UAE banks ordered to tighten anti-fraud security beyond OTPs

The Central Bank of the UAE (CBUAE) has ordered financial institutions in the country to strengthen consumer protection measures against fraud and enhance security authentication procedures beyond single-factor verification methods such as one-time passwords (OTP).

The central bank said it had begun establishing an Anti-Fraud Operations Centre (CAFOC) which will serve as a centralised platform combining operational and analytical capabilities to enable real-time monitoring of fraudulent activities and rapid incident response.

According to a recent report released by the central bank, the UAE continued throughout 2025 to strengthen an integrated national framework for fraud prevention, detection and risk mitigation aimed at protecting consumers, supporting financial stability and reinforcing confidence in the banking sector, Emarat Al Youm reported.

The regulator said the new centre would rely on advanced tracking and analytical tools, effective operational escalation mechanisms and sector-wide coordination with licensed financial institutions and relevant authorities.

The centre is also expected to support data-driven supervision by collecting and analysing fraud indicators and patterns to assist in the development of regulatory policies and supervisory measures.

As part of efforts to strengthen the resilience of the financial system, the central bank said it had introduced a structured framework for collecting fraud risk assessment data to improve oversight of emerging fraud methods and risks across licensed financial institutions.

The framework is intended to enable more precise supervisory interventions based on risk analysis.

The central bank also tightened regulatory requirements related to consumer fraud protection by obliging financial institutions to enhance authentication controls and reduce reliance on single-factor verification tools, particularly SMS-based one-time passwords, in response to increasingly sophisticated digital fraud threats.

The regulator said ongoing supervision and coordination with licensed financial institutions throughout 2025 had helped ensure the consistent implementation of the new requirements across the banking sector.

The measures come amid rapid digital transformation in the UAE’s financial sector and growing use of digital banking and electronic payment services, which regulators say have increased exposure to cyber fraud and financial scams globally.