Project XBY

Middle East · GDP rank #38

Egypt

EG · EGP @ 0.0189/USD

Egypt is the Arab world's most populous economy and the region's clearest case of payments digitisation forced from above. Vodafone Cash leads a mobile-money market with 46m active wallets; Meeza, the state-backed national card scheme, sits on roughly 55% of cards in issue and is the default rail for government salary, pension and welfare disbursement; InstaPay, the CBE-operated instant rail, crossed 1.5bn cumulative transactions in 2024 and ran at ~263m transactions in Q1 2025 alone. The March 2024 float of the pound under the IMF programme redrew every cross-border line on the page and pulled remittance inflows back through formal channels.

Tab 06

Fraud & security

Headline fraud totals and typology splits, the rollout of EMV chip, tokenisation, 3DS and biometrics, and the controlling data-protection and payments statutes.

Annual fraud losses

EGP 1.8B +42% vs 2023

EGP · 2024

Loss rate

~9bp

basis points on transaction value · 2024

CNP share of fraud

64%

% · 2024

Fraud typology

Where losses come from

Card-not-present dominates every developed-market fraud profile — counterfeit and lost/stolen have both been mechanically suppressed by EMV and tokenisation over the last decade.

Share of card fraud

  • Authorised push payment (InstaPay social-engineering)+58%
  • Card-not-present (e-commerce)64%
  • Account takeover+33%

Authentication

What's deployed on cards today

EMV is the floor; tokenisation removes PAN from merchant systems; 3DS covers the CNP flow; biometric auth drives device-level wallet transactions. Adoption gaps between markets are the clearest signal of fraud-regime maturity.

EMV chip penetration

100%

% · 2024

Tokenised transactions

~25%

% · 2024

3DS coverage · CNP

84%

% · 2024

Biometric mobile wallet txns

~80%

% · 2024

Consumer protection

Framework
CBE Consumer Protection Department under Banking Law 194/2020; FRA consumer protection for non-bank fintech
Max consumer liability
EGP 1,000 for unauthorised card transactions
Liability rules
Unauthorised card transaction liability capped at EGP 1,000 unless gross negligence is proven; APP fraud reimbursement on a bank-by-bank basis with CBE encouraging voluntary code of conduct adoption — no statutory reimbursement comparable to the UK PSR rules.

Source · Central Bank of Egypt

Security standards

  • PCI DSS 4.0 mandated by CBE for acquirers and processors
  • 3D Secure 2.0 mandatory for e-commerce since 2022
  • Mobile wallet biometric authentication required at app level (CBE 2025 circular)
  • Data Protection Law 151/2020 with DPC operationalising 2025–26