UAE Banks to Stop Sending One-Time Passwords via SMS and Email

Starting Friday, July 25, banks in the United Arab Emirates will begin phasing out one-time passwords (OTPs) that are currently sent by SMS and email. The shift is part of a gradual security update led by the Central Bank of the UAE (CBUAE).

OTPs are short security codes sent to your phone or inbox. They’re used to approve online payments, including things like shopping or QR-code transactions when dining out. This won’t happen overnight — the rollout is gradual and expected to be completed by March 2026 across all banks in the country.

But the UAE’s banking system is moving toward stronger, app-based authentication. Instead of entering a code from a message, customers will now use their bank’s mobile app to approve transactions.

What is changing for UAE banks’ clients starting July 25:

• Fewer texts and emails. No more waiting for OTP codes to land in your inbox or messages
• App updates required. Banks are urging customers to update their banking apps to support this new feature
• New process. You’ll now select “Authentication via App” within your bank’s app to confirm a payment
• Phone access is essential. You’ll need to have your phone on hand — and charged — especially when paying digitally in places like Dubai

A CBUAE spokesperson shared that the new method will keep transactions smooth and secure. Customers should get used to choosing in-app authentication as the default option.

As this update rolls out, banks will continue to support customers with reminders and app improvements. If you haven’t already, now’s the time to check your app settings and get familiar with how your bank handles app-based security.

Digital payments are becoming more common across the UAE — especially in Dubai, where the goal is to become 100% cashless by 2026.