough position that is able to try and catalyze those investments with some of those policies.
But I think maybe that's also one of the blind spots is just because your infrastructure is onshore doesn't mean the data access and controls are automatically implemented either.
Right. Can I test the hypothesis where in a country where the distribution of public goods is already well done, the need for fraud prevention is a lot less than those other countries where the distribution of public goods may not be as well done.
public goods being defined as
voice, power,
intellect, education,
welfare, healthcare, social value,
moral value.
I don't think that that's correlated, actually.
So if you take the case of Singapore,
great distribution of all of the above.
Extremely prone to fraud,
extremely susceptible to fraud.
That is so paradoxical.
And a lot of it is because it's a high-trust society.
Wow.
And in a high trust society, perhaps your guard is not up as much.
But so Singapore has really a lot of challenges in dealing with a lot of scams and fraud.
These are in the billions or tens of billions?
I think it's hard to say what is the exact thing.
They don't disclose.
It's definitely in at least official reports or in the hundreds of millions.
if not billions.
Wow.
All right.
So that's, it's definitely very significant.
And again, what is the real number versus the reported number?
It's a bit difficult to say.
So it's a pretty universal philosophical requirement.
It's universal.
And, you know, the U.S. is definitely a heavy target for a lot of the online sclam and fraud
rings.
You know, even, you know, in the economist, there was a whole podcast.
Scamara Inc.
That actually was talking about a rural bank in the Midwest being taken down as well.
So it's, this is a global issue.
That's the decline of multilateralism.
Wow.
Now, let's let's talk about AI, deep dive a little bit.
Open source or close source?
It's becoming a lot more ostensible in terms of,
of how China and the US are ushering the AI narrative.
China seems dogged with open source.
That resonates to developing economies.
Yes.
The global south, right?
Yes.
Because it just intuitively translates to something cheaper.
Exactly.
And I think that's really the where the point of difference of where your choice goes.
But even
I argue that this wouldn't even
just be for
about the global South
and developing economies
but even just startups
in general. Startups
generally
you're going to be bootstrapped, right?
You're going to have limitation of capital.
You're going to have limitation of resources.
So the promise of
an open source, you know,
free model or a much less costly model to help power your products is of course naturally very
attractive. I think that's where a lot comes down to well are there definitions on where this data
goes and what is allowed and what is not allowed. So obviously in our space we're a bit more
conservative in our views.
So we do look for
companies that
have a lot more established
governance,
especially on their data security and their data
privacy before we were
to engage in any of those
and leverage any of those
other technologies and products.
So that's very
important for us
and ensuring that there's full
privacy is extremely
important. So
But at the same time, if you think about where is this arms race going, I think in China, on the AI front, they are focusing on really, you know, at the end of the day, how do they manage the cost side a lot more efficiently.
Whereas I think in the allegedly, disproportionately lower.
Disproportionately lower.
And it's also almost because of the geopolitics, because of the geopolitics, because of,
the lack of access to
a just simply capital.
I mean, the capital equation
behind the amount of capital
going behind open AI, Gemini,
you know, anthropic
versus AI
in China is orders of magnitude
of difference. So the access
the capital is... The Americans might debate that,
but let's go with that presumption.
Orders of magnitude, right?
N-second is also the access to
the hardware.
Access to GPUs,
access to the infrastructure,
access to the data flows
is also very different.
So I think the strategies
are very different.
You see this, I would say,
in the
US, especially almost a race
to AGI, right?
To providing
the highest levels of intelligence
and advancing that level of intelligence
versus, I would say in China,
perhaps a more industrial approach of how to apply this most cost effectively to businesses
to be able to sort of yield the value of that application in the near term.
I think there are very different approaches.
I'm also a little concerned by the observation that some LLMs are more.
more ideologically driven as opposed to truth-seeking.
You can see it with some basic questions, right,
and how the answers or the hallucination that comes out of it
just seems more ideologically driven as opposed to truth-seeking.
And that concerns me on the bank of the vulnerabilities that we've talked about earlier.
lack of cognitive development capabilities in most Global South members, right?
Second, you know, if you use a Gemini, Grog, chat, GPT, or even deep sea,
that uses about 10 to 50 times more energy than a simple search on Google.
Now, I'm also in the film industry where we use SORA, right?
And that uses 10,000 times more energy.
Then I look at the electrification of Indonesia, which is only 1,300 kilowatt hour per capita.
China is at 10,000,
United States 10,000.
