In a decisive move to bolster security, UAE banks will end SMS OTPs for online card payments starting January 6, 2026. Major banks have notified customers that one-time passwords will no longer arrive via text message. Instead, all online transactions must receive approval directly through the bank’s official mobile application. This shift completes a central bank-mandated transition toward more secure, app-based authentication.

The Mandate and Transition Timeline

The Central Bank of the UAE initiated this change in mid-2025. It instructed banks to phase out OTPs sent via SMS and email for electronic transactions. The process began gradually in July 2025. By October, several banks had fully migrated to in-app approval systems. The deadline of January 6, 2026, now marks the final step for the entire banking sector.

Customers received direct alerts on December 31, 2025. The messages urged them to download and activate their bank’s mobile app. Failure to do so could prevent authorization of online purchases after the cutoff date.

How the New System Works

The new app-based authentication process is designed for simplicity and security. When making an online purchase, a notification will appear in the bank’s mobile app. The customer then approves the transaction with a simple swipe or tap within the app. This method eliminates the risk of SMS interception or phishing scams that target text message OTPs.

Why This Change Is Crucial for Security

The move away from SMS is a direct response to growing fraud. Scammers often use social engineering to trick victims into revealing OTPs. They also employ SIM-swap attacks to hijack phone numbers. App-based authentication provides a stronger defense. It uses encrypted, device-specific channels that are harder for criminals to compromise.

Banks have emphasized that liability for fraud may shift under the new system. Customers who formally request to keep SMS OTPs (if offered) might assume full responsibility for any resulting fraudulent transactions. Therefore, adopting the mobile app is the safest choice.

Implications for Customers and Businesses

For customers, this means ensuring their bank’s app is installed, updated, and properly set up with notifications enabled. Businesses, especially e-commerce platforms, should inform customers about the change to prevent abandoned carts due to payment authorization issues. The transition represents a significant step in the UAE’s digital payment security landscape. Official updates are best sourced from the Central Bank of the UAE.

In conclