UAE Banking Shift: SMS Codes Era Ends

UAE Banking Shift: SMS Codes Replaced by App-Based Authentication

The financial sector in the United Arab Emirates is once again on the brink of significant digital advancement. According to the latest announcement, one of the country’s leading financial institutions, Emirates NBD, based in Dubai, will soon completely replace the traditional SMS-based one-time passwords (OTPs) with a more modern, secure, and faster authentication solution. The new system will employ an approval process through the bank's mobile application.

What exactly is changing?

Under the current system, banks send a one-time code via SMS or email to finalize online purchases or financial transactions, which users must enter to confirm the operation. However, this is proving increasingly insecure due to the rise of SIM-swap attacks and SMS redirection fraud.

Emirates NBD's new system will replace this process with a so-called “push notification” based authentication. When users initiate an online transaction — whether domestically or internationally — they will receive a notification on their mobile phone. This notification will immediately redirect them to the ENBD X mobile application, where they can approve or reject the transaction.

Why is the change necessary?

Several factors are at play. One of the most crucial is security. According to a recent survey, UAE businesses bear costs on average four times the amount actually stolen if they fall victim to fraud. The costs include not just the lost money but also internal work hours, customer service expenses, the price of recovery tools, and even revenue loss due to decreased customer satisfaction.

According to a report by LexisNexis Risk Solutions, 92% of UAE companies reported that fraud affected customer satisfaction — including due to slow or interrupted transactions and prolonged complaint handling.

The new system, in contrast, is not only more secure but faster. Since a mobile network signal isn’t needed for authentication—an internet connection suffices—the system can be used anywhere, such as with Wi-Fi. Authentication within the app can also include biometric identification, like fingerprint or facial recognition, making the process even more user-friendly.

A new level of digitalization

This change is not an isolated case at Emirates NBD but part of a broader trend that affects the entire banking sector in the UAE. Most financial institutions have already started or will soon begin phasing out SMS-based OTPs to introduce more advanced, app-based security solutions.

Experts say the decision is entirely logical: the majority of users are already using mobile banking apps, so the transition won't cause significant disruptions. In most cases, the app is already needed, for example, for balance inquiries, transfers, or investment portfolio management.

How will this affect users?

Emirates NBD customers will soon need to update their ENBD X mobile application to access the new feature. Once the change takes effect, SMS codes will not be sent for online transactions, with authentication happening instead through an in-app notification.

It's important to note that those who don't regularly use the app or have outdated devices may need to update their equipment or banking habits. The bank promises detailed information during the implementation phase and will provide support through multiple channels for the transition.

Benefits in brief

More secure: Replaces SMS-based OTP with biometric and digital approval within the banking app.

Faster: Instant notification and one-click authentication.

More reliable: No need for a mobile network connection, only internet access.

More modern: Part of the UAE's digital banking strategy.

What to watch out for?

While the new system is convenient and efficient, security awareness remains key. It's important only to use the official app, keep the banking app updated, and never click on suspicious links. Additionally, enabling biometric access where possible and password-protecting phones is advisable.

Summary

Dubai-based Emirates NBD and other UAE banks are ushering in a new era of digital banking. The abandonment of SMS-based authentication not only aims to enhance security but also to improve the user experience. While the transition may seem unorthodox at first, it ultimately serves to protect customers, speed up transactions, and modernize the banking system.

The UAE financial sector once again demonstrates its capability not just to follow but to set the pace for digital advancement worldwide.

(The article is based on an announcement by Emirates NBD.)