Algeria’s digital payment landscape is transforming rapidly. Since Algérie Poste launched BaridiPay in June 2025, millions of Algerians now tap their phones to pay merchants via QR codes — no card, no cash. But as QR-based payments surge, so does a new breed of fraud called “quishing” — QR code phishing — that targets the trust users place in those simple black-and-white squares.
The Rise of BaridiPay and QR Payments in Algeria
BaridiPay represents Algérie Poste’s boldest push toward a cashless economy. Integrated into the BaridiMob app, the service allows CCP account holders to make contactless payments at merchants by scanning QR codes. The system bypasses the need for physical debit cards — a significant advantage in a country where card infrastructure remains uneven outside major cities.
The timing aligns with Algeria’s broader regulatory push. The Bank of Algeria’s Instruction No. 06-2025, published in August 2025, established the first formal framework for Payment Service Providers (PSPs), mandating that all digital payment services operate exclusively in Algerian dinars. This regulatory clarity has accelerated merchant adoption, with thousands of small businesses — from cafés in Algiers to pharmacies in Oran — now displaying BaridiPay QR codes.
But the rapid adoption has created an attack surface that cybercriminals are eager to exploit.
How Quishing Attacks Target QR Payment Users
Quishing — the fusion of “QR” and “phishing” — has emerged as one of the fastest-growing fraud vectors globally. According to fraud prevention data, victims of QR code phishing scams lost an average of $1,225 each in 2025. The attack model is deceptively simple and particularly dangerous in Algeria’s nascent digital payment ecosystem.
The Anatomy of a QR Code Scam
Overlay attacks represent the most direct threat to BaridiPay users. Scammers print fraudulent QR stickers and place them over legitimate merchant codes at shops, restaurants, or parking meters. When a customer scans the tampered code, payment is redirected to the attacker’s account instead of the merchant’s.
Fake notification scams exploit Algeria’s evolving digital government services. Attackers send SMS messages or social media posts mimicking official notices — such as fake utility bills, traffic fines, or tax notifications — with embedded QR codes. Scanning these codes leads to credential-harvesting pages designed to look like the BaridiMob login screen.
Social engineering via marketplace platforms is particularly relevant in Algeria, where platforms like Ouedkniss dominate peer-to-peer commerce. Scammers posing as buyers or sellers share malicious QR codes during transactions, claiming they need to “verify” payment through a special link.
Advertisement
Algeria’s Defensive Measures
Regulatory and Technical Safeguards
Algérie Poste has implemented several security layers within the BaridiPay ecosystem. All transactions occur over HTTPS-encrypted channels, and the system requires authentication through the BaridiMob app before any payment is processed. Unlike open QR systems where any QR code can redirect to any URL, BaridiPay’s closed-loop architecture means QR codes are generated and validated within Algérie Poste’s infrastructure.
The Bank of Algeria’s PSP regulation adds another layer by requiring all payment providers to maintain robust fraud detection systems and report suspicious transactions. The regulation mandates that PSPs implement real-time transaction monitoring and maintain audit trails.
The Cybersecurity Strategy Connection
Algeria’s National Cybersecurity Strategy for 2025-2029, approved by Presidential Decree No. 25-321 in December 2025, provides the overarching framework for securing digital financial infrastructure. The strategy calls for dedicated cybersecurity units across public institutions — including financial services — and prioritizes the protection of critical digital infrastructure.
Decree No. 26-07, published in January 2026, operationalizes this by mandating cybersecurity units within government agencies, which extends to state-owned entities like Algérie Poste.
What Algerian Users Should Do Now
Protecting yourself from QR code fraud requires awareness and simple habits:
Verify before scanning. Always confirm that a QR code at a merchant location hasn’t been tampered with — look for stickers placed over the original code, misaligned printing, or codes that seem newly attached.
Use only the official BaridiMob app. Never scan QR codes with your phone’s generic camera app for payments. The BaridiMob app validates QR codes within Algérie Poste’s ecosystem, rejecting codes that don’t match registered merchants.
Be skeptical of unsolicited QR codes. Government agencies and utilities in Algeria do not send QR codes via SMS for payment. If you receive one, it is almost certainly a scam.
Enable transaction notifications. Configure BaridiMob to send immediate SMS or push notifications for every transaction, so unauthorized payments are detected instantly.
Report suspicious activity. Algérie Poste maintains customer support channels for fraud reporting. Early reporting increases the chance of freezing fraudulent accounts and recovering funds.
The Road Ahead: Building Trust in Digital Payments
Algeria’s transition to digital payments is irreversible, but its success depends on maintaining user trust. The country’s relatively late entry into mobile payments is actually an advantage — it can learn from the QR code fraud epidemics that hit more mature markets in Asia and Europe.
The convergence of BaridiPay’s closed-loop architecture, the Bank of Algeria’s PSP regulations, and the national cybersecurity strategy creates a layered defense that many early-adopter countries lacked. But technology alone isn’t enough. Sustained public awareness campaigns — particularly targeting first-time digital payment users in Algeria’s interior regions — will determine whether the country can scale QR payments without scaling fraud alongside them.
Frequently Asked Questions
Sources & Further Reading
- Algérie Poste Launches “Baridi Pay” Mobile Payment Service — DzairTube
- Algeria Launches First Fintech Regulation for PSPs — Startup Researcher
- Quishing Explained: How QR-Code Payment Scams Work — ScamWatch
- QR Code Scams: What You Need to Know — Unit21
- Algeria Cybersecurity Strategy 2025-2029: Full Analysis — AlgeriaTech
