Legal Consequences of Using Other People's Identity in Online Loans

Online loans that are part of Financial Technology create a new mode of crime, in which perpetrators can use other people's personal data to find the online loans. This action causes losses to the online loan service providers and people whose personal identities are used by the perpetrators to make online loans. For this reason, the problems discussed in this paper are: 1) How is the formulation of fintech based on online loans? 2) How is the protection of personal data in online loans? 3) What are the criminal sanctions for using other people's identities in online loans? To answer these problems, a normative juridical research method is used by using the literature sources as the primary source of legal material. Based on research originating from literature sources, criminal sanctions that can be imposed on perpetrators can be charged with Article 27 paragraph (1), (2), (3) or paragraph (4) of the Law on Information and Electronic Transactions, with a criminal penalty regulated in Article 45 of the Law on Information and Electronic Transactions with a maximum imprisonment of 4 (four) years and/or a maximum fine of Rp. 750,000,000 (seven hundred and fifty million rupiah). Judging from the elements in the criminal act of using false identities in making online loans, the criminal sanctions for using false identities on online loans can be suspected by Article 263 paragraph (1) of the Criminal Code regarding the crime of identity fraud, Article 378 of the Criminal Code on fraud, Article 311 paragraph (1) KUHP on slander/defamation.


I. Introduction
The proliferation of fintech (financial technology) companies focusing on selling digital-based financial products, targets the consumptive power of the community by making it easier to borrow money/find debt through digital platforms. Seeking debt through fintech companies or commonly known as online loans cut out almost all conventional debt loan methods carried out by banking businesses or cooperatives. The convenience and speed of online loans are a strong attraction for the community. The lending system using an online application is called the "peer to peer lending" system, which is a loan agreement that brings together the lender and the loan recipient in an application via the internet network. The peer to peer lending system can reach people in remote areas as long as an internet network is available in the area. (Sari, 2018: 97) Legal Consequences Of Using Other People's Identity In Online Loans Financial technology is a financial service making it easier for people to make transactions anywhere and anytime. Before online loans were present in the community, to make public loans, they had to go through a series of mechanisms by completing various long administrative requirements at banking institutions such as banks, rural banks and cooperatives. The significant difference in loan disbursement between loans through commercial banks or other non-bank financial institutions and online loans becomes the main reason why people prefer to make loans through online loans. The comparison is, the disbursement of loans from commercial banks takes 7 to 14 working days, whereas with online loans, the disbursement can be done in less than one day and even in hours. (Istiqamah, 2019: 293). In addition, credit applications through banks or cooperatives require collateral, while online loans do not require collateral.
Article 3 paragraph (1) letter e PBI (Bank Indonesia Regulation) Number 19/12/PBI/2017 concerning the Implementation of Financial Technology states that application-based loan services with internet media are Financial Technology Operations included in the category of other financial services. In the Regulation of the Financial Services Authority (OJK) Number 77/POJK.01/2015 of 2016 concerning Information Technology-Based Borrowing-Lending Services, it is stated that online loans are an implementation of financial services that bring together lenders and loan recipients in rupiah currency carried out directly through an electronic system by utilizing the internet network. (Hartanto & Ramli, 2018: 322). Based on the data owned by the OJK, as of August 2020, 158 leading fintech companies have registered. (www.ojk.go.id, n.d.) Borrowing or credit activities through fintech companies are based on the validity of an agreement that must meet the elements in article 1320 of the Civil Code. Article 1320 paragraph (1) of the Civil Code states that there is an agreement between the two parties. The next requirement is the proficiency in making the engagement, meaning that the person is an adult and is not in custody. What is agreed upon, in Article 1132 of the Civil Code, in an engagement, there are things in the form of objects and non-objects, movable or immovable which are the objects in the engagement. Article 1335 of the Criminal Code requires that the object in the agreement is a lawful cause, which means that the agreement must not conflict with the law, decency and public order. The agreement must be carried out in good faith (Article 1338 of the Civil Code). General requirements for making online loans include: 1. The borrower is an Indonesian citizen; 2. Minimum age of 21 years and maximum of 60 years; 3. Have an income equal to the minimum wage; 4. Have NPWP (Taxpayer Identification Number); and 5. Have a bank account / account number that matches the identity on the borrower's ID card. The ease and speed of loan disbursement, in which the borrower and lender do not meet in person, provides opportunities for some people to take advantage of the weakness of the situation. One of the gaps that is exploited from the weakness of the online loan system is the opportunity for borrowers to use other people's data as borrower data. The action seen from the aspect of criminal law is included in the crime of forgery as regulated in Article 163 paragraph (1) of the Criminal Code. Forgery in Article 263 of the Criminal Code is "anyone who makes a fake letter or falsifies a letter that can give rise to a right, engagement or debt release, or money is intended as evidence of something with the intention of playing or ordering other people to use the letter as if the contents are true and not falsified, are threatened if such use can cause losses due to falsification of the letter.
