UAE Banks Switch to App-Based OTPs for Online Payments from January

Several major banks in the UAE have begun notifying customers that one-time passwords (OTPs) via SMS for online card transactions will no longer be issued, as the country’s banking sector moves toward app-based authentication. The change takes effect from January 6, 2026, and customers will need to approve online payments exclusively through their bank’s smart mobile application. 

In text alerts sent on December 31, 2025, banks with some of the largest customer bases in the UAE informed clients that SMS OTPs would be discontinued for online card purchases. Customers were urged to download and activate their bank’s mobile app to continue making secure transactions.

The move follows a gradual transition that began in July 2025, when UAE banks started phasing out OTPs sent via SMS or email for electronic transactions and money transfers. Instead, banks encouraged customers to rely on in-app verification, a process in which payments are approved through simple app-based actions such as swiping or tapping.

By October 2025, several banks had fully shifted to app-only authentication. Banking sources previously indicated that while some institutions had considered retaining the SMS OTP option for customers who preferred not to use mobile apps, this would require a written request and transfer liability for potential fraud away from the bank.

The change aligns with instructions from the Central Bank of the UAE to enhance digital payment security and streamline the approval process for online transactions.