UAE Bank to end SMS OTPs for online transactions from Jan 6, switch to biometric authentication | World News
If you’ve lived in the UAE for a while, the “ping” of an incoming SMS with a six-digit code has been the soundtrack to your online shopping. But that sound is about to become a relic of the past. Starting January 6, 2026, several major UAE banks will officially stop sending One-Time Passwords (OTPs) via text message for online card payments.This isn’t just a minor update; it’s a full-scale security revolution mandated by the Central Bank of the UAE (CBUAE). For years, SMS codes were the gold standard for two-factor authentication, but as hackers became more sophisticated, the “weak links” in the SMS system became too big to ignore. By shifting to a mobile-first approach, the UAE is positioning itself as a global leader in protecting its residents’ hard-earned money.
Why are UAE banks ending SMS OTPs?
The primary reason for this change is simple: Security. While SMS is convenient, it travels over open telecommunications networks that were never designed for high-stakes banking. This made them prime targets for three specific types of fraud:
- SIM-Swapping: Criminals trick mobile providers into porting your number to their SIM card, effectively “stealing” your identity and receiving your OTPs directly.
- Phishing Scams: Fraudsters create fake websites that look exactly like your bank or a delivery service, tricking you into typing your OTP into their hands.
- Interception: Advanced hackers can sometimes intercept SMS messages as they travel through the air using outdated “SS7” protocols.
According to industry reports, SMS-related fraud caused billions in global losses. In the UAE alone, scams saw a significant jump in recent years, prompting the Central Bank to issue Notice 2025/3057, which effectively bans SMS and email OTPs as a standalone security method.
What are in-app approvals?
The future of banking in the UAE is “In-App Authentication.” Instead of waiting for a text and manually typing in a code, the process is now much faster and more integrated. Here is what your next online purchase will look like:
- The Trigger: You click “Pay” on a shopping website or app.
- The Notification: Instead of an SMS, you’ll receive a push notification directly from your bank’s official mobile app.
- The Review: When you tap the notification, the app opens to show you the exact merchant name and the amount being charged—no more “blindly” entering codes.
- The Approval: You confirm the transaction using biometric verification (Face ID or fingerprint) or your secure Smart Pass PIN.
This “closed-loop” system ensures that the person approving the transaction is physically holding the trusted device. It removes the need for the telephone network entirely, which is also a massive win for travelers who often struggle to receive SMS codes while roaming.
What does the resident need to do now?
This isn’t just a technical update, it affects every resident who shops online or uses digital banking in the UAE. How to prepare:
- Update your bank’s mobile app to the latest version.
- Enable push notifications and biometric login in the app settings.
- Log in to your account and complete any authentication setup before January 6.
Why should you act now?
Once SMS OTPs are phased out, you won’t be able to approve online card purchases using text codes. Transactions will be declined unless verified through the bank app. This change also means that iPhone or Android users must ensure their device settings allow notifications from their bank app. If you haven’t already switched to app-based authentication, banks generally recommend doing so well before the deadline to avoid disruptions.This step is part of a larger plan led by the Central Bank of the UAE to strengthen digital banking infrastructure. Regulators have mandated that banks phase out SMS and email OTPs by March 2026 at the latest, although many instituted the change early. The goal is to reduce fraud and align with global best practices, as digital fraud patterns evolve. By moving to in-app authentication with biometric verification and encrypted channels, banks aim to create a more secure, convenient and unified payment experience for customers.