The legal issue that occurs is when the borrower uses personal data that is not his own and takes an online loan and then ignores his obligation to make payments for the loan. This deliberate act causes losses to two parties, namely the online lender and the party whose personal identity is used to seek online loans. The legal issue is interesting to be studied in a scientific research, so that in this scientific paper the title can be formulated, namely "Legal Consequences of Using Other People's Identity in Online Loans."

II. Methods
The type of research used to answer the legal issues mentioned above is normative juridical law research known as library law research, a legal research carried out with a library material approach or In this paper, the data collection technique is carried out by library research or library studies by digging and collecting data from written sources that are relevant to the content of the research. Then, the data is analyzed qualitatively.

Online loan-based fintech legal formulations
The development of technology and digital communication affects transaction patterns which currently lead to digital transaction patterns, including lending and borrowing transactions or accounts payable. Previously, accounts payable transactions were direct civil relations in which the lender and loan recipient met directly, made an agreement and bound themselves in the form of a written agreement. Currently, to conduct lending and borrowing transactions or accounts payable between the lender and the loan recipient no longer have to meet and meet face-to-face physically, but simply by utilizing digital technology. From these two forms of transactions, the lending and borrowing transactions or accounts payable can be grouped into 2 forms, namely: a. Conventional accounts payable transactions; Conventional debt and receivable transactions are debt and receivable transactions that are generally carried out by meeting face-to-face, in which the lender is a banking service entrepreneur, both rural banks and cooperatives or other financial institutions such as the Village Credit Institution and debtors (debt recipients). To pay debts, the debtor must meet administrative requirements, fill in data, submit personal documents and material guarantees or do not require material guarantees for a certain debt value determined by the creditor. The debts that do not require collateral are called Unsecured Loans. The nominal debt that can be given by creditors to debtors is assessed based on several aspects by looking at the feasibility and value of the collateral used as credit guarantees.
b. Digital accounts payable transactions; Digital accounts payable is a new pattern of accounts payable that has developed due to technological developments, this pattern is called Financial Technology (fintech). The classification of fintech according to Bank Indonesia, consists of (Ginatra, 2020; 14): 1) Financial Technology Peer to Peer Lending in Indonesia is a variety of business models and technological developments aimed at improving financial industry services. (Muzdalifah, Rahma, & Novalia, 2018;6). Financial Technology consists of digital payments, financing and investment, and coordination functions. (Ridayani, 2019;18). Other types of Financial Technology in Indonesia are account aggregators, information and feeder sites and personal finance. (Rumondang & et al, 2019;13). The target of Financial Technology is the lower middle class that are lack of capital to develop their businesses and the general public as their consumptive needs, especially during the Covid 19 pandemic. The mechanism in Financial Technology which is more commonly known as online loans involves two agreement mechanisms, namely; the agreement between the lender and the loan provider, and the agreement between the loan provider and the loan recipient.

