App-based banking authorisations come with new risks, warn UAE experts

Dubai: With the UAE banking sector moving swiftly to eliminate SMS and email OTPs in favour of app-based authentication, cybersecurity and finance experts are raising red flags over new digital vulnerabilities that could impact millions of residents.

The transition — set to complete by March 2026 — is intended to boost digital security. Yet, UAE experts say in-app banking isn’t foolproof, especially as scammers shift tactics.

“The UAE’s decision to end OTPs via SMS and email is a welcome move and reflects a strong risk-based approach to reducing fraud and puts customer protection first,” said Benjamin Ward, Regional Financial Institutions Leader - MENA, at Marsh Middle East and Africa.

Ward, however, cautions that this transition isn’t just a technical upgrade — it comes with operational challenges and evolving fraud risks.

“This shift will require significant operational changes, with banks needing to upgrade and rigorously test their mobile authentication systems — now the sole method for customer verification. That means upfront costs, potential disruption, and ensuring the new experience is both secure and user-friendly; always the key balance in digitisation,” he said.

In-app approvals may reduce risks like SIM swaps or intercepted OTPs — but that doesn’t mean users are completely safe. The threat is evolving, not disappearing.

Cybersecurity experts in the UAE are warning that criminals will increasingly target mobile apps, banking logins, and authentication systems directly. This means UAE residents must become more alert to phishing links, social engineering tactics, and fake app notifications.

“We’ll still see phishing and social engineering, such as scammers tricking users into approving app-based transactions,” Ward said. “Instead of SIM swaps or message interception, attackers will increasingly target internet banking, mobile apps, and core authentication systems directly.”

“Any authentication failure or app outage could block transactions and lead to operational losses or regulatory scrutiny,” Ward added. “Resilience and uptime must now be robust, while still delivering a smooth user experience.”

Digital payments in the UAE are booming. According to Statista, the country’s transaction value is expected to hit $80.37 billion in 2025, rising to $134.84 billion by 2029. This surge, driven by e-commerce, fintech, and mobile wallets, has made secure banking more critical than ever.

Yet, a UAE Cybersecurity Council study reveals that 56% of residents face at least one fraud attempt per month, even as 65% believe they can spot scams.

“Ultimately, this is a strong, positive move from the Central Bank of UAE, but it demands increased system visibility, event logging, and stress-testing of multi-factor authentication,” Ward said. “The balance of fraud risk is now shifting from external manipulation toward internal system resilience.”

In-app banking authorisation is a big leap forward for UAE digital finance — but only if banks and users stay one step ahead of cybercriminals.

If your banking app prompts you to enable app-based approvals, go ahead — but stay smart, alert, and protected.