UAE Banks Ditch SMS OTPs

A New Era for Digital Banking: Farewell to SMS OTPs in the UAE

The banking system of the United Arab Emirates has reached another milestone, bringing significant change to the authentication of digital transactions. By 2026, a new system will be gradually introduced, eliminating the use of traditional one-time passwords (OTPs) sent via SMS or email. They will be replaced by a more advanced in-app approval process that uses biometric identification or smart PIN to ensure transaction verification. This method is not only more convenient but also significantly safer.

Why is Change Necessary?

Over the past years, online fraud cases have increased worldwide, especially those involving SIM-swap and phishing. These scams often aim to access the victim's OTP received by SMS, enabling unauthorized transactions. Thus, traditional SMS-based authentication has become increasingly risky. In contrast, the in-app verification method occurs in a closed, bank-controlled environment that cannot be easily manipulated from outside.

How Does the New System Work?

The approval of transactions takes place step-by-step, remaining under the full control of the user. Below is an overview of the process in the case of a typical online payment:

Step 1: Notification of Authorization

When the user provides card details during an online purchase, unlike previous practices, they do not receive an OTP via SMS. Instead, a message appears on the payment interface prompting them to approve the transaction using the bank's mobile application. Simultaneously, a warning SMS is sent, indicating that a card payment is in process and authorization requires logging into the app.

Step 2: Displaying Pending Payments

Upon entering the mobile app, the user is greeted with a notification that an online payment is awaiting approval. This is immediately visible in the app's notification center or under the "Activities" menu.

Step 3: Opening the Verification Screen

Tapping on the notification opens a separate "Transaction Authorization" window, where the user can review payment details in detail. This includes the merchant's name, the payable amount, and two options: "Approve" or "Reject." A two-minute countdown at the top of the window indicates the time limit for transaction authorization.

Step 4: Final Approval

If the user selects "Approve," the app prompts them to enter their smart PIN or use biometric identification (fingerprint or facial recognition). Once verified, the payment proceeds instantly, without the need for OTP.

What Are the Advantages of This System?

The new system represents progress in several aspects:

Higher Security: Intercepting OTPs via SMS is no longer a threat, as authentication happens within the app.

Speed: No need to wait for, copy, or enter an SMS—everything occurs in one place.

Convenience: Users can easily execute approvals using a familiar mobile banking interface.

Better User Experience: The app guides and alerts, making transaction tracking simpler and clearer.

What Can We Expect in the Coming Months?

The transition won't happen overnight. Starting from July 2025, UAE banks will gradually phase out the use of SMS and email-based OTPs for some digital and card transactions. This means we will encounter mixed authentication methods for a while—some transactions may still use OTP while others will rely solely on app-based approval.

The complete transition is expected by March 2026, when all UAE banks will be required to fully abandon SMS/email OTPs. This step is part of a comprehensive digital security reform supported by the country's regulatory authorities.

Summary

Digital banking is entering a new era in the UAE. Transaction authentication through mobile applications is more than just another convenient service; it is a response to the security challenges of modern times. Those who regularly shop online will soon experience the benefits of the transition: less frustration, greater control, and safer payments—all through an integrated, streamlined banking app interface. Thus, the change signifies not just a technological but also a conceptual leap forward: financial security is now literally in our own hands.

And all that is needed is a well-functioning mobile banking application.

(The article's source was based on an announcement by Emirates NBD Bank.)