UAE Banks Shift from SMS and Email OTPs to App Authentication for Safer Digital Banking

Government & Regulations

UAE Banks Shift from SMS and Email OTPs to App Authentication for Safer Digital Banking

In a major move to enhance digital security and reduce fraud risks, banks across the UAE have begun phasing out one-time passwords (OTPs) sent via SMS and email, replacing them with more secure app-based authentication methods.

The transition, which begins today, is part of a broader initiative aligned with the UAE Central Bank’s new guidelines. Financial institutions have until March 2026 to fully discontinue traditional OTP channels and shift to in-app approvals for both domestic and international transactions.

Why App-Based Authentication?

Experts say the change is a significant step forward in combating evolving cyber threats. Traditional OTPs sent via SMS or email are increasingly vulnerable to interception, phishing, and SIM-swapping fraud. App-based authentication, by contrast, provides real-time, encrypted approvals within the bank’s official app, adding an extra layer of protection.

“This update makes sense. App-based approvals are safer than SMS, and it’s the direction banking needs to go,” said Jay Adrian Tolentino, a UAE-based financial coach. “Scammers will keep trying new ways. So just stay smart: don’t approve anything unless you’re the one who triggered it, and reach out to your bank if something feels suspicious.”

Smarter Scams Demand Smarter Security

Digital security advocates and financial content creators have welcomed the move. Kartik Iyer, a popular UAE-based financial influencer, called the decision “brilliant and overdue.”

“Even the sharpest minds can fall for scams—especially during stressful or rushed moments,” he said. “Moving OTPs inside the bank app instead of relying on SMS, WhatsApp, or email significantly reduces the chances of that one mistaken click costing someone thousands.”

A Gradual but Necessary Shift

While the transition won't be immediate, banks are already informing customers of the upcoming changes and encouraging them to enable push notifications and app-based verification features. Customers may still receive SMS or email OTPs during the transition period, but these will eventually be replaced entirely.

The new system also empowers users with more control over their transactions. Instead of entering a code, users will now receive a secure prompt within their banking app to review and approve (or reject) transaction requests in real time.

Financial institutions are expected to complement this shift with customer education campaigns, guiding users on how to activate and use in-app authentication securely and efficiently.