Legal Consequences Of Using Other People's Identity In Online Loans
2) Market Aggregator is a digital platform that provides information to the public about financial transactions and investment patterns in it. Therefore, with the Market Aggregator, people can compare financial investments or financial management that are commonly used in society. The public can assess the weaknesses and strengths of financial services offered by banks and other financial service providers, such as services and mechanisms in the use of insurance, investments (deposits, securities, stocks and so on), credit cards and other financial services.
3) Risk and Investment Management. Fintech has been able to provide a regulatory function regarding financial planning, in which previously, to get a financial plan that can measure the possibilities and risks in investing in financial services, people must find and consult a financial expert. The function of these experts has been replaced by fintech which can help plan short-term finance to long-term financial plans.
4) Payment, settlement and clearing is one of the most popular fintechs and is widely used by the community. This fintech pattern can help people to make financial transactions online, they do not have to come to the banks, ATM machines, and meet directly with the service providers. The examples are the transactions using mobile banking, internet banking, and online shopping on digital wallet applications such as DANA, PAY LETTER and so on.
Of the four fintech classifications classified by Bank Indonesia, online loans are included in Peer to Peer Lending which is under the supervision of the Financial Services Authority, as regulated in Law Number 21 of 2011 concerning the Financial Services Authority, Article 6 letter c, the Financial Services Authority. Finance carries out the task of regulating and supervising financial service activities in the insurance sector, pension funds, financing institutions and other financial service institutions. The public as users of online loan services have their rights regulated in OJK Regulation Number 77/POJK.01/2016, as follows: 1. Article 30 paragraph (1), users of online loans are entitled to get the latest information about Information Technology-Based Online Loan Services; 2. Article 31 paragraphs (1) and (2), online loan users have the right to obtain information regarding the rejection, acceptance or postponement of loan applications along with the reasons; 3. Article 32 paragraphs (1) and (2), users of online loan services have the right to obtain information from electronic documents using clear, easy-to-read and easy-to-understand Indonesian language, or can be juxtaposed with foreign languages if needed. 4. Article 36 paragraph (1), the right to obtain protection from all forms of efforts to transfer responsibility or obligations between the operator and the user; 5. Article 36 paragraph (2), users of online loan services are entitled to protection from the requirements required by the operator for users to comply with new rules, advanced rules and/or changes to rules issued by the organizer unilaterally which can harm rights from online loan service users. 6. Users of online loan services have the right to get compensation. The compensation for losses to users of online loan services is given as long as the loss is caused by an error or negligence of the organizer. 7. Article 39, online loan service users are entitled to the protection of personal data provided as a requirement in borrowing, so that the data is not used and misused by third parties without the permission and knowledge of the online loan service user as the owner of the personal data. The agreement between the provider and the lender as regulated in Article 19 paragraph (2)  This matter has been regulated in Article 1 number 12 of OJK Regulation Number 77/POJK.01/2016 concerning Information Technology-Based Borrowing Services which regulates "Electronic document is any information that is created, forwarded, sent, received or stored in analog, digital form, electromagnetic, optical or the like that can be seen, displayed, and/or heard through a computer or electronic system included but not limited to writing, sound, pictures, design maps, photographs or the like, letters, numerals, codes, access, symbols or perforations , which has meaning that can be understood, by people who are able to understand it as referred to in Law Number 11 of 2008 concerning Information and Electronic Transactions." The speed of development of fintech based on online loans is becoming increasingly out of control. Therefore, illegal online fintech loans grow wildly that are not under the supervision of the OJK. The wild growth of illegal online loans is a new problem in society. Strict regulations are needed in cracking down on these illegal online loans. It is unfortunate that the ease of technology is used against the law where even though the illegal fintech online loans have been blocked, they can easily form new entities with the same pattern (Kai, 2020). The concept of misuse of personal data can be divided into 3 forms, namely misuse by people who request personal data; misuse by the company/provider by selling the personal data of its consumers; and misuse of data by experts based on their expertise in hacking someone's personal data (hackers). The disadvantages of the owner of personal data, whose data is misused by other parties without permission are as follows: 1) Technical losses which include the lack of system security and reliability of communication standards and protocols being guaranteed; inadequate infrastructure and telecommunications bandwidth; and for vendors or service providers it is necessary to have adequate web and network servers.
