Host: Here to walk us through all of this is Professor Dr. Wael Badawy, an expert in AI, cybersecurity and digital transformation. Welcome to the show, Dr. Badawy.
Prof. Dr. Wael Badawy: Thank you very much.
Host: Egypt is moving — as we can see — from fintech adoption to fintech infrastructure: digital banks, instant payments, wallets, AI, cloud data centres. What's the biggest missing layer today? Is it technology, regulation, cybersecurity, or talent?
Prof. Dr. Wael Badawy: The biggest missing block today is actual trust among users. We've seen around 16 million subscribers on the National Bank wallet — roughly 10 million of those on Android devices — and we're talking 2.1 to 2.6 billion transactions. Those are significant numbers.
Egypt has around 36 classical banks, which averages out to roughly 3 million customers per bank. But when you look at wallets, the national wallet alone has 16 million subscribers, and other wallets collectively account for around 46 to 55 million — with one wallet holding a 55% share. What that tells us is that Egypt has been stress-testing its financial transaction infrastructure and, critically, testing its users against cybersecurity threats. And that matters, because 95% of successful cyberattacks come from user behaviour, not system-to-system vulnerabilities.
Egypt has also implemented a national cyber response system specifically for banks, operating under the Central Bank of Egypt, and that team has been tested repeatedly. We've seen very minimal downtime across wallet and online transactions as a result. I believe Egypt is ready. The question now is whether users will migrate to fully digital banks or retain their classical banking habits.
Host: The Central Bank of Egypt has issued rules for digital banks, and Egypt's first fully digital bank is launching this year. From a technical risk standpoint — are digital banks safer because they're built from scratch, or riskier because everything is digital from day one?
Prof. Dr. Wael Badawy: I believe digital banks are safer, precisely because they are purpose-built for digital transactions. When built from scratch with that specific use case in mind, the architecture is cleaner and more secure.
That said, the experience in North America — where digital banks have existed for over 20 years — shows that even fully digital banks need to account for the human factor. Customer service cannot be eliminated. People will have questions, encounter issues, and need immediate human support. We've seen models in North America where digital banks partner with retail chains to provide physical touchpoints for basic queries — even if full transactions can't be completed there.
So going fully digital does not remove the need for human interaction. I don't see significant risk for Egypt here, given how much has already been practiced in the wallet space. The real question is whether people will commit to these banks at the scale needed for the economics to work.
Host: Financial inclusion has reached 54.7 million citizens with active accounts — a remarkable number. But many of these users are new to formal digital finance. Does that create a uniquely Egyptian cybersecurity challenge?
Prof. Dr. Wael Badawy: Absolutely. When you have that volume of new users online, education becomes critical — things as basic as ensuring people know how to properly close a banking app on their phone. It's still a challenge when more than 50% of users are concentrated on a single platform. And from a banking economics perspective, you need large user numbers for a digital bank to be sustainable — so scale matters enormously.
Host: In Egypt, a lot of fraud doesn't start with a hacked bank account — it starts with social engineering: fake links, SIM swaps, cash-out networks. Of all the links in the chain, which is the weakest right now?
Prof. Dr. Wael Badawy: The weakest link is the user. We've had extensive discussions this week and last across various forums about a very common Egyptian habit: sharing national ID numbers and photos of ID documents across communication platforms. A simple Google search can surface sensitive personal information that's more than enough to build a full identity profile.
When it comes to social engineering targeting Egyptian users, the barrier is very low. Most people associate their national ID with their phone number — and in many cases, that ID information is more publicly accessible than their phone number. Within my own team at work, I could realistically piece together enough information to impersonate any one of them. That's the scale of the challenge.
The second risk is the compromised phone — people still click on suspicious links, which can give bad actors full access to their device. So the end user remains the highest risk in the entire operation. The core issue is educating everyday Egyptians on how to protect their own identity. In North America, there are five legally protected categories of sensitive information — age, orientation, social insurance number, and others — with strong cultural awareness around protecting them. In Egypt, those barriers are much lower, and people share far more freely.
Host: With the rise of financial inclusion, we're also seeing more public and private awareness campaigns. Surely that will get us there?
Prof. Dr. Wael Badawy: I'm not so sure. I want to make an important point here: there is no unified channel for these campaigns. In the past, radio and television provided a common broadcast medium. Today, everything is scattered across social media and various platforms. I genuinely don't know what the measurable impact of these campaigns has been — I appreciate the effort, but the fragmentation is a real problem.
Host: A great point — and a topic for another time. Thank you so much, Dr. Badawy. It's been wonderful having you with us today.
