United Arab Emirates banks to transition from One-Time Passwords (OTPs) to app-based verifications, effective from July 25th, as reported by Emarat Al Youm.

United Arab Emirates banks to transition from One-Time Passwords (OTPs) to app-based verifications, effective from July 25th, as reported by Emarat Al Youm.

In a move to bolster digital banking security and reduce fraud risks, UAE banks will phase out one-time passwords (OTPs) sent via SMS and email for digital transactions, starting from July 25, 2025[1][2][3][4]. The complete discontinuation of SMS and email OTPs is scheduled for March 31, 2026.

During the transition period, spanning from July 2025 to March 2026, OTPs via SMS and email will gradually be phased out. Instead, customers will be prompted to use secure in-app authentication methods through their bank's official mobile app[2]. These methods include receiving a push notification inside the banking app when a transaction requires approval, approving or rejecting transactions in real-time within the app, and using biometrics (fingerprint or face recognition) or a secure PIN as a second factor for authorization[2].

This shift eliminates the vulnerabilities associated with SMS and email OTPs, such as SIM swapping and phishing[2][5]. Some banks, such as Emirates NBD (with Smart Pass), Abu Dhabi Commercial Bank (Secure Digital Token), and ADIB, have already implemented such app-based authentication features[2].

Customers are encouraged to update their bank apps and familiarize themselves with the new authentication methods to ensure a smooth transition[1][2].

The move follows directives from the Central Bank of the UAE and aligns with the UAE’s strategy to enhance digital banking security and reduce fraudulent transactions[1][5]. Cybersecurity expert Rayad Kamal Ayub hailed this transition as a significant step towards a more secure and digitized customer authentication approach[6].

Kamal Youssefi, the president of the Switzerland-based Hashgraph Association, predicts that the innovations in banking, such as stablecoin payment solutions and digital asset wallets, will be built on distributed ledger platforms that integrate AI[7]. He believes the shift away from vulnerable OTP messaging to more security-focused mobile apps is a milestone[6].

Technology can now detect when an account is being accessed by someone other than the legitimate user, even if the correct credentials are provided[8]. Rayad Kamal Ayub commends the integration of behavioral biometrics into UAE banks' mobile apps and online banking portals[9]. He also warned that fraudsters are now utilizing AI and deepfake cloning to commit sophisticated scams[9].

Customers will need to enable and use the app-based verification feature to authorise transactions going forward[10]. A reported incident involving a 58-year-old Indian named P.S., who lost his retirement savings after his phone number was hacked and a cloned SIM card was used to intercept the OTP, underscores the need for this transition[11].

| Timeline | Event | |-------------------------|--------------------------------------------| | July 25, 2025 | Start of phasing out SMS and email OTPs | | July 2025 – March 2026 | Transition period with gradual OTP phase-out and app-based authentication adoption | | March 31, 2026 | Complete discontinuation of SMS and email OTPs |

[1] Gulf News, "UAE banks to phase out SMS and email OTPs for digital transactions," link [2] Khaleej Times, "UAE banks to phase out SMS and email OTPs for digital transactions," link [3] Emirates 24|7, "UAE banks to phase out SMS and email OTPs for digital transactions," link [4] Zawya, "UAE banks to phase out SMS and email OTPs for digital transactions," link [5] The National, "UAE banks to phase out SMS and email OTPs for digital transactions," link [6] Gulf News, "Expert hails UAE banks' move to secure digital transactions," link [7] Zawya, "Kamal Youssefi: The future of banking lies in distributed ledger technology," link [8] Gulf Business, "UAE banks to phase out SMS and email OTPs for digital transactions," link [9] Gulf News, "Expert commends UAE banks' use of behavioural biometrics," link [10] Gulf News, "UAE banks to phase out SMS and email OTPs for digital transactions," link [11] Gulf News, "Indian man loses $7,500 after his phone number is hacked," link

This article is written by Waad Barakat, a Special Correspondent covering security topics.

1. The shift towards app-based authentication methods in UAE banks is a significant step towards enhancing digital banking security, reducing fraud risks, and ensuring a more secure customer authentication approach.
2. With the complete discontinuation of SMS and email OTPs scheduled for March 31, 2026, customers will need to update their bank apps and familiarize themselves with the new authentication methods.
3. Technology advancements in banking, such as stablecoin payment solutions and digital asset wallets, are increasingly being built on distributed ledger platforms that integrate AI.
4. Fraudsters are now using AI and deepfake cloning to commit sophisticated scams, emphasizing the importance of app-based verification features for transaction authorization.
5. The move to app-based authentication in UAE banks follows directives from the Central Bank of the UAE and aligns with the country's strategy to improve digital banking security and reduce fraudulent transactions.

Read also: