UAE Banks Revolutionize Digital Security

From July 25, the Use of SMS Sent One-Time Passwords Ends – A New Era in Digital Banking

The Central Bank of the United Arab Emirates is introducing a significant change in digital banking transactions from July 25: it gradually phases out the use of one-time passwords (OTPs) sent via SMS or email, making authentication through banking mobile applications mandatory instead. The decision applies to all domestic and international money transfers, as well as online payment transactions.

Why is the OTP being phased out?

The one-time password (OTP) once served as a reliable security solution, generating a unique code for every transaction. However, with the evolution of cybercrime, these codes are increasingly proving to be less secure. The most significant threat is SIM card cloning, where attackers steal the victim's phone number, thereby acquiring access to OTPs—even if all other data remains protected.

In recent years, these so-called “SIM-swapping” attacks have multiplied, often causing severe financial damage to victims. Thus, the UAE Central Bank has opted for a more advanced and secure solution.

What will replace the OTP?

The new system's essence is that transactions can be approved through the bank's own mobile application. A confirmation screen will appear in the app where users can authenticate themselves using a fingerprint, facial recognition, or password. Some banks already support the use of hardware authenticators (security keys) for clients handling larger sums.

This approach allows the user to access the transaction exclusively through their device, rendering SMS or email-based attacks meaningless.

What should customers do?

The change will be implemented gradually, but every customer should prepare now:

Install the bank's official mobile application if it has not been done yet.

Enable notifications and biometric identification (e.g., Face ID, fingerprint).

Activate in-app authentication, as this will become the new default method for approving transactions.

Anyone who does not transition in time will not be able to perform transactions in the usual manner, making it crucial to complete the transition as soon as possible.

Benefits and Future Outlook

App-based authentication is not just more secure but more convenient: no more forgotten codes, delayed SMS, or expired OTP. The new system is also better integrated with modern technologies, such as:

Behavioral biometrics: analyzes user habits and gestures.

AI and machine learning: identifies suspicious behaviors.

Stablecoin and digital wallets: the future banking services are already laying the groundwork for these new authentication systems.

Thus, the change is not just a security measure but a strategic step towards a fully digital banking future.

Summary

UAE banks are taking digital security to a new level: from July 25, all online transactions must be authenticated through the bank's mobile application instead of using one-time passwords sent via SMS or email. The new system aims to reduce fraud and improve user experience. Customers should update and activate the necessary functions in time to seamlessly use the services in the future.

(Based on a statement from Central Bank of the UAE.)