A Dubai resident has reported losing Dh20,000 to Buy Now, Pay Later (BNPL) fraud after unauthorised transactions were made on his account without receiving any OTPs or alerts. The incident has raised concerns about growing security gaps in BNPL platforms.
The user discovered the issue when an in-store payment was declined. His credit limit had been Dh3,000, and he hadn’t used the BNPL service since March. Despite contacting the provider, his claims were denied, prompting him to report the case to Dubai Police and Dubai Consumer Protection.
Cybersecurity experts believe the fraud may have involved an account takeover attack using stolen credentials or weak verification systems. Some blame third-party retailers and BNPL platforms for failing to issue alerts or enforce strong authentication.
Legal experts confirmed the resident took the correct steps by filing a complaint. Further action may include escalation to the UAE Central Bank or TDRA, depending on the BNPL provider’s licensing.
The case comes amid new regulation: UAE banks are set to phase out SMS OTPs in favor of app-based authentication by March 2026, as part of broader efforts to strengthen consumer protection in digital finance.
