Have you received a notice from your bank about changes to how you verify your transactions? If you’re banking in the UAE, there’s a major shift starting today.
As of July 25, banks across the country will begin phasing out SMS and email OTPs, replacing them with app-based authentication. This change is more than a routine update, it’s a nationwide move by the UAE Central Bank to make digital banking more secure and efficient.
For many users, this means a transition to using mobile apps for approving payments, transfers, and other financial activities. But what exactly does this mean for you, and how can you adapt without disruptions?
This guide will explain how the new system works, why it’s safer, and what steps you should take today to stay ahead of the change and continue banking securely.
What Is The New OTP Phase-Out Rule By UAE Banks?
On July 25, banks in the UAE have officially begun the phase-out of one-time passwords (OTPs) delivered via SMS and email. This directive comes from the UAE Central Bank, mandating all financial institutions to shift toward app-based authentication for transaction approvals.
The implementation will not happen overnight. While the shift begins on July 25, a complete withdrawal of SMS and email OTPs is expected by March 2026. During the transition, some customers may still receive OTPs through older methods, but new account holders and updated users will be directed toward in-app authentication by default.
The updated framework affects both local and international transactions and is part of the broader move toward digital resilience in financial operations across the UAE.
Why Are SMS And Email OTPs Being Phased Out?
The use of SMS and email OTPs has long presented vulnerabilities in banking transactions. With cybercrime on the rise, these delivery methods have become frequent targets for fraud and manipulation. The decision to phase them out addresses several key security concerns.
Key reasons for discontinuing SMS and email OTPs include:
- Increased phishing attacks via fake websites and emails
- SIM-swap fraud, where attackers hijack mobile numbers to intercept OTPs
- Unsecured delivery channels are prone to interception or delay
- Lack of real-time control and authentication transparency
These issues have resulted in financial losses and reputational risks for banks and customers alike. By transitioning to app-based authentication, banks aim to build a more secure and efficient user environment.
How Does App-Based Authentication Actually Work?
App-based authentication allows you to approve transactions directly within your bank’s mobile app, offering better security and a more integrated experience. The process eliminates the need to switch between applications or wait for an external code to arrive.
Typical Steps Involved
- Initiate the transaction using the bank’s website or mobile application
- Receive a push notification through the bank’s app
- Open the notification to review full transaction details
- Verify your identity using biometric login or passcode
- Approve or decline the transaction in-app
This method provides greater visibility and control while reducing exposure to common threats associated with external OTP delivery.
Security Features Comparison
| Feature | SMS/Email OTPs | App-Based Authentication |
| Biometric Integration | No | Yes |
| Vulnerability to Phishing | High | Low |
| Dependence on Network Signal | Yes | No |
| User Control Over Approval | Limited | Full |
| Transaction Detail Visibility | Partial | Complete |
What Benefits Do In-App Verifications Offer Over OTPs?
App-based authentication not only strengthens security but also simplifies the process of confirming transactions. Unlike SMS or email OTPs that require entering codes manually, app-based verification offers real-time interaction and immediate decision-making.
Key Benefits:
- One-tap approval using fingerprint, Face ID, or secure PIN
- Instant push notifications with no reliance on mobile signal
- Full preview of transaction details before confirmation
- Reduced risk of delays or missed transactions due to network issues
The user-friendly design of in-app approval allows faster and safer transaction handling, making it ideal for regular banking activities like transfers, bill payments, and online shopping.
What Are The Risks If You Delay The Switch To App-Based Approval?
Delaying the switch to app-based verification could result in reduced functionality and higher risks when using digital banking services. Customers who do not update their apps or continue relying on SMS and email OTPs may face multiple issues.
Possible Risks Include:
- Partial or failed access to digital banking services
- Greater exposure to phishing and SIM-swap attacks
- Missed or delayed transactions due to blocked verification
- Limited customer support for outdated security methods
As more banks remove support for SMS and email OTPs, users relying on legacy methods will eventually be forced to adapt, often under time pressure or during critical financial moments.
Which UAE Banks Are Switching?
All leading banks in the UAE are moving forward with the Central Bank’s directive. Institutions such as Emirates NBD, Mashreq Bank, First Abu Dhabi Bank (FAB), and Abu Dhabi Commercial Bank (ADCB) are actively rolling out app-based verification.
