Is Buy Now Pay Later safe and secure? 5 questions answered

Considering using Buy Now Pay Later (BNPL) to make purchases online? Or maybe you already do ... 

You’re not alone. 

In fact, according to ASIC's 2020 Buy Now Pay Later: An Industry Update report from the 2017-18 financial year to the 2018-19 financial year, the number of active BNPL accounts across six providers grew by 38% (from 2.7 million to 3.7 million). 

There was also a large increase in BNPL transactions, too. From June 2018 to June 2019, the number of purchases increased from 1.9 million to 3.4 million (an increase of 75%). 

“It’s not surprising that Buy Now Pay Later platforms continue to see an uptick in the amount of customers signing up and making purchases,” Mozo director, Kirsty Lamont says. 

“However, unlike the security of a large bank or credit card provider, some consumers may have questions around how these newer platforms store and protect their information and whether its a safe payment method to use online.” 

So how secure is using BNPL online? Let’s take a look … 


ASIC found that over the 2018-19 financial year, Afterpay (73%), Zip (11%) and Humm (11%) had the highest total value of transactions. All three platforms can be used both online and in-store. 

So we’ve compared these three BNPL providers to find out what information they collect from consumers on sign up, how they use it and any risks that come from using them online. 

1. What personal information do Afterpay, Zip and Humm collect? 

The truth is, Buy Now Pay Later platforms collect a bunch of your personal and financial information when you open an account with them. 

Across Afterpay, Zip and Humm, there are three main categories when it comes to the  information they store. These are: 

  • Your contact information: this might include your name, residential address, business address, phone number, email etc.  
  • Your personal information: this might include your date of birth, drivers license number, other identification documents etc. 
  • Your financial information: this might include your bank account, credit card or debit card details, income and expenditure, employment status etc. 

It’s also important to note that some of these platforms may allow you to opt into sharing your social media account information, such as your Twitter or Facebook. In this instance the information received by your BNPL provider varies depending on the social media platform. 

2. How do BNPL platforms secure my information? 

Afterpay, Zip and Humm are all subject to the Privacy Act 1988 (Cth) as well as the Australian Privacy Principles (APPs). And, where necessary, may also fall under the Privacy (Credit Reporting) Code 2014.   

These laws outline the standards rights and obligations around customers’ personal information and the way it is used. They relate to things from the collection, use and disclosure of information to governance, accountability and access to information. 

But what specifically do BNPL platforms do to protect your info? Take Afterpay for example. 


Afterpay’s senior director of public policy and regulatory, Michael Sadaat says that Afterpay regularly reviews its security measures to ensure customers’ information continues to be kept safe. 

“Afterpay keeps a customers information secure by using physical and technical safeguards to reduce the risk of loss, misuse, unauthorized access and disclosure. 

“For example, we use two-factor authentication when our customers are logging into their accounts or making purchases.” 

Similarly, both Zip and Humm store information physically or electronically (or both) and abide by industry standard levels of security to prevent any unauthorised access to your information. It is also important to remember that any partner retailers with these BNPL platforms may have access to your information and operate under their own privacy policies. 

3. Why is my information collected? 

You may be asking yourself, for what reasons do BNPL platforms like Afterpay, Zip and Humm collect this sort of information in the first place? 

There are a few. 

“In order to offer the service they provide - which is a form of credit - these providers first and foremost need to know you are who you say you are,” Lamont says. 

“When you sign up, they’ll also require you to provide bank account, debit or credit card details to attach to your account so that you can start making purchases.” 

As outlined on each of the platforms’ privacy policies, some of the reasons for collecting your information include: 

  • To verify your identity 
  • To process a transaction (using your banking information) 
  • To contact your about upcoming payment that are due 
  • To perform any necessary credit checks or provide credit information to third party credit reporting bodies 
  • To provide customer support and resolve any issues that may arise 
  • For marketing communications (such as providing information about upcoming promotions) 
  • For legal purposes (e.g. under anti-money laundering laws). 

4. Is there more risk using BNPL online than in-store? 

As financial technology continues to grow and develop, cyber security is a top concern for many people, especially when it comes to potential breaches of personal information.  

So the question is: is your money more safe if you use Buy Now Pay Later in store rather than online? According to Afterpay’s Michael Sadaat, customers are protected either way. 

“Our security measures mean that customers are protected when they are shopping online or in-store. When shopping online or in-store, customers are protected through two-factor authentication and a range of fraud-detection measures that sit behind the scenes,” he says. 

“There are some simple things a customer can do to improve their online security, including never reusing passwords and using a password manager. Customers should also keep an eye on their accounts for suspicious transactions and sign up for data breach monitoring services.”

5. I feel my details have been compromised, now what?

While it is unlikely to happen, there is a possibility that your BNPL information could be compromised - for example your account being hacked. 

In this instance it is important to get in contact with your provider immediately and identify any unrecognisable transactions. On top of that, it’s crucial to change your password as soon as possible to avoid the hacker being able to get into the account again. 

Also ensure that no other accounts have been breached, such as your email where your BNPL information may be stored. Get in contact with the appropriate body if you suspect more fraudulent activity across multiple platforms. 

Want to find out more about Buy Now Pay Later? Read our comprehensive guide: Buy Now Pay Later Services in Australia: provider comparisons, how to sign up and tips to manage a BNPL account.