2) Losses from the legal aspect which include the absence of laws and regulations that specifically regulate the protection of personal data, resulting in the resolution of problems concerning the misuse of personal data. It is difficult to obtain legal certainty. The disadvantages of the legal aspect also include the unavailability of an appropriate mechanism through digital-based electronic media that can guarantee the security of personal data, making personal data easily accessible to irresponsible parties.
Relating to what was discussed in the background of the problem above, it is needed a criminal sanction for someone who borrows online using another person's personal identity. This action contains an element in which there is a falsification of personal documents using other people's personal documents for personal gain from perpetrator.

Personal Data in Online Loans
Personal data is a concept of privacy, according to Warren and Brandeis "Privacy is the right to enjoy life and the right to be left alone and this development of the the law was inevitable and demanded of legal recognition". Where privacy is the right of everyone to enjoy his life and demand that privacy to get protection/to be protected. (Latumahina, 2014;25). The notion of privacy is also put forward by Alan Westin in which he defines privacy as "Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others." (Yuniarti, 2019; 154). In Indonesia, especially at this time, there are no specific laws and regulations to regulate personal data, while neighboring countries have special regulations regarding personal data, such as: 1) Singapore, the legal protection of personal data in Singapore is regulated in The Personal 3) Hong Kong, in the country of Hongkong, the legal regulation regarding the protection of personal data is the Personal Data Privacy Ordinance of 1995 (PDPO), which was amended in 2012. In Indonesia, we are very aware that the protection of privacy issues or personal identity is not yet an important issue to be protected. It is very common in society that misuse of personal identity such as the use of a person's Identity Card in an administrative document processing, other parties can easily carry, show and use it. The identity of another person, either original or in the form of a photocopy is without requiring verification or approval from the owner of the actual identity. Such conditions are very different from the other countries where the state with its government highly protects the personal identity of its citizens including name, address, place of birth date, status and other information. (M, Mansyur, & Gultom, 2010;135).
The decision of the Constitutional Court Number 006/PUU-I/2003 affirms that the regulation of Personal Data Protection must be in the form of a law. As confirmed by the decision of the Constitutional Court that related to provisions concerning human rights, it must be regulated in the form of a law. To accommodate the need for legal certainty regarding the protection of personal data, the following laws and regulations can be used: 1) Law Number 10 of 1998 concerning Banking; Article 40 Paragraph (1)  Article 42 Paragraph (1) states that "Telecommunication service providers are obligated to keep the information sent and or received by telecommunications service customers secret through the telecommunications network and or telecommunications services they provide".

3) Law Number 39 of 1999 concerning Human Rights;
Article 29 Paragraph (1) states that "Everyone has the right to the protection of his personal, family, honor, dignity, and property rights". This article is similar to Article 28 Letter G Paragraph (1) of the 1945 Constitution of the Republic of Indonesia which also regulates the right of everyone to personal protection.

4) Law Number 14 of 2008 concerning Public Information Disclosure;
Article 54 stipulates that any person who intentionally and without the right to access, obtain, provide information in Article 17 will be sentenced to a maximum imprisonment of 2 (two) years and a maximum fine of Rp. 10,000,000.00 (Ten million rupiah).

