Identity verification in Indonesia
Executive summary. Indonesia is Southeast Asia's largest economy (≈280M people, 17,000 islands, 700+ languages) and its most consequential fintech market: GoPay, OVO, DANA, LinkAja and ShopeePay move hundreds of millions of daily wallet transactions, QRIS transaction volumes grew ≈175% year-on-year in 2024, and Indonesia's fintech services market sits around USD 19-21 billion in 2025. KYC/AML rest
Documents supported
(Government IDs from 220+ countries)
Average verification time
Countries covered
(Government-issued IDs validated)
Market overview
Indonesia is the fourth-most populous country in the world (≈280M people), the largest economy in ASEAN, and by GDP the 16th-largest economy globally. Smartphone penetration exceeds 75% among adults, and Indonesia routinely ranks in the global top three for time-on-mobile. The fintech layer is dominated by a handful of super-apps and wallets:
Supported documents
Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.
Regulators
for commodity derivatives, and crypto until January 2025
Dukcapil (Directorate General of Population and Civil Registration)
regulated
98%+ adult coverage. IC chip but remote real-time verification limited
Dukcapil
regulated
Digital ID app with ~16M users as of 2025
DGT (Directorate General of Taxes)
regulated
AHU
open
Government & regulated databases
Compliance framework
AML framework
Supervised by Bappebti
Indonesia's KYC/AML stack sits on several overlapping pillars:
Data protection
Supervised by UU PDP
- UU No. 27 Tahun 2022 (UU PDP) is Indonesia's first omnibus data-protection law. Enacted 17 October 2022, it entered its two-year transition period which ended on 17 October 2024; from that date all data controllers and processors are legally required to be fully compliant. UU PDP imposes consent r
Penalties for non-compliance
- OJK enforcement. OJK has repeatedly fined banks, multifinance companies and P2P lenders for APU-PPT failures under POJK 12/2017, POJK 23/2019 and now POJK 8/2023, including suspension of business activities, licence revocation and administrative fines in the billions of rupiah.
Use cases
Neobanks, EMIs, payment institutions, lenders, brokerages.
For OJK-supervised entities, a typical e-KYC onboarding under POJK 8/2023 and POJK 10/POJK.05/2022 combines five layers:
Exchanges, custodians, wallets, on/off-ramps.
Until 11 January 2025, physical crypto-asset trading was supervised by Bappebti (Badan Pengawas Perdagangan Berjangka Komoditi, Ministry of Trade) under Peraturan Bappebti No. 8 Tahun 2021. The regime required CPFAK (Calon Pedagang Fisik Aset Kripto) licensing, a central clearing house, a crypto-ass
Sports betting, online casinos, age-gated platforms.
Indonesia prohibits every form of gambling, online or offline, under UU No. 7 Tahun 1974 on the Regulation of Gambling and Articles 303 and 303 bis of the Indonesian Criminal Code (KUHP). There is no legal iGaming market. There is no regulator to license, no KYC framework for operators, and no produ
Gig platforms, delivery, creator economy, e-commerce.
Marketplaces fall under Permendag No. 31 Tahun 2023 (which on 26 September 2023 replaced Permendag 50/2020) and under PP 71/2019 + Peraturan Menteri Kominfo No. 5 Tahun 2020 for Private PSE registration.
Biometric liveness
There is no single Indonesian technical standard that prescribes a specific liveness algorithm, but OJK's POJK 8/2023 requires regulated entities to use CDD procedures commensurate with risk and aligned with FATF recommendations, and OJK's digital-onboarding guidance for banks and P2P lenders requires verification methods that "effectively detect forgery and impersonation." In practice the market has converged on: - ISO/IEC 30107-3 Presentation Attack Detection, with Level 2 being the de-facto b
CERTIFICATIONS
Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.
Full EU data protection compliance
Information security management
PAD (liveness + face match)
TRUSTED WORLDWIDE
Join thousands of companies that trust Didit for their verification needs
Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.
Spanish Financial Sandbox
CNMV, SEPBLAC & Spanish Treasury — Conclusions Report
Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.
Vuk Adžić
Head of the E-Business Department at Crnogorski Telekom
Didit offered us a robust technology with a simple implementation and adaptability to different markets”.
Fernando Pinto
CEO & CoFounder at TucanPay
Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.
Diana Garcia
Trust & Safety Executive at Shiply
Didit’s integration slashed verification times and costs, freeing resources for other projects”.
Guillem Medina
COO at GBTC Finance
Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”
Paul Martin
VP Marketing & Growth at Bondex
Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”
Cristofer Montenegro
Executive assistant to the CEO at Adelantos
Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”
Ernesto Betancourth
Gerente de riesgos at CrediDemo
FAQ
Yes. Indonesia permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.
Didit verifies all major national IDs, passports and residence permits issued in Indonesia, plus 14,000+ document types globally for cross-border flows.
Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.
Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Indonesia.
Most regulated sectors in Indonesia require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.
Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Indonesia’s crypto regulatory framework, including EU Travel Rule compliance where applicable.
Yes. Didit provides document-based age verification and identity confirmation suitable for Indonesia’s iGaming regulatory requirements.
500 free verifications per month. No contracts, no minimums. $0.30 per verification after the free tier.
