Major banks in the UAE have begun informing customers that one-time passwords (OTPs) for online card transactions will no longer be sent via SMS or email. Starting January 6, 2026, payments will be verified exclusively through each bank’s mobile application, marking a shift towards app-based authentication aimed at enhancing digital banking security. Customers have been urged to download and activate their banks’ apps to ensure secure transaction approvals.
Transition to app-based verification
The move follows a transition initiated in July 2025, when banks began gradually replacing SMS and email OTPs with in-app verification for electronic transactions and money transfers. By October 2025, several banks had fully implemented app-based authorisation, allowing customers to approve payments with simple actions such as tapping or swiping within the mobile application. This change aligns with directives from the Central Bank of the UAE, which encouraged customers to complete electronic transactions through app-based authentication features.
Fraud protection and customer guidance
While some banks had considered retaining the SMS OTP option for customers not using mobile apps, doing so would require a written request and transfer liability for potential fraud away from the bank. Authorities and banking sources emphasise that the full sector-wide transition to mobile app verification enhances security, reduces exposure to fraud, and provides a more streamlined process for approving digital payments.