So if,
if let's say Indonesia were to
want to be inspired by what
Lin-Vanfei did at Deep SIG,
on the bank of this order is a magnitude
cheaper. We want to do it,
but we don't have the energy.
Right? And then to go up
from 1,300 kilowatt hour per capita,
10,000 kilowatt hour per capita,
Indonesia's got to build about
terawatt worth the power generation capabilities, which will cost roughly $2 to $3 trillion.
It's a lot of donuts.
Right?
So, and then you start doing a math, we only build about 5,000 megawatts per year.
So if we were to build a terawatt, that's going to take only 200 years.
I mean, I'm actually optimistic.
We're going to be able to build a lot more than 5,000 megawatts per year.
And we're going to be able to attain the economic capital.
But we've got our work cut out, right?
So on the assumption that Deep Seek was Sputnik or nonlinear for the developing economies,
do you think that will permeate on with more Sputnik moments?
I think trying to build deep tech, given some of these,
constraints will definitely be challenging.
Is it impossible?
I don't think it is, but at the same time, the odds are not in the favor.
Put it that way.
Now, on the other hand, we do have a lot of industry and a lot of economy, you know,
a lot of opportunity to transform a lot of the economy in Indonesia to a digital
economy and the opportunity for local entrepreneurs to harness uh gen ai capabilities
AI capabilities all these amazing technologies to then advance industry not only scaling them
locally but then being able to scale internationally um i believe that opportunity is a lot more
real. And I think that Indonesia we're lucky to have a very vibrant technology sector.
And I think that's where there's a lot of opportunity to continue to digitize the economy and
to grow at least regionally, if not beyond. That definitely is an immediate opportunity
that I see.
So whether or not
Indonesia will make
the next generation
foundational AI model,
I'm not sure that that's a
realistic expectation,
nor a good use
of our resources.
I believe there are
better low-hanging fruit.
And we need to be
a bit realistic in some senses
of what we can expect
in our industry.
But at the same time, it doesn't mean that we have to build the next foundational model to be able to reap the benefits of AI.
I just think that for anybody to be able to craft the AI narrative and use it properly or narrate it properly, that nation needs to be investing massively.
in STEM.
Yes. I mean, it's just some data points, right?
China produces 4.5 million STEM products per year.
S-S2 S2i K.
Every year, undergrad's, grads, PhDs.
India, about 2 million.
Southeast Asia, about 750,000,
of which Indonesia, 250,000.
The US, 800,000.
So just from those data points, it's tempting to just conclude that China has done a better job in ushering scientific discoveries, inclusive of AI, right?
So if Indonesia were to be an AI narrator, it needs to produce disproportionately a lot more than $250,000.
AI, I mean, STEM products per year, because they can count these guys.
You're a great product of STEM, right?
So you know how to narrate the narrative or even craft it.
What do you think?
Well, I think, again, if we talk about the deep, a deep tech invention aspiration,
I believe that it's an aspiration.
It's not that it's impossible, right?
But it's definitely more of an aspiration.
Now, the reality is a lot of the value can come from innovation over invention.
And I think that's where we can really focus,
is how do we apply the technology?
How do we distribute? How do we realize the material, concrete, real-world benefits of whether it's upskilling the talent we have today and augmenting them with better AI capabilities that will help drive higher productivity? Of course, I think we should learn from and collaborate.
and learn from people who are at the forefront of inventing this technology,
to learn and to collaborate so that we can also innovate better.
But I believe that Indonesia has a very, the big advantage is the scale of our distribution
domestically, but more importantly is regionally.
That opportunity is right there, especially for the scale.
a digital economy perspective.
You're singing to the choir.
So I think that that is the more realistic and important short-term objective
for hopefully what a lot of entrepreneurs in the region can help drive forward.
And I think that that can be realized within the next couple of years.
You know, given the recent geopolitical.
development where we're witnessing a much higher unilateralism of the United States.
And China smelled this from a few years ago.
They started consciously reducing exportation to the U.S., relatively speaking.
Their exports to the U.S. used to be about 26% of their total exports.
As of today, is about 12 or 13%.
on the back of their shifting,
their focus is a lot more on everybody else outside the U.S.
Call that the Global South and a few others.
Southeast Asia, its intratrate,
is about 23% of the collective GDP.
That's the amount of or a number of economic activities
that Southeast Asians do with each other.
The Europeans, 65% of their collective GDP.
And I always tell people that that's largely attributable to the fact that we just don't tell stories to each other in Southeast Asia.
We shake hands, but we don't tell stories.
