Personal Data Protection Law (PDPL)
Effective September 2024 — Saudi GDPR-equivalent administered by SDAIA
Saudi Data & AI Authority (SDAIA)
Middle East & North Africa · GDP rank #18
Saudi Arabia
SA · SAR @ 0.2667/USD
Saudi Arabia has structurally over-delivered its Vision 2030 cashless objective — SAMA reported 85% of retail transactions ran non-cash in 2025, well ahead of the original 70%-by-2030 target. The system is anchored by mada, the SAMA-owned domestic debit scheme that routes ~84% of card volume; sarie, the 24/7 instant rail that scaled from 22% to >70% of retail A2A in three years; and an Apple Pay deployment with the highest iPhone penetration in MENA. The next chapter is exporting the stack regionally through the AFAQ GCC bridge.
Tab 06
Fraud & security
Headline fraud totals and typology splits, the rollout of EMV chip, tokenisation, 3DS and biometrics, and the controlling data-protection and payments statutes.
Fraud absolute level fell in 2024 — a rare G20 trajectory — driven by mandatory biometric auth on all mada digital issuance plus sarie confirmation-of-payee since 2023.
Reported payment fraud · 2024
840M SAR▼ -6% vs prior year
Card-not-present share
74%
3DS adoption on CNP
98%
Trend lines
What's growing fastest
Where a full typology breakdown is not published, the authorities typically disclose year-on-year growth in specific scam categories. Authorised push-payment (APP) scams and account-takeover fraud are the canonical “wallet era” concerns in most markets.
- Card-not-present share74%
- APP scam growth YoY+18%
- Account takeover growth YoY+12%
Controlling regulation
SAMA Cyber Security Framework
Mandatory for all SAMA-regulated financial institutions since 2017 — updated 2023 to cover cloud and third-party risk
Saudi Central Bank (SAMA)