Tax Chief Can Inspect Credit Card Transactions; Data Remains Protected.
Jakarta, CNBC Indonesia - Director General of Taxes Bimo Wijayanto has affirmed that taxpayers’ confidentiality will be maintained even as the Directorate General of Taxes (DJP) broadens access to information and data under Finance Minister Regulation PMK 8/2026, which revises PMK 228/2017. ‘So it is clearly in line with Article 34 concerning taxpayer confidentiality; it is embedded in our system,’ Bimo said at the Tax Class event at the DJP Central Office in Jakarta, quoted on Thursday (6/3/2026).
He emphasised that the assurance of data confidentiality has been consulted with the Ministry of Communications and Digital Affairs (Kominfo) and the National Cyber and Crypto Agency (BSSN). From these consultations, he noted that all DJP systems possess sufficient capacity to protect the sovereignty and security of taxpayers’ data and information, including the expanded scope of credit card transactions under PMK 8/2026.
‘To do with Cortex, it is not only BSSN but there have been penetration tests by several independent bodies, including the National Intelligence Agency (BIN), BAIS (Strategic Intelligence Agency) and various others. So we guarantee sovereignty and security,’ Bimo said.
As is known, Finance Minister Purbaya Yudhi Sadewa has expanded the scope of ILAP (the acronym for reporting data and information) to include government agencies, institutions, associations, and other parties, i.e., ILAP, to report data and information to the Directorate General of Taxes (DJP), including from the banking sector.
This obligation, as set out in PMK 8/2026 revising PMK 228/2017, commenced on 27 February 2026.
‘To provide legal certainty, usefulness, and clarity regarding the implementation of activities for submitting data and information by government agencies, institutions, associations, and other parties, and the activities of compiling data and information for state revenue purposes,’ quoted from the PMK 8/2026 recitals, Monday (2/3/2026).
Specifically for banking, the data and information that must be reported to DJP related to the operation of credit cards, as previously regulated in PMK 228/2017. But in the latest PMK, PMK 8/2026, the reporting entities have been expanded.
Under the old PMK, the number of banking entities or credit card issuers that were required to report stood at 23; under the new PMK, that number rises to 27. The following are the entities:
PT Bank Central Asia Tbk
PT Bank Negara Indonesia (Persero) Tbk
PT Bank Mandiri (Persero) Tbk
PT Bank OCBC NISP Tbk
PT Bank Syariah Indonesia Tbk
PT Bank Rakyat Indonesia (Persero) Tbk
PT Bank Permata Tbk
PT Bank Danamon Indonesia Tbk
PT Bank Tabungan Negara (Persero) Tbk
PT Bank HSBC Indonesia
PT Bank Maybank Indonesia Tbk
PT Bank CIMB Niaga Tbk
PT Bank UOB Indonesia
PT Bank DBS Indonesia
PT Bank Mega Tbk
PT Bank Mega Syariah
PT Bank MNC Internasional Tbk
PT Bank Panin Tbk
PT Bank KB Indonesia Tbk
PT Bank Mayapada Internasional Tbk
PT Bank Sinarmas Tbk
PT Bank ICBC Indonesia
PT AEON Credit Services Indonesia
PT Honest Financial Technologies
PT Shinhan Indo Finance
PT Bank SMBC Indonesia Tbk
PT Bank QNB Indonesia Tbk
Meanwhile, in the old PMK, the 23 banks were:
Pan Indonesia Bank, Ltd. Tbk
PT Bank ANZ Indonesia
PT Bank Bukopin, Tbk
PT Bank Central Asia, Tbk
PT Bank CIMB Niaga, Tbk
PT Bank Danamon Indonesia, Tbk
PT Bank MNC International
PT Bank ICBC Indonesia
PT Bank Maybank Indonesia, Tbk
PT Bank Mandiri (Persero), Tbk
PT Bank Mega, Tbk
PT Bank Negara Indonesia 1946 (Persero), Tbk
PT Bank Negara Indonesia Syariah
PT Bank OCBC NISI Tbk
PT Bank Permata, Tbk
PT Bank Rakyat Indonesia (Persero), Tbk
PT Bank Sinarmas
PT Bank UOB Indonesia
Standard Chartered Bank
The Hongkong & Shanghai Banking Corp.
PT Bank QNB Indonesia
Citibank N.A
PT AEON Credit Services
In the latest PMK, the 27 banks or credit card issuers must begin reporting data and information to DJP no later than March 2027, with the reporting conducted annually. The data must be in electronic form and submitted online, containing merchant receipts from transactions made with credit cards.