The more we tell stories to each other, the more we understand each other.
The more we understand each other, the more we understand what we need to produce.
And what we need to produce should more be in complementarity, as opposed to.
to competition at the rate that, you know, we've got to rely a little bit more on ourselves,
given the uncertainties that are happening outside.
So just think about being able to move the needle from 23% to 65% the way the Europeans have.
That's $2 trillion worth of economic activities, goods and services.
Imagine what that could do to your business.
And everybody else.
within this region.
700 million people,
$4 trillion worth of GDP.
So you're right.
You know,
it just hit the note in my head
when you talked about,
you know,
how business could actually expand
within Southeast Asia.
Well, and I think
Southeast Asia,
you know,
is not the EU in the same way that
in the sense of from the political side,
there's no supernational body.
Right?
So we have a lot more independence when it comes to sovereignty and policies and laws.
At the same time, you know, the economic opportunity is really where I think we can all generally agree is the advantage of what we need to also in terms of,
especially given the current geopolitical situation, you know, need to focus more on being able to foster the region.
cooperation and strengthen, I would say, the geopolitical position of the entire region.
And I think that's specifically where, hopefully, at least, you know, from a Vita perspective,
we can play a role, a small part at least, in helping build better trust.
And it's almost like if I draw the parallel to a passport, every country will issue its own
passport. But if we can operate and make the visas to travel between countries, to operate and work
between countries a lot easier and to recognize and be able to trust each other's passports and
visas a lot more easily. Imagine the upward mobility. That should be a big enabler. And that's
at least what we're trying to do. It is more on the infrastructure level to,
enable more connectivity and have these, you know, digital visas, if you will, to connect these
identities so that I don't need to KYC four times per country just to open a bank account.
Because at the end of the day, if any business, you need a bank account, you need to open up,
you know, a local entity, you'll need a standard level of financial compliance, you'll need,
you know, from your human capital.
You'll have to, you know, manage contracts, legal infrastructure.
I mean, if we can streamline some of the basic foundation of what it takes to operate a business in each country,
just make it easier for entrepreneurs to operate cross borders.
I believe the entire region should benefit and prosper from that.
Let's stick on this a little bit.
You know, we brag about diverse.
diversity within Southeast Asia.
But we don't talk about divergence.
Diversity is positively connotated.
Divergence, unfortunately not so.
Economic divergence, you've got a bunch of countries earning less than $2,000 per capita every year.
You've got Singapore, the LeBron James, at $91,000 per capita every year.
That's divergence.
And out of 11 countries, you've got two countries
surpassing the global average of PISA scores,
attainment of lingual proficiency and STEM for 15-year-olds.
You've got only two universities in Southeast Asia
that are in the top 20 out of 10,000 universities,
two of which are in Singapore.
The next best university in Malaysia ranked 53.
The others even lower.
So that's divergence.
So you hit a note.
In my head, again, when you mentioned supranationalism, which we lack, I think it's high time to call for some degree of supranationalism within Ozan just for educational attainment purposes.
There is no reason for there to be a principle of subsidiarity.
I mean, if you want to be much more cohesive, much more collective on the back of the evolution,
of geopolitics, economics, and technology
at a much more exponential rate,
you've got to be more cohesive.
I think the most structural way
to increase that cohesiveness
is to reduce the educational attainment divergence.
And educational attainment divergence
correlates with economic divergence, big time.
What do you think?
Well, I think I agree with you
and perhaps the shorter-term ways we can attain that
is not just through
secondary and tertiary education
which may take a bit more time.
Any type of education.
But especially vocational education
and being able to transfer knowledge
from the best in the world
to learn from the best in the world
at the industry level
and to immediately apply that
I think is really important.
So being able to encourage
a lot more collaboration
and invite a lot more foreign investment
and to find the best in the world
to hopefully bring that expertise
to teach us, to learn the way
and for us to evolve and adapt
into and focus on how we can tune
some of that expertise
to localize it to the problems
and the challenges
we face in our markets.
I think that's where the opportunity is.
And again, I'll bring that more from an opportunity of innovation versus invention.
We don't need to recreate the craft.
No, just copycat pre-existing best practices.
Let's look at the best practices.
Let's learn from the best craftsmen there are.
And then think about what's the best way for us to apply it in our environment,
which we do understand the idiosyncrancies of how each of our markets in Southeast Asia do operate differently.
We are a mobile first sort of economy in a digital economy.
We do have a wider, maybe a lower range of smartphones.
We have very unique social media behavior.