Steps To Activate In-App Authentication
- Update your banking app to the latest version
- Navigate to the security or authentication settings
- Enable biometric login features if available
- Activate “App-Based Verification” or “Smart OTP” under settings
- Complete setup using the guided process in the app
Most banks also provide support through online guides and helplines to assist users unfamiliar with the process.
Bank Adoption Timeline Overview
| Bank Name | Feature Name | App Update Required | Available From |
| Emirates NBD | Smart OTP | Yes | July 2025 |
| Mashreq | App Approval | Yes | July 2025 |
| FAB | Digital Passcode | Yes | July 2025 |
| ADCB | App Authentication | Yes | July 2025 |
What’s The Official Timeline For The Full OTP Phase-Out?
The OTP phase-out plan issued by the UAE Central Bank is structured to occur over a 20-month period. It is designed to give banks and customers ample time to adapt while allowing critical infrastructure changes to occur gradually.
Key Milestones:
| Date | Phase | Details |
|---|---|---|
| July 25, 2025 | Official Start | OTP deactivation begins across UAE banks |
| August 2025 – February 2026 | Gradual Rollout | Phased implementation across banks and different customer groups |
| March 2026 | Complete Discontinuation | SMS and email OTPs have been fully discontinued for all users |
During this period, banks will continue to communicate updates and provide customer support to ensure users migrate to in-app verification smoothly.
What Does This Change Mean For Your Daily Banking Routine?
Daily banking activities will increasingly revolve around your mobile banking app. Transactions that previously required you to check your SMS inbox or email account will now be confirmed inside the app with a single tap.
You will need to rely more on:
- Keeping your app updated regularly
- Enabling biometric features for quick verification
- Allowing push notifications for real-time approval requests
From payments and transfers to online shopping and account updates, the new system will streamline user interaction while increasing transaction accountability.
How Is This Move Part Of The UAE’s Broader Digital Transformation?
The shift to app-based verification supports the UAE’s national vision to create a secure, innovative, and digitally driven financial ecosystem. It complements the Central Bank’s broader agenda for secure financial inclusion and aligns with the UAE’s Vision 2031.
Strategic Goals Supported:
- Enhanced trust in digital financial systems
- Reduction in cyber fraud cases
- Promotion of biometric and AI-based banking security
- Improved consumer protection and user empowerment
This transition sets a new standard for financial security in the region, signaling the country’s commitment to adopting global best practices in digital banking.
Conclusion
The phase-out of OTPs via SMS and email marks a turning point in how you interact with your bank in the UAE. Starting July 25, the shift toward app-based authentication is designed to protect your financial data, prevent cyberattacks, and improve your overall digital banking experience. Although the full transition will continue until March 2026, it’s essential that you take steps now to prepare.
By updating your banking app, enabling biometric login, and familiarizing yourself with in-app approval, you’re not just complying with a new rule, you’re actively safeguarding your finances.
As digital banking evolves, your awareness and timely response to these updates will play a crucial role in keeping your transactions smooth and secure. Don’t wait for a failed transaction or blocked access. Take action now to ensure you’re ready for a smarter, safer future in UAE banking.
FAQs
What is replacing OTPs in UAE banking?
OTPs via SMS and email are being replaced with app-based authentication, where you approve transactions inside your bank’s mobile app using biometrics or passcodes.
Can I still use SMS OTPs after July 25?
Yes, but only temporarily. SMS and email OTPs will still be available to some users during the transition. However, they will be fully phased out by March 2026.
Is app-based authentication safe?
Yes. It offers multi-layer security including biometric verification, encrypted app environments, and real-time control over approvals, making it far safer than SMS OTPs.
What happens if I don’t update my bank app?
You may lose access to certain features, and your transactions could be delayed or blocked. Updating your app ensures you can use app-based verification smoothly.
Will this change affect online shopping and e-commerce payments?
Yes. When shopping online, you’ll be prompted to approve purchases through your banking app instead of entering an OTP from your SMS inbox.
Do I need internet for app-based verification?
Yes, app-based verification relies on internet connectivity. However, it does not require mobile signal, so it works even when your network is weak.
Can senior citizens and non-tech users adapt to this change?
Most banks are offering step-by-step guides and customer support to assist users unfamiliar with mobile banking. App-based methods are generally user-friendly once set up.
Source: UAE Banks to Stop Sending OTPs via SMS and Email
Recent Posts
