• How Affirm works
  • Is Affirm safe to use?
  • How do Affirm disputes work?
  • How Affirm handles your data
  • How to use Affirm safely
  • Other Affirm products and their safety considerations
  • FAQ: Common questions about Affirm safety
  • How Affirm works
  • Is Affirm safe to use?
  • How do Affirm disputes work?
  • How Affirm handles your data
  • How to use Affirm safely
  • Other Affirm products and their safety considerations
  • FAQ: Common questions about Affirm safety

Is Affirm safe? Essential info for online shoppers

Featured 12.05.2026 9 mins
Akash Deep
Written by Akash Deep
Ana Jovanovic
Reviewed by Ana Jovanovic
Sam Boyd
Edited by Sam Boyd
is-affirm-safe

Affirm is a U.S.-based buy now, pay later financing platform that lets customers split purchases into fixed payments through installment loans provided by Affirm or its lending partners. Like similar services, it collects personal details to verify identity and decide whether to approve the loan.

This guide explains whether Affirm is safe, how it protects your data and transactions, and what risks to consider before using it.

Please note: This article is for general informational purposes only and is not intended as financial or legal advice. Consider consulting a qualified financial professional for guidance specific to your situation.

How Affirm works

Affirm works through a short checkout-based loan process. Some merchants offer it alongside standard payment methods, and selecting it starts the approval process that shows the repayment terms before you commit.

As part of that approval process, you submit a loan request and provide the information Affirm needs to review it. Affirm uses these details to verify your identity and decide whether to approve the loan request. In many cases, Affirm provides a decision quickly.

If approved, you can review the full terms before confirming, including the total amount, number of payments, and any interest. If you accept, the purchase is completed, and you repay Affirm based on the agreed schedule.

Is Affirm safe to use?

Affirm is a U.S. lender that uses encryption and identity checks to protect customer data, and it undergoes independent third-party audits to verify its security practices.

Affirm holds PCI DSS Level 1 certification, which is a major payment-card security standard for handling cardholder data. It also maintains SOC 1 and SOC 2 Type 2 reports, which show that independent auditors have reviewed controls related to financial reporting and customer data protection over time.

Affirm uses Transport Layer Security (TLS) to encrypt data sent between a user’s device and its systems. This helps prevent information from being read if it’s intercepted in transit. Data stored on Affirm’s systems is also encrypted, which helps protect it if files are accessed without authorization.

When it comes to protecting individual customers’ accounts, Affirm uses one-time codes sent to your mobile number for sign-in instead of traditional passwords. This reduces the risk of reused or stolen passwords being used to sign in, but it also makes the security of your phone, phone number, and sign-in codes especially important.

During a loan application, Affirm verifies your identity using information from credit bureaus. In some cases, it may also request a government-issued ID or a photo to confirm your identity before approving the loan.Infographic showing how Affirm protects user data and account access.

Was Affirm ever breached?

In 2024, Affirm Card users were affected by a breach at Evolve Bank & Trust, the third-party issuer of the Affirm Card.

Evolve said the incident was a ransomware attack by the LockBit group, with attackers accessing and downloading customer information during periods in February and May 2024. Affirm disclosed in a July 2024 SEC filing that it believed personal information of Affirm Card users shared with Evolve for card issuance and servicing had been compromised. According to Affirm, its own information systems were not breached.

How do Affirm disputes work?

When you pay with Affirm, it processes the payment, but the merchant ships the order and handles returns, so the customer usually needs to contact the merchant first. If the merchant doesn’t resolve the issue, the customer can open a dispute with Affirm. Affirm says a decision can take up to 60 days from the day it receives the dispute.

During the investigation, the collection activity on the plan is paused. Affirm states that it doesn’t report negative credit information on the plan during that time.

If the dispute is resolved in the customer’s favor, Affirm refunds the plan. The customer may also be eligible for an interest refund, depending on the amount, the plan terms, and any payments already made.

If the dispute is resolved in the merchant’s favor, the original payment schedule resumes, and the customer has 10 days to make any payments that were paused.

How Affirm handles your data

Affirm collects, shares, and retains personal information as part of providing its loan and payment services.

