The United Arab Emirates banking sector is undergoing a transformative security shift as financial institutions progressively abandon traditional one-time passwords (OTPs) delivered via SMS or email. This strategic move responds to escalating cybersecurity threats including phishing attacks, SIM-swap fraud, and OTP interception that have compromised conventional verification methods.
Leading financial institutions including Emirates NBD have pioneered the transition to an advanced app-based authentication framework. Under this new system, customers authorize card payments directly within their banking applications through secure push notifications coupled with biometric verification or smart pass PINs. This approach creates a protected, bank-controlled environment that significantly reduces vulnerability compared to external messaging channels.
The practical implementation involves a streamlined four-step process: First, customers receive an authorization prompt during online payments directing them to their banking app instead of the traditional OTP pop-up. Simultaneously, an SMS alert notifies users to access their banking application. Second, upon login, users encounter a pending payment notification within the Activities section. Third, a dedicated review window displays comprehensive transaction details including merchant information and amount, accompanied by a two-minute countdown timer for decision-making. Finally, approval requires smart pass PIN verification, completing the transaction instantly without OTP involvement.
This security enhancement is being implemented through a carefully structured phased rollout. Initial measures commenced on July 25, 2025, with UAE banks beginning the elimination of SMS and email OTPs for specific digital and card-based transactions. During this transitional phase, customers may encounter varying authentication methods depending on their financial institution, transaction type, and channel utilized. The complete discontinuation of traditional OTP systems is scheduled for March 2026, aligning with regulatory directives aimed at fortifying digital banking security infrastructure across the Emirates.