There is a lot of different nuances.
that do impact consumer behaviors.
And I think that's, those are the types of insights
that entrepreneurs across Southeast Asia should harness.
And the more that are,
because the reality is the digital economy is a global,
it's a global game.
It's going to be global competition.
And hence the better the region can leverage,
not just any individual country's home market,
but actually be able to compete
and promote regional champions and have that scale,
it will only help us compete better at the global scale as well.
And of course, I don't think that this is something that we operate purely independently,
but again, through collaboration, through learning from the best and the brightest minds in the world.
We need to talk to each other more among Southeast Asians, understand each other.
Look, we've covered quite a lot of stuff with respect to,
fraud or skim prevention, right?
As it relates to how on the ball the regulatory framework is,
how participants may not be adhering to the scale necessary,
how data ought to be parked and secured encryption and cryptography,
and AI, the philosophies of AI,
and how it needs to be ushered forward.
We haven't talked about one thing that I think quite be,
I mean, could be relevant to fraud prevention.
Rule of law.
What's your take on that?
Yeah, I think in that sense,
we do need a strong rule of law.
enforcement against criminal syndicists.
Bad behaviors, right?
Bad behaviors.
That is definitely an important, a very important driver.
I think in the way that maybe makes Southeast Asia a bit more unique is we've front-loaded
a lot of the security and industries taken on a lot more.
of that responsibility to handle that up front.
But I think that is where, you know, agencies are trying to collaborate more now
between ministries and also hopefully across the region as well.
And sometimes it does take a big problem.
before things change.
So it's no longer a vitamin,
but a true painkiller
that presses the urgency
of being able to change
and the way we collaborate,
the way we work together.
So there are a few organizations
that are trying to drive this,
you know, whether it's the,
you know, we're also part of the global
anti-scam alliance,
which does collaborate with
several law enforcement agencies across the region.
So I am optimistic that hopefully the collaboration can improve.
There is increasing transparency, even in Indonesia, between Odeca and Comdiji, being able to
facilitate what is fraudulent, suspected accounts, fraudulent phone numbers, to be able
to more concretely provide very important signals to warn consumers before you.
you transfer that money.
There's a little warning signal that
say, hey, this account has been
suspected of fraud before
or this phone number
is obviously a suspicious phone number.
So I think we need more concrete
action like that.
And law enforcement agencies
actually sit on a wealth of data
as well.
And the more
open we can be, of course,
in a controlled fashion,
with the right authorized
industry players with the right trusted players, be able to collaborate and leverage that data
together, that's really the most concrete way we can step up and involve in an exponential way
to fight fraud and scams and have a very clear deterministic view of our ability to improve
exponentially and protect consumers better.
You know, my wife studied cybersecurity.
She always reminds me with respect to the definition of digital literacy.
It's not just about being able to use your headphones.
It's really about understanding risk management, right, while using digital capabilities.
Look, I'm actually feeling pretty optimistic talking to you about what's to come in the next few years.
And especially if you put that in a context of
Just take a look at Singapore
When it became independent
It was earning $100 per capita per year
It's now at 91,000
It's been able to turn itself big time
In one generation or perhaps two
China's GDP per capita in 1980
It was $125
Indonesia's GDP per capita
was $400
dollars.
And China has been able to jump up to $13,000 within a generation.
So I think the future for Southeast Asia may not be that bad, right?
Anything else you want to share with the audience?
Well, I think the entrepreneurs that I've met across the region, there's an incredible
amount of energy, and I'm definitely optimistic that things can change.
I look forward to being able to find ways to collaborate more across the region, across ecosystems as well, across industries, to be able to, you know, I think really unify the opportunity that we have across the region and hopefully focus on, you know, at least on our part, continue to build out the digital infrastructure that can help enable that economy.
the digital economy forward.
And, you know, not only make it more safe and secure, but hopefully reduce a lot of the friction
and just make it easier as well for you to, you know, to transact, to do what you need to do
across all of ASEAN.
So I'm optimistic.
I think there's a lot of great energy and especially from the entrepreneurs and met across
the region.
So I think that there is, you know, hopefully with the.
right geopolitical advancements as well.
We'll land in a good place.
But regardless, I think the industry is moving forward in a very strong way.
And hopefully we'll give you a good update in the next podcast, Bagheita.
Well, hopefully we don't have to wait for four years for the next time.
Nikki, thank you so much.
Thank you so much, Baguita.
It's been a pleasure.
Friends, that was Nikki Luhir from Vida.
Thank you.
Thank you.