From January 2026, the UAE banking sector has stopped sending OTPs via SMS and Email. Banks are now stopping sending OTPs for financial transaction authentication. To enhance the protection of customers, customers must have to approve payments first, through their mobile phone bank applications. The other option is biometric verification systems. For details, professional lawyers and legal consultants, should be consulted.
The Central Bank of the UAE gives instructions to all the banks in UAE to adopt latest and advanced methods of authentication. It is compulsory and mandatory for all the Banks and financial institutions. There is no more sending OTPs or emails. The objective is to increase digital security for the customers, and to adopt international cybersecurity standards, for all the residents in United Arab Emirates. In addition, UAE banks have to introduce device-based authentication systems. Customers are advised to keep banking applications updated. These modern security measures strengthen digital banking infrastructure.
Update from the Central Bank of UAE
The Central Bank of UAE has set March 31, 2026, as the official deadline for eliminating SMS and email-based OTP authentication procedures, across all licensed financial institutions, and banks operating in the UAE. Earlier, banks started the transition in July 2025, when institutions were instructed to replace OTP authentication with secure app-based approvals and biometric verification systems. Now it is mandatory from March 2026 to adopt all the instructed measures. By January 6, 2026, several UAE banks had already stopped sending OTP codes for online payments and verifications.
Customer Authentication
Under the Central Bank OTP authentication systems, financial institutions must have to adopt strong customer authentication (SCA) methods. These methods must be reliable. UAE banking cybersecurity requires modern/latest biometric verification procedures e.g. fingerprint systems, and more. Banks are also responsible for authentication by using modern methods. These methods significantly reduce risks for fraud. Professional lawyers can throw the light on this subject very well. Therefore, the expert banking lawyers can also be consulted.
OTP Replacement Authentication: Advanced Technologies
To replace OTP, banks are now introducing advanced technologies. These latest mobile application approval systems allow customers to confirm the transactions. It helps them to understand about its validity. This is how they can be saved from fraud activities or transactions. Biometric authentication systems such as fingerprint scanning and facial recognition are also becoming standard features. Pass key-based authentication is another advanced method.
Impact on Individuals
Individual customers have to make sure that they have to activate bank’s mobile application in their smart phones, all the time. Without biometric approval or verification tools, certain transactions can not be processed. For more safety, it is very important that customers must have to update banking applications regularly. Bank customers have to activate fingerprint and facial recognition in their smart phones.
Impact on Businesses
Corporate banking customers must have to update the new authentication requirements. Companies have to use multi-level approval structures. It must activate biometric authentication. Failure to upgrade internal approval procedures may result in transaction delays. Finance departments should coordinate with banks to confirm compliance.
Legal Responsibilities of Banks
Banks operating in the UAE remain legally responsible for maintaining secure transactions. Under Central Bank rules and regulations, financial institutions are obligated to implement strong authentication systems. Failure to comply with authentication directives may result in regulatory penalties and supervisory enforcement measures. Banking apps should be highly sensitive to prevent unauthorized access and should be able to report effectively on fraud incidents.
OTP Phase-Out Supports UAE Cybersecurity
The removal of SMS-based authentication forms part of a broader national cybersecurity strategy. The UAE government continues to revise digital infrastructure across financial services. UAE Pass are becoming central components of the country’s digital transformation agenda.
What Customers Should Do
To avoid any fraudulent activity, it’s very important for the customers to take protective steps to ensure uninterrupted banking services. They should download their bank’s official mobile application if not already installed. Customers should activate biometric login features and enable secure push notifications for transaction approvals. Customers should also verify that their contact details registered with their bank remain updated. channels under the updated regulatory framework.
Challenges Faced by Small Businesses
Small businesses can face operational challenges. Biometric implementations may require companies to update their procedures which is not easy and also costly for small businesses. Companies using shared financial systems may also need additional banking permissions and access controls to comply with new banking security standards. E-commerce sector may also experience significant changes. Technology companies operating in the UAE are also expected to strengthen cybersecurity measures. As digital banking systems continue evolving, banking fraud complaints involving unauthorized transactions, phishing attacks, fake banking applications, or identity theft may involve detailed digital investigations by specialized authorities.
FAQs
Stop sending OTP codes system via SMS and email: When it got started?
The Central Bank of the UAE set March 31, 2026, as the deadline for eliminating SMS- and email-based OTP authentication. OTP authentication through SMS and email is being replaced by secure alternatives such as biometric verification and mobile-app approval systems.
Are biometric authentication systems safe?
Yes. Biometric authentication uses encrypted verification methods that are significantly more secure.
Can unauthorized transactions still occur after OTP removal?
Yes. While the risk is reduced, unauthorized transactions may still occur.
Does this change affect corporate banking users?
Yes. Businesses must update their approval workflows and ensure authorized signatories activate secure authentication tools within banking applications.