UAE Banks End SMS OTPs, Switch to Biometric & App-Based Authentication from Jan 6, 2026

Major UAE banks will stop sending SMS one-time passwords for online transactions, shifting to in-app approvals and biometric authentication to strengthen security.

From January 6, 2026, banks across the United Arab Emirates will stop using SMS one-time passwords (OTPs) for online card payments and digital banking approvals. Customers will approve transactions directly through their mobile banking apps, using biometrics such as fingerprints or facial recognition.

Banks made this move to reduce fraud risks linked to SMS authentication. Attackers frequently exploit SMS OTPs through SIM swap attacks, phishing scams, and message interception. Therefore, banks now prefer authentication methods that bind approvals to a trusted device and user.

Under the new system, customers will receive transaction requests inside their banking apps. The app will display transaction details clearly. Users must then approve the request using biometrics or a secure app PIN. This process blocks attackers from stealing or reusing authentication codes.

This change reflects the UAE’s wider push to strengthen digital security. As online payments and digital banking grow, banks must protect customers against modern attack techniques. App-based authentication offers stronger protection against phishing and social engineering attacks.

Customers should update their banking apps as soon as possible. They should also enable biometric authentication on their devices. If users fail to complete this setup, online transactions may fail after the transition date.

With this move, the UAE continues to lead the region in banking security modernization. The decision sends a clear message that weak authentication methods no longer meet today’s security needs.