Earlier this week, KrASIA reported that people in Indonesia faced difficulties when applying for services at financial institutions because of low credit scores and outstanding bills from 2019 “owed” to Caturnusa Sejahtera Finance, a company hired by Traveloka to operate its pay later service. These individuals said they never signed up to use Traveloka PayLater, never received invoices, and were never contacted by debt collectors. They only became aware of the mysterious transactions when banks rejected their credit card applications.
On its website, Traveloka says, “To be able to use PayLater, you will need to apply for it first.” Payments for purchases can be spread over up to 12 months, with a limit of IDR 50 million, or USD 3,500.
There is scant public information about Caturnusa, the subcontractor that manages Traveloka PayLater. One of the victims who carried phantom debt originating from Caturnusa said when he visited Traveloka’s office in West Jakarta in 2019, Caturnusa’s office was in the same building but located on a different floor. In March 2021, Traveloka relocated to its new headquarters in BSD City, South Tangerang.
“Traveloka Caturnusa” is listed as a customer of an IT company called Nusantara Duta Solusindo, or NDS. KrASIA contacted NDS by phone and spoke to the company’s staff, who were unable to field questions immediately. KrASIA followed up by sending inquiries by email to NDS but did not receive a reply before the publication of this article.
Responding to KrASIA’s request for comments regarding loans that were issued through Traveloka PayLater without people’s permission, Traveloka’s head of corporate communications, Reza Amirul Juniarshah, said the company is aware that a “very small number” of users in 2019 experienced “inconsistencies” in their credit rating as a result of fraudulent activity originating from Traveloka’s platform. “However, following an investigation, we concluded that there was no misuse of user data stored by Traveloka, and we have worked with the affected individuals and authorities to clarify the matter,” Juniarshah said.
The company said it has launched a series of data security education campaigns to raise awareness of the importance of protecting confidential data. Traveloka is also promoting data protection best practices among its users, the company said.
“We have rigorous security measures in place that are constantly being enhanced, and we do not share user data with third parties without explicit consent from our users,” said Juniarshah. “Our Traveloka PayLater service is no exception; since its launch in 2018, we have provided multi-layer security, including requiring official government identification and biometric verification, as well as tokenized security for credit card payments.”
The exact source of the data that was used for unauthorized financing via Caturnusa and Traveloka PayLater remains unclear.
Traveloka plans to list in the US via a SPAC merger in 2021, CEO Ferry Unardi said earlier this year. The company was said to be in talks with Bridgetown Holdings Ltd, which is sponsored by Richard Li and Peter Thiel, according to a report published in April by Bloomberg.