Secure app environments make it harder to hack bank accounts, easier to stop such attempts
Dubai: With UAE banks now officially phasing out SMS and email OTPs starting July 25, customers are being encouraged to switch to in-app banking authorisation — a more secure and faster way to approve transactions.
The move comes under new UAE Central Bank guidelines, which mandate that all banks transition to app-based authentication for domestic and international transactions. By March 2026, SMS OTPs will be discontinued entirely.
So, how does in-app authentication actually work? And why are banks saying it’s the safer, smarter choice? Let’s break it down.
In simple terms, in-app authorisation allows you to approve or reject a banking transaction directly inside your bank’s mobile app — no need to switch to your SMS inbox or type in codes.
Here’s how a typical transaction works:
You make a payment, transfer, or online purchase using your bank's app or website.
You get a push notification from your bank's app on your phone.
You tap the alert to open the app and view full transaction details.
You confirm your identity with a fingerprint, Face ID, or PIN.
You approve or decline the transaction — instantly.
It’s all done within a secure app environment, which makes it harder to hack and easier to control.
Until now, most UAE residents relied on SMS or email OTPs (One-Time Passwords) for verification. But cybercriminals have caught up — and that’s the problem.
Here’s why banks and regulators are saying goodbye to OTPs:
SMS OTPs can be intercepted or tricked out of users through fake websites. In-app approvals happen only inside the official banking app, where phishing is much harder to pull off.
Fraudsters can hijack your mobile number to receive OTPs. But in-app authorisation doesn’t rely on your SIM — it relies on your device and biometric identity.
Biometrics, passcodes, liveness checks (like video selfies) — banks are adding multiple layers of protection inside apps that SMS simply can’t match.
You get to see the exact amount, recipient name, and purpose of the transaction before approving — no guessing, no blind confirmations.
Security aside, in-app authorisation is also more convenient:
One-tap approval with your fingerprint or face scan
No waiting for SMS codes, especially when travelling or in low network zones
All-in-one experience — you get notified, verify, and approve in one place
For UAE residents who frequently make payments, transfer money, or shop online, this is a big upgrade in everyday convenience.
Banks across the UAE — including Emirates NBD, Mashreq, ADCB, and FAB — are rolling out “App-based Authentication” or “Smart OTP” features inside their mobile apps.
To activate it:
Update your bank’s app to the latest version.
Look for security settings or authentication options.
Enable biometric login and toggle “App-based authorisation” on.
If you’re unsure, most banks have step-by-step guides on their websites or offer assistance via customer service.
Starting July 25, 2025, banks across the UAE will begin phasing out OTPs sent via SMS and email. This change will roll out gradually over the next 20 months, with a full phase-out expected by March 2026.
During the transition, some customers may still receive OTPs — but eventually, all UAE residents will need to use in-app authorisation to complete online transactions.
Meanwhile, what you need to keep in mind as UAE residents and e-banking customers is that the latest move isn’t just another tech update — it’s a significant step forward in how we bank.
By switching to in-app authentication, you’re not only protecting yourself from fraud, phishing, and SIM-swap scams — you’re also making your banking faster and more seamless.
So if your bank app prompts you to enable “App-based approval”, don’t wait. The sooner you switch, the easier — and safer — your digital banking experience will be.
Sign up for the Daily Briefing
Get the latest news and updates straight to your inbox