Emirates NBD to replace SMS OTPs with ENBD X app authentication

Dubai: Emirates NBD has announced it will phase out SMS one-time passwords and adopt push notifications via its ENBD X app for online transaction authentication. The change is scheduled to begin on November 1, 2025, initially covering account transfers and alerts of Dh100 or less, with debit and credit card transaction alerts to follow.

When a customer initiates a purchase with an Emirates NBD card, they will receive a push notification directing them to the ENBD X app. There, they will review transaction details and confirm via Smart Pass PIN or biometric credentials. If push notifications are disabled, users can open the app manually to review and validate the transaction.

Emirates NBD frames this move as a stronger, more convenient security layer. During the transition period, SMS OTP fallback will remain available for customers who have not yet registered their trusted device.

Customers without ENBD X access will continue receiving SMS OTPs until they set up the app.

The move aligns with a directive from the UAE Central Bank instructing financial institutions to phase out SMS OTP and email-based authentication methods by March 2026, replacing them with in-app, biometric or token-based mechanisms.

Banks in the UAE, including Emirates NBD, ADIB and FAB, are already shifting toward in-app or biometric authentication for most transactions.

This shift helps counter fraud methods that exploit SMS-based OTPs, such as SIM-swap attacks, phishing and code interception, and removes dependency on mobile networks for authorisation.

The change is expected to reduce risk, streamline user experience and align Emirates NBD with broader regulatory and security trends in digital banking across the UAE.