What data is collected and why

When you create an Affirm account or apply for a loan, Affirm may collect personal information such as your name, date of birth, Social Security number (SSN), email address, mailing address, and phone number. Affirm uses this information to process transactions, verify identity, prevent fraud, and decide whether to approve a loan.

Affirm may also obtain information about you from third parties, including credit reporting agencies, identity verification providers, fraud prevention services, and merchant partners.

Data sharing with merchants and partners

Affirm shares your information with the partner banks that issue and service its loans, as well as with credit bureaus, identity verification vendors, and fraud prevention providers. Merchant partners receive information needed to complete the transaction and may also receive information for their own marketing purposes unless you opt out.

You can opt out of marketing-related data sharing by logging into your Affirm account and updating the "Data Sharing" setting under Other Settings.

Data retention and user rights

Affirm handles much of the personal information connected to its financial services under the federal Gramm-Leach-Bliley Act (GLBA), which governs nonpublic personal information collected by financial institutions. As a result, some state privacy rights may not apply to personal information collected, processed, or disclosed in connection with Affirm’s financial products and services, such as loan applications, payments, account servicing, or related financial-service activities.

Some state privacy rights may still apply to information collected outside that scope, such as certain website or app data that isn’t handled as GLBA-covered financial information. Affirm provides privacy request options for residents of states including California, Oregon, Minnesota, Montana, and Connecticut, depending on the type of data involved.

You can close your Affirm account if you don't have an active loan. If you do, Affirm may keep certain account information where needed for legal, business, security, or fraud-prevention reasons. Retention periods can vary depending on the type of data and why it was collected.

How to use Affirm safely

Affirm secures its systems, but account safety also depends on how you access it and how you handle payments and messages.

Keep account access secure

Affirm lets you add an extra layer of protection in the app with a passcode, fingerprint, or Face ID. This helps prevent the app from opening just because your device is unlocked. If you use Affirm on a desktop browser, signing out after each session can reduce risk, especially on a shared computer.Infographic showing steps to keep an Affirm account safe.

Watch for phishing and fake checkout pages

Scammers may impersonate Affirm through fake messages, login prompts, or checkout pages to capture account access or financial details. Never share a one-time sign-in code. Anyone asking for it is trying to access your account. The same applies to requests for full SSNs (can be used to gain access to your Affirm account), full card numbers, or login credentials. These are common signs of phishing attempts.

Affirm sends payment reminders and account alerts by email and SMS, but unexpected sign-in codes, payment notifications, or account emails should be treated carefully. If a message refers to an activity you didn’t initiate, check it through the official app or website rather than using links in the message.

At checkout, make sure you’re on an Affirm page or inside the official app. If a page redirects to an unfamiliar domain or asks for unusual information, exit and restart from the merchant’s site. Checking the site before entering personal data helps avoid fake checkout pages.

Related: How to check if a website is safe

Monitor account activity and credit

Review your Affirm account regularly to spot unfamiliar loans or payments early. After making a purchase, check that the loan amount, merchant, repayment schedule, and payment method match what you agreed to at checkout.

It’s also worth monitoring your credit and checking your credit reports for unfamiliar Affirm activity or accounts opened in your name. If you suspect fraud, placing a fraud alert with the credit bureaus can add an extra verification step before new credit is issued.

Other Affirm products and their safety considerations

Affirm offers other products, including a debit card, one-time-use virtual cards, and a savings account. Each works differently, so the main safety considerations vary by product.

The Affirm Card

The Affirm Card is a Visa debit card. Users request the card through the Affirm app, and it links to a personal bank account to fund purchases. Some eligible purchases can be converted into pay-over-time loans through the app. Because the card can be used for everyday purchases, unauthorized transactions are one of its main safety considerations.

For unauthorized transactions, liability depends on how quickly the loss or theft is reported. If reported within two business days of discovery, liability is capped at $50. After that, liability can increase and may become much higher if reporting is delayed. The app also includes controls to freeze the card or report unauthorized activity.

One-time-use virtual cards

When a merchant doesn’t support Affirm at checkout, Affirm can generate a one-time-use virtual card for the purchase. This temporary card number works for one transaction and then expires.

The payment flow is similar to a checkout loan. Affirm pays the merchant when the card is charged, and you repay Affirm on the agreed schedule.

