Google Pay is an online wallet solution for secure mobile transactions and internet purchases.Google Pay (through Google Wallet) officially became active in Bangladesh on June 24, 2025, with the collaboration of City Bank, Mastercard, and Visa . Tap-to-pay at neighborhood and worldwide NFC-equipped POS devices but not P2P transactions, QR payments, or online shopping for now. Now it is available only for City Bank Mastercard/Visa Android cardholders. Before release, some customers used foreign cards and VPNs to force NFC payments with Google Wallet, but for local banks it was unofficial or incomplete.
Bangladesh’s mobile wallets have a combined market share of nearly 70% of the digital payments industry, bKash at 40%, then Nagad at 18% and Rocket at 12%. Post‑COVID uptake was strong, with more than 235 million MFS accounts as of late 2024 and $48 billion in daily transactions in FY 2022–23. Widespread use of smartphones and internet connectivity and growing confidence in cashless payments have resulted in extensive use of mobile banking and QR services.
Google Pay secures payments via tokenization, which substitutes card numbers with digital tokens, thus real card numbers are never disclosed. It encrypts data in transit and when it’s stored using end-to-end encryption. It utilizes biometric authentication such as fingerprint or facial recognition, or device passwords. Such security renders fraud out of the question even if the phone is stolen. Further, Google tracks dubious activity and permits users to remotely wipe or lock payment information in case of a breach.
A record level of internet frauds in the form of phishing, one-time password (OTP) frauds, SIM swap attack, mobile application clones, and QR code scams has occurred in Bangladesh. Recently, hackers have been redirecting government allowances to unknown phones by taking over telephone numbers through SIM swapping. Others have used platforms such as WhatsApp to trick victims into taking up fake job postings, leading them to fake applications such as “C-Finance.” Phishing messages posing as delivery or banking services are also on the rise, targeting unsuspecting individuals sensitive banking information.
Most of the Bangladeshi users lack the right information regarding digital risk of fraud and hence are vulnerable to fraud. A significant portion gets caught in phishing inadvertently by clicking suspicious links or giving OTPs to fraudsters. Although smartphones are accessed more, digital literacy is not uniform, particularly in rural areas. Lack of information leads to abuse of mobile financial services and mobile payment apps subsequently, hence financial loss. Efforts towards enhancing user education in terms of cybersecurity and safe online practices are essential in mitigating fraud cases in the nation.
Bangladesh digital transactions are controlled by law such as the ICT Act (2006) and Cyber Security Act (2023), dealing with cybercrime and secure digital infrastructure. Bangladesh Bank controls payment systems by licensing operators and maintaining compliance with regulations in mobile financial services. The Bangladesh Telecommunication Regulatory Commission (BTRC) controls telecom and internet services by blocking unauthorized content. The newly formed Cyber Security Agency upholds cyber laws and secures online communication. Collectively, these agencies form an infrastructure to facilitate secure digital payments and fight fraud across the country.
Google Pay has advanced security features like tokenization, encryption, and biometric authentication to provide strong security during transactions. Local payments like bKash, Nagad, Upay, and Rocket have local standards of strong security features like PIN, two-factor authentication, and fraud detection. But Google Pay has international standards of security and regular updation because of the technology of Google, and therefore it can be safer. However, the domestic wallets are tailored to Bangladesh’s market and are regulated tightly by Bangladesh Bank, establishing user confidence and awareness of Bangladesh fraud issues.
Though having good security measures, Google Pay is also vulnerable, particularly when users connect accounts to debit cards without enabling extra protection. Malware, weak passwords, compromised use of credentials, and usage over open public Wi-Fi can make users fall into the trap of scams. Moreover, Google Pay’s weak local presence in Bangladesh, as it has rolled out with limited features, gives it time for settling disputes or fraud claims. Such users who have no clue about security settings or are digitally illiterate are particularly vulnerable without proper training or local support.
Bangladesh’s City Bank is the first domestic bank to get integrated into Google Pay, enabling customers to link Visa or Mastercard and securely make NFC tap‑to‑pay payments. City Bank implements global best practices for security tokenization and PCI‑DSS compliance by collaborating with Compass Plus Technologies. Domestic banks supporting international cards also implement robust encryption, two‑factor authentication, and fraud monitoring. These steps are in line with global best practices, promoting trust when Bangladeshi consumers pay using Google Pay.
Various anecdotal reports emphasize the disparity between fraud and anti‑fraud. Some users attribute financial loss by phishing and OTP-sharing, while others attribute Google Pay tokenization and biometric controls for preventing unauthorized charges. Cybersecurity professionals note that Google’s worldwide infrastructure allows real-time fraud detection and rapid response. In the meantime, bank authorities mention that compliance with global standards like PCI‑DSS and two‑factor authentication lowered false declines and increased customer confidence. Overall, these findings highlight Google Pay’s potential to enhance transactions security in Bangladesh.
To be safe from internet fraud, the users must implement basic preventive actions. Login to the internet always using a safe connection, and particularly during financial transactions. Activate two-factor authentication (2FA) for additional protection to accounts and never provide OTP codes and personal details to others. Download apps from authentic sources such as the Google Play Store, and never use third-party links. Regular updates of apps and devices keep security patches up to date, protecting against the latest possible vulnerabilities. These steps effectively minimize unauthorized access and digital theft threats.
For secure digital transactions, the large-scale official launch of Google Pay in Bangladesh should be expedited with open regulatory monitoring by BTRC and Bangladesh Bank. Digital literacy campaigns should be reinforced to train users on risk from fraud and use in a secure way. Improved collaboration among technology firms, banks, and government agencies will enable common security standards, quicker responses to fraud, and a more secure digital transaction ecosystem in the country as a whole.
MD. Noor Hamza Peash
LL.B. student, Department Of Law
World University of Bangladesh.
