Post by : Mariam
Al-Faris
From Friday, July 25, 2025, banks in the UAE will begin a step-by-step process to stop using OTPs (One-Time Passwords) sent by SMS or email. This move comes under new rules announced by the UAE Central Bank. It is part of an effort to improve security in banking services and better protect customers from scams and fraud. The full transition is expected to be completed by March 2026, giving banks more than a year and a half to fully implement app-based verification systems.
What Is Changing and Why It Matters
Right now, most people receive OTPs through SMS or email to complete transactions or log in to their bank accounts. However, these methods are no longer considered safe. Cybercriminals have developed new tricks to steal OTPs and break into bank accounts. The UAE Central Bank has instructed all banks to gradually switch to more secure, app-based verification methods that cannot be easily intercepted or faked.
App-Based Authentication Explained
App-based authentication means that the customer must approve transactions directly inside the official mobile app of the bank. This approval can involve using your fingerprint, face recognition, or a device passcode. Since the process happens within the bank’s own app, it reduces the risk of someone else stealing your OTP using external tricks like phishing or SIM swapping.
Expert Says the Move Is a Smart One
Jay Adrian Tolentino, a financial coach based in the UAE, supports this decision. He believes that app-based approvals are much safer than using SMS or email OTPs. According to him, this is the right direction for modern banking to go. However, he also reminds customers to stay alert and only approve transactions that they personally initiated. If something seems strange, it’s best to contact your bank right away.
Scams Are Getting Smarter, Not Customers Getting Careless
Financial content creator Kartik Iyer also praised the UAE banks’ decision to stop using SMS and email OTPs. He pointed out that most people do not fall victim to scams because they are careless, but because scammers are getting smarter. In moments of stress or distraction, anyone can make a mistake that leads to huge financial losses. Moving the OTP system inside the app is a major improvement, he said.
Risks of SMS and Email OTPs Are High
Carol Glynn, a UAE-based finance coach and chartered accountant, explained in detail why traditional OTP methods are dangerous. She said that both SMS and email OTPs can be intercepted or stolen by hackers. Attackers can trick mobile service providers into transferring your phone number to their device, or they can send fake emails and messages to make you reveal your OTP. These tricks make it easy for criminals to bypass security measures.
Common OTP Theft Techniques
Carol Glynn listed several ways OTPs are stolen. First, there is SIM swapping, where a hacker convinces your mobile company to give them a new SIM card with your number. Then there are phishing scams, where you receive fake links or websites that look real but are designed to steal your OTP. Delays in receiving OTPs or getting too many at once can cause confusion, leading to accidental approval. Additionally, the SMS system itself is old and can be hacked. Attackers can even set up fake cell towers to intercept your messages or install malware on your phone to grab OTPs automatically.
Global Financial Losses Due to SMS OTP Fraud
The problem with SMS OTPs is not just in the UAE. In fact, this issue is global. According to the US-based Communications Fraud Control Association (CFCA), fraud related to SMS OTPs caused around $6.7 billion in losses in the year 2021 alone. This number shows how serious the problem is and why banks worldwide are starting to shift to more secure systems.
In-App Verification Offers More Protection
To solve this problem, banks in the UAE are moving towards in-app verification. This method requires customers to approve a transaction directly within the bank’s app. It can include using biometric tools such as fingerprint scanning or facial recognition. These tools are difficult for hackers to fake or steal. Plus, the approval process is much quicker and shows full transaction details before confirmation.
Benefits of In-App and Biometric Authentication
There are several key advantages to using in-app approvals:
-
Faster Process: Customers receive instant push notifications instead of waiting for SMS.
-
More Secure: App-based methods cannot be intercepted like SMS or email.
-
Better Control: The app shows transaction details before approval.
-
Biometrics: Fingerprints and facial recognition are unique and very hard to fake.
-
Fewer Mistakes: Reduces the chance of clicking fake links or entering OTPs in scam sites.
Biometric Security Explained
Biometric security means the system checks your physical features, like fingerprints or facial structure, to confirm your identity. These are things only you have, making it very hard for anyone else to access your account. Biometric methods add a second layer of protection because they prove both that the device belongs to you and that you are using it at that moment.
Are In-App Methods 100% Foolproof?
While app-based authentication is much safer than SMS or email OTPs, it is not perfect. Carol Glynn warned that there are still risks, such as MFA fatigue. This is a method where hackers send many push notifications hoping the user will eventually click “Approve” just to stop the notifications. This means even with better tools, users must stay careful and not approve anything they didn’t request themselves.
Awareness and Strong Security Are Key
The success of this new system depends on two things. First, banks must make sure their mobile apps are well-designed, secure, and regularly updated. Second, users need to be aware of how to use the system safely. They should understand how in-app authentication works and never approve anything unless they’re sure it's legitimate.
A Welcome Change for Safer Banking
This shift to app-based and biometric verification is a big step forward in making digital banking safer in the UAE. With scammers constantly coming up with new tricks, it’s important that security systems evolve as well. The decision by the UAE Central Bank shows a strong commitment to protecting the financial interests of customers and making the banking system more secure for everyone.
English