From a safety perspective, this means limited exposure. Because the card number expires after one use, it can’t be reused for new purchases if the merchant’s systems are breached later.

Affirm Money savings account

Affirm Money is an interest-bearing savings account serviced by Affirm and held at Cross River Bank. It has no monthly account fees or minimum balance requirements, and Affirm says there’s currently no limit on the number of monthly transfers or withdrawals, though dollar limits and other transaction restrictions may apply.

It should be noted that Affirm itself isn’t a bank. Affirm Money deposits are held by Cross River Bank and are eligible for Federal Deposit Insurance Corporation (FDIC) insurance up to $250,000 if Cross River Bank fails.

FAQ: Common questions about Affirm safety

Does Affirm affect credit score?

Affirm can affect a credit score, but the effect depends on the loan, payment activity, and credit scoring model. Affirm reports payment activity to credit bureaus, including on-time, late, and missed payments. Plans issued on or after April 1, 2025, are reported to Experian, and plans issued on or after May 1, 2025, are reported to both Experian and TransUnion.

When does Affirm ask for your SSN?

Affirm may ask for the last four digits of your SSN as part of identity verification. Only provide this through Affirm’s official app or website, and be suspicious of messages or pages asking for your full SSN, sign-in code, or payment details outside the normal application flow.

How does Affirm protect payments?

Affirm protects payments using encryption, account access controls, and fraud monitoring. Transactions require access to your Affirm account. Affirm also monitors activity for unusual behavior and may request additional verification if something doesn’t match.

Can you delete your Affirm account?

You can close an Affirm account if you don’t have an active loan, a pending payment, or an open dispute. Closing the account stops future use, but it doesn’t automatically erase all personal information.

Take the first step to protect yourself online. Try ExpressVPN risk-free.

Get ExpressVPN
Content Promo ExpressVPN for Teams
Akash Deep

Akash Deep

Akash is a writer at ExpressVPN with a background in computer science. His work centers on privacy, digital behavior, and how technology quietly shapes the way we think and interact. Outside of work, you’ll usually find him reading philosophy, overthinking, or rewatching anime that hits harder the second time around.

  • RELATED POST
  • MORE FROM THE AUTHOR
Coupon fraud explained: How to spot fake deals and shop safely
Coupon fraud explained: How to spot fake deals and shop safely
Kelvin Kiogora 12.05.2026 15 mins
Gemini vs. ChatGPT: Which AI tool should you use in 2026
Gemini vs. ChatGPT: Which AI tool should you use in 2026
Chantelle Golombick 11.05.2026 15 mins
What jailbreaking an iPhone does and why we don’t recommend it
What jailbreaking an iPhone does and why we don’t recommend it
Michael Pedley 11.05.2026 16 mins
Narrow AI: The tech behind Siri, spam filters, and fraud alerts
Narrow AI: The tech behind Siri, spam filters, and fraud alerts
Kelvin Kiogora 11.05.2026 14 mins
How to recover deleted files on Mac: Step-by-step guide
How to recover deleted files on Mac: Step-by-step guide
Elly Hancock 09.05.2026 15 mins
What is a residential VPN? Your guide to secure browsing
What is a residential VPN? Your guide to secure browsing
Akash Deep 06.05.2026 13 mins
Plenty of Fish scams: Red flags to watch for and how to stay safe
Plenty of Fish scams: Red flags to watch for and how to stay safe
Akash Deep 04.05.2026 11 mins
Social media privacy: How to protect your data online
Social media privacy: How to protect your data online
Akash Deep 30.04.2026 13 mins
What is geoblocking? Why it happens and how it works
What is geoblocking? Why it happens and how it works
Akash Deep 29.04.2026 12 mins
WannaCry ransomware explained: The attack that changed cybersecurity
WannaCry ransomware explained: The attack that changed cybersecurity
Akash Deep 21.04.2026 14 mins
Is Plaid safe? What to know before connecting your bank account
Is Plaid safe? What to know before connecting your bank account
Akash Deep 11.04.2026 10 mins
Is Google Drive secure? A practical guide to keeping your files safe
Is Google Drive secure? A practical guide to keeping your files safe
Akash Deep 08.04.2026 13 mins

ExpressVPN is proudly supporting

Get Started