UAE banks to end SMS OTPs for online card payments

Why UAE banks SMS OTP verification is being phased out

The move away from SMS OTPs follows a transition that began earlier in 2025. In July, banks started gradually reducing the use of OTPs sent via text message or email for electronic transactions and money transfers. These channels were replaced with in-app verification systems designed to operate within secure banking platforms.
An official document issued during the rollout cited instructions from the Central Bank of the UAE. It outlined plans to progressively discontinue OTPs across SMS and email channels. Customers were encouraged to rely on mobile banking apps equipped with built-in authentication features. As a result, banks gained stronger control over transaction security while reducing exposure to messaging-based fraud risks.

How online card payments will work from January 6

From January 6, customers making online card payments will receive approval requests inside their bank’s mobile application. Instead of entering a code received by text, users will confirm transactions by tapping or swiping within the app. This process shortens approval times and lowers the risk of interception linked to SIM swaps or phishing attacks.
By October 2025, several banks had already completed the transition to app-only authorisation. Customers who regularly use mobile banking apps may experience little disruption. However, banks continue to advise those who have not activated their apps to do so well before the deadline.

Security reasons behind UAE banks SMS OTP changes

Banks have consistently cited security concerns as the primary reason for ending SMS OTPs. Text messages can be vulnerable to interception, spoofing, and SIM-related fraud. In contrast, mobile banking apps operate within encrypted environments that significantly reduce these risks.
App-based authentication also enables additional layers of protection, including biometric verification, device binding, and real-time transaction monitoring. Together, these measures make it harder for unauthorised users to approve payments, reinforcing customer confidence in digital banking.

What customers should do before the deadline

To continue making online card payments without interruption, customers must ensure their bank’s mobile app is installed and fully activated before January 6. This usually involves registration, secure login setup, and enabling transaction notifications. Banks recommend completing these steps early to avoid last-minute issues.
Some institutions previously indicated that customers who preferred SMS OTPs could submit written requests to retain the option. However, such arrangements often transferred fraud liability to the customer. With the sector-wide shift now finalised, most banks are moving exclusively to app-based approvals.

Impact on digital banking and customer experience

The end of SMS OTPs represents another step in the UAE’s rapid digital banking evolution. By standardising app-based authentication, banks aim to deliver faster and more secure transaction experiences. Customers benefit from clearer transaction visibility and quicker approvals.
At the same time, the change highlights the growing importance of mobile platforms in everyday banking. As services increasingly move in-app, customers are expected to adapt to digital-first interaction models. This transition may also pave the way for advanced security features and smarter encourages in the future.

Sector-wide transition nearing completion

Banking sources previously indicated that the full transition away from SMS OTPs would be completed by the end of 2025. The January 6 deadline confirms that timeline for online card payments across the sector. With most banks already relying on app-based systems, the remaining institutions are finalising implementation.
Overall, the move underscores the UAE banking sector’s focus on security, efficiency, and digital transformation. As SMS OTPs are phased out, mobile app approvals are set to become the standard for online card transactions nationwide.