Banks to start app-based verification July 25; SMS OTPs phased out by March 2026
Abu Dhabi: In a major shift aimed at strengthening digital banking security, banks in the UAE will begin phasing out one-time passwords (OTPs) sent via SMS and email, starting Friday, July 25.
Under new guidelines from the UAE Central Bank, all banks must transition customers to app-based authentication for both domestic and international financial transactions.
The move marks a significant shift from the long-standing reliance on SMS and email OTPs — methods increasingly targeted by cybercriminals through tactics such as SIM swapping and phishing.
Full phase-out by March 2026
The transition will be gradual, with a complete discontinuation of SMS and email OTPs mandated by March 2026. In their place, customers will authenticate transactions through secure, risk-based technologies embedded within bank mobile apps.
“As per the directives issued by the UAE Central Bank, the practice of receiving OTPs via SMS or email will be phased out. Customers can now complete online transactions easily by selecting the ‘Authentication via App’ feature in their bank’s smart application,” a bank spokesperson said.
The move is part of the UAE’s wider strategy to modernise its financial infrastructure and boost trust in digital banking. While the change may take some getting used to for customers familiar with traditional OTPs, banks are urging users to update their apps and start using the new in-app authentication features.
For now, SMS and email OTPs will remain available to select customers during the transition period. But over the next 20 months, these methods will be phased out entirely — making way for more secure, app-based verification.
Why it’s important to read OTP messages before payments
Why it’s important to read OTP messages fully before completing online transactions
Beware of credit card fraudsters
increase community awareness and reduce crime rates by addressing security issues affecting society.