5) Law Number 36 Year 2009 concerning Health;
Article 57 Paragraph (1) states that "Everyone has the right to the confidentiality of his personal health condition that has been disclosed to health service provider" 6) Law Number 24 of 2013 concerning Amendments to Law Number 23 of 2006 concerning Population Administration; Article 1 number 22 states that personal data is certain personal data that is stored, maintained and kept true and its confidentiality is protected. 7) Law Number 19 of 2016 concerning Amendments to Law Number 11 of 2008 concerning Information and Electronic Transactions; Article 26 paragraph (1) states "unless stipulated otherwise by laws and regulations, the use of any information through electronic media concerning a person's personal data must be carried out with the consent of the person concerned". The juridical basis of personal data protection refers to Article 28G of the 1945 Constitution of the Republic of Indonesia, "everyone has the protection of his personal, family, honor, dignity and property under his control, and has the right to a sense of security and protection from the threat of the power to do or not to do something which is a human right". Considering that the protection of a person's personal data is a fundamental human right, even in the international world the protection of personal data is recognized as a constitutional right of a person who is entitled to security for his personal data, this is in Legal Consequences Of Using Other People's Identity In Online Loans contrast to data security in Indonesia which adheres to the applicable ius constitutum principle. (Octavia, 2020;57)

Criminal Sanctions for Making Online Loans Using Someone Else's Identity
It is easy for the third parties to access someone's personal data and use it as a false identity in applying for an online loan. Consequently, it has led to many legal conflicts. The identity owner is harmed in which he gets pressure, threats and debt collection from the online loan service providers because his identity has been misused by irresponsible parties. A legal problem has not become a legal problem if the injured party does not report it to the police. Losses for misuse of false identities in online loans are included in the complaint offense, in which the injured party can complain to the police. As it is known in the Criminal Code, a complaint offense is an offense whose prosecution can only be carried out if there is a complaint from the injured party (gelaedeed party). Complaint offenses are divided into two more based on their nature, namely: 1. Absolute complaint offenses. The offenses in absolute complaint can only be prosecuted if there is a complaint from the victim. For example, Article 310 of the Criminal Code on defamation. 2. Relative complaint offenses. This complaint offense is called relative because of the special relationship between the court and the complainant. For example, Article 367 of the Criminal Code for theft in the family. (Effendi, 2015;47).
Withdrawing from the criminal element of using another person's identity in making online loans based on the Criminal Code, this action is included in the act of counterfeiting. Counterfeiting itself is a violation of the truth that aims to gain profit for oneself, counterfeiting in a more modern society is called manipulation, which means abuse or misappropriation. Counterfeiting is classified as a fraud crime which can be grouped into 4 groups, namely: 1. The crime of perjury (Chapter IX); 2. The crime of counterfeiting money (Chapter X); 3. The crime of counterfeiting materials and brands (Chapter XI0; 4. The crime of forgery of letters (Chapter XII). Forgery of identity in online loans is included in the 4th category, namely the crime of forgery of letters (Chapter XII). The crime of forging letters is carried out by issuing a right that can cause harm to other people, in which the truth of the letter should be protected (Article 263 paragraph (1) of the Criminal Code). (Chazawi, 2001;97). In addition, it can be withdrawn as a crime of falsification of identity using a false identity in making online loans, including also into acts of fraud as regulated in Article 378 of the Criminal Code, as described below: anyone who wants to benefit himself or others unlawfully by using a false name or false dignity (hoedanigheid), by deceit, or a series of lies, to induce another person to hand over something to him, or to give a debt or write off a debt, is threatened with fraud, with a maximum imprisonment of four years. This can be assessed in which from the start the perpetrator has a pure intention to commit fraud because from the start he has used someone else's identity.
Viewed from the point of view of the identity owner, the act of the perpetrator using his identity to make an online loan can be criminally processed on the basis of Article 311 paragraph (1) of the Criminal Code "If the person who has committed the written defamation, in that case it is permissible to prove that what is alleged is true, he does not prove it and the accusation is made contrary to what is known, then he is threatened with slander, with a maximum imprisonment of four years". Slander or defamation here, is when the perpetrator acts as if the victim as a borrower in an online loan cannot perform the obligations for the loan made so that the victim will be harmed both materially and non-materially.
