Dubai — Banks across the UAE are strengthening digital security measures as new directives from the Central Bank of the UAE require financial institutions to move away from SMS and email-based one-time passwords (OTPs).
Under the updated framework, all licensed financial institutions must discontinue SMS and email OTP authentication by the end of next month. These methods are being replaced with in-app transaction approvals, biometric verification and risk-based authentication technologies.
The move is part of a broader regulatory initiative introduced in 2026 to enhance fraud prevention, artificial intelligence oversight and operational resilience within the country’s banking sector.
SMS and Email OTPs Being Phased Out
A spokesperson from a Dubai-based bank confirmed the transition, stating that, in line with Central Bank directives, OTPs delivered via SMS or email are being phased out. Customers will now be able to authorise transactions directly through their bank’s smart application using an “Authentication via App” feature.
With the new system, users approve transactions within their mobile banking platforms, typically through fingerprint recognition, facial authentication or secure PIN verification. The shift is intended to strengthen security and reduce exposure to fraud linked to intercepted text messages or compromised email accounts.
Impact on Everyday Banking Activities
The changes will affect routine digital transactions for residents, including online shopping payments, fund transfers and card transactions, activities that have traditionally relied on six-digit codes sent via SMS.
Banks are aligning their systems with the Central Bank’s updated AI and cybersecurity guidance to ensure stronger identity verification and enhanced fraud detection capabilities across digital channels.
The regulatory update reflects growing efforts to modernise authentication frameworks and safeguard customers as digital banking adoption continues to expand across the UAE.
