Government & Regulations

UAE banks move to end OTPs, shift to secure in-app verification

Banks across the UAE are preparing to eliminate SMS- and email-based one-time passwords (OTPs), replacing them with secure in-app verification systems in line with new regulatory requirements.

All licensed financial institutions have been instructed to phase out traditional OTPs by March 31, 2026, as part of efforts to strengthen cybersecurity and reduce fraud risks in digital banking.

Shift to safer authentication methods

Leading lenders such as Commercial Bank of Dubai and Emirates NBD have already made significant progress, rolling out in-app secure codes and authentication tools for online transactions.

These systems replace OTPs with app-based approvals, biometrics, and risk-based authentication, offering a more secure and seamless user experience.

High customer adoption reported

Commercial Bank of Dubai said it began transitioning away from SMS OTPs earlier this year, introducing a secure in-app code feature for transaction verification.

The bank reported strong adoption, with over 80% of active users registered for the new system. All 3D Secure online transactions are now completed using in-app verification.

Meanwhile, Emirates NBD confirmed it has successfully migrated more than 2.5 million digitally active card users to in-app authentication, completing the transition for its entire active customer base.

Meeting the regulatory deadline

Banks have been working in phases to ensure a smooth transition, especially as customers were long accustomed to OTP-based systems.

UAE Banks Federation highlighted the rapid growth of digital payments, projecting volumes to reach $132 billion (Dh484.4 billion) by 2028, up from $43 billion in 2023.

In response, banks are accelerating the adoption of advanced security technologies, including biometric verification and partnerships with identity solutions providers.

Enhanced security for digital banking

The move comes amid a global rise in online fraud, prompting regulators and banks to adopt more robust authentication frameworks.

By eliminating OTPs, financial institutions aim to:

Reduce risks linked to SIM swap and phishing attacks
Enhance transaction security
Provide a faster and more user-friendly experience

Digital future of banking

With UAE banks on track to meet the deadline, the transition marks a major milestone in the country’s digital banking evolution, reinforcing its position as a leader in secure, technology-driven financial services.