United Arab Emirates banks to transition from One-Time Passcodes (OTPs) to application-based confirmations starting July 25, as reported by Emarat Al Youm.

United Arab Emirates banks to transition from One-Time Passcodes (OTPs) to application-based confirmations starting July 25, as reported by Emarat Al Youm.

In an effort to bolster digital transaction security and combat the rising threats of cyberattacks, UAE banks are phasing out one-time passwords (OTPs) sent via SMS and email for all digital transactions, effective July 25, 2025. The full compliance deadline is set for March 31, 2026, with local and international transactions equally affected.

This shift away from traditional OTP methods is part of the Central Bank of UAE's Financial Infrastructure Transformation Programme, with leading banks like Emirates NBD, ADIB, and FAB already adopting biometric and app-based solutions.

The new authentication methods will primarily revolve around **app-based authentication** features, such as **in-app transaction approval**, **biometric verification**, and the use of **mobile-based soft tokens**. Customers will approve or reject payments and transfers directly via their bank's official mobile app, while biometric verification techniques like Emirates Face Recognition and fingerprint scanning will provide stronger, risk-based authentication. Instead of SMS OTPs, secure tokens generated inside the banking app will be used for transaction verification.

These changes aim to reduce risks from phishing, SIM swapping, and other cyberattacks that exploit traditional OTP methods. Cybersecurity expert Rayad Kamal Ayub, managing director of UAE-based Rayad Group, noted that fraudsters frequently use AI and machine learning to craft sophisticated scams. He commended the phase out of SMS-based OTPs, stating that OTPs, including SMS-based OTPs, are no longer as secure due to advanced cyber threats.

To further secure access to sensitive accounts, wealthy individuals and corporate clients are adopting hardware authenticators. Meanwhile, technology can detect unauthorized access to accounts, even with correct credentials, offering an early warning against fraud.

Banks will shift to authentication via mobile banking apps, using in-app confirmation features. The change applies to all local and international financial transfers and online transactions, marking a significant step towards enhancing security and reducing fraud risks associated with SMS or email-based OTPs.

Unfortunately, cases like that of 58-year-old Indian named P.S., who lost his retirement savings due to a SIM card cloning incident, underscore the urgency for such changes. P.S. was informed by a customer service representative that his SIM was cloned, leading to the loss of funds when a scammer received the OTP intended for him.

As the deadline for this transition approaches, customers are encouraged to enable and use the app-based verification feature to authorize transactions, ensuring a safer and more secure digital banking experience.

[1] Central Bank of UAE: Financial Infrastructure Transformation Programme [2] Emirates NBD: Enhancing Security with New Authentication Methods [3] ADIB: Adopting Biometric and App-Based Solutions for Stronger Authentication [4] FAB: Shifting to Mobile-Based Soft Tokens for Transaction Verification

1. The Central Bank of UAE's Financial Infrastructure Transformation Programme includes a shift towards app-based authentication for all digital transactions, aiming to enhance security and reduce fraud risks.
2. Leading UAE banks like Emirates NBD, ADIB, and FAB have already adopted biometric and app-based solutions for stronger authentication methods.
3. In-app transaction approval, biometric verification, and mobile-based soft tokens are some of the app-based authentication features that will primarily be used in the new system.
4. Cybersecurity expert Rayad Kamal Ayub has noted that fraudsters frequently use AI and machine learning to create sophisticated scams, and commends the phase out of SMS-based OTPs due to advanced cyber threats.
5. As a precaution against unauthorized access to sensitive accounts, wealthy individuals and corporate clients are adopting hardware authenticators for added security.
6. As the deadline for phasing out OTPs sent via SMS and email approaches, customers are encouraged to enable and utilize the app-based verification feature for a safer and more secure digital banking experience, following the news of individuals like P.S. who lost their retirement savings due to SIM card cloning incidents.

Read also: