Technology & Innovation

UAE banks are gradually phasing out traditional one-time passwords (OTPs) sent via SMS or email, replacing them with in-app transaction approvals that aim to deliver faster and more secure payment authentication. The transition is part of a broader effort to combat rising incidents of phishing, SIM-swap fraud and OTP interception, which have exposed vulnerabilities in SMS-based verification methods.

Under the new system, customers are required to authorise card payments directly within their bank’s mobile application. Instead of receiving a numeric OTP, users receive a push notification prompting them to approve or decline the transaction using app-level security features such as biometric authentication or a smart pass PIN. This ensures approvals take place within a secure, bank-controlled digital environment.

As previously reported by Khaleej Times, Emirates NBD is among the UAE banks that have begun implementing app-based verification for online card payments. A recent transaction carried out to test the system illustrates how the new process works in practice.

Step 1: Authorisation prompt
After entering card details for an online payment, customers no longer see an OTP request on the payment page. Instead, a message appears instructing them to authorise the transaction through their bank’s mobile app. Simultaneously, customers receive an SMS alert notifying them that a card payment requires approval and directing them to log in to the ENBD X app and access the “Activities” section.

Step 2: Pending payment notification
Once logged into the app, customers are presented with a notification indicating a pending online card transaction. The alert prompts users to review the payment details.

Step 3: Review window
Selecting the notification opens a dedicated “Authorise transaction” screen. Customers are advised to carefully review the transaction details, including the merchant name and payment amount. The screen provides clear options to approve or decline the payment, along with a two-minute countdown timer showing how long the request remains valid.

Step 4: Final approval
To complete the transaction, customers approve the payment by entering their smart pass PIN or using biometric verification. Once authenticated, the payment is processed instantly without the need to enter or share an OTP.

What customers can expect next
The move away from OTPs is being implemented in phases across the UAE banking sector. Since July 25, banks have begun discontinuing SMS and email OTPs for selected digital and card-based transactions. During the transition period, customers may encounter a combination of authentication methods depending on the bank, transaction type and channel.

Banks are expected to fully eliminate SMS and email OTPs by March 2026, in line with regulatory efforts to strengthen digital banking security and reduce fraud risks across the financial system.

• Tags
• #UAE banking security
• #OTP phase-out UAE
• #digital payments UAE
• #Emirates NBD app verification
• #bankin