Regarding the use of other people's personal identities in making online loans, the perpetrator's actions are seen from the provisions in Law No. 11 of 2008 concerning Information and Electronic Transactions. Articles related to the protection of personal data for online loan service users, including: 1. In Article 26 Paragraphs (1) and (2): (1) Unless stipulated otherwise by laws and regulations, the use of any information through electronic media concerning a person's personal data must be carried out with the consent of the (2) Any person whose rights are violated as referred to in Paragraph (1) may file a lawsuit for the losses incurred under this Law. Based on the contents of the article above, it is stated that the use of information technology, protection of personal data is part of personal rights (privacy rights). Analyzed based on the theory of legal protection, the provisions of Article 26 of the ITE Law have explicitly required everyone to first obtain permission from others to use their personal data, and people who feel aggrieved over the use of their personal data without permission can file a lawsuit. The principle of legal protection in the context of this problem is that the law protects one's interests by giving power to a person to control his personal identity so there are no misuse and exploitation done by other parties who are not the authority of that identity. 2. Article 30 of the ITE Law, the perspective of legal protection is a manifestation of the protection of a person's personal identity in which a person is prohibited from obtaining electronic information by violating, breaking through, exceeding or breaking into the security system, which means that such action does not obtain permission from the owner of personal data or anyone else who has the authority over the personal data. 3. Article 45 Paragraph (3) states any person who intentionally and without rights distributes and/or transmits and/or makes accessible Electronic Information and/or Electronic Documents containing insults and/or defamation as referred to in Article 27 Paragraph (3) shall be sentenced to a maximum imprisonment of 4 (four) years and/or a maximum fine of Rp. 750,000,000.00 (seven hundred and fifty million rupiah). 4. Article 45 B, any person who intentionally and without rights sends Electronic Information and/or Electronic Documents containing threats of violence or intimidation aimed at personally as referred to in Article 29 shall be punished with imprisonment for a maximum of 4 (four) years and/or a maximum fine of Rp. 750,000,000.00 (seven hundred and fifty million rupiah)." In addition to criminal sanctions, specifically violations of personal data in the field of online loans can also be the subject to administrative sanctions, as regulated in Article 47 POJK No. 77/POJK.01/2016, which states that for violations of obligations and prohibitions in this OJK regulation, OJK has the authority to impose administrative sanctions on the Operator in the form of: a. written warning; b. fines, namely the obligation to pay a certain amount of money; c. limitation of business activities; and d. license revocation. The importance of a regulation that regulates the protection of personal data will create trust in the public, one of which is by including company legal documents from the OJK in the online loan digital application platform. (Afifi, 2019;248). On the basis of these laws and regulations, parties who are harmed by the use of their personal data for online loans made by other parties can take legal action. Because there is a possibility where the actual owner of personal data will experience problems in the future if he wants to make an online loan at an online loan service provider because the data has been used by someone other than himself.
The difficulty of controlling identity fraud on online loans tends to occur because there are no complaints from the public whose identities are used by other people to make online loans, this is mainly due to the ignorance of the owner of personal data that the data has been used irresponsibly by the perpetrators. New problems will arise if the online loan service provider finds the real owner of the data and gets clarification, or vice versa the owner of the personal data gets threats, pressure and even defamation, including immoral actions from the collectors of online loan service providers.
These obstacles occur because currently in Indonesia, the government has not been able to provide experts in the cyber field in which online loan crimes are categorized as cyber crimes that are part of the Special Crime Investigation Unit. Indonesia has also not been able to optimally supervise internet users making cyber crime increasing in number. Weak devices in the Electronic Information and Transaction Law can still be found in the provisions of Article 27 and Article 37 wherein it is regulated regarding