Starting Friday, 25 July, banks in the UAE will no longer send one-time passwords (OTPs) via SMS or email for any financial or electronic transactions, including both domestic and international transfers.

The move follows new directives from the Central Bank of the UAE (CBUAE) aimed at strengthening the nation’s digital banking security framework, according to Expat Media.

Instead of receiving OTPs through traditional channels, customers will now be required to authenticate transactions using their bank’s mobile application, through a feature known as Authentication via App.

An official circular from the Central Bank reads:

“In accordance with the directives issued by the UAE Central Bank, the practice of receiving OTPs via SMSs or email will gradually be phased out.” The authority has set March 2026 as the deadline for the complete discontinuation of OTPs delivered via SMS or email.

The initiative seeks to enhance data protection and reduce the risk of fraud linked to conventional OTP delivery methods.

Customers are advised to ensure they have the latest version of their bank’s mobile app installed and that notifications are enabled.

Those who have not yet activated app-based authentication are urged to do so promptly to avoid any disruption to their banking services.

The transition represents another step forward in the UAE’s efforts to develop a digitally secure and modern banking ecosystem.

Featured image credit: Edited by Fintech News Middle East, based on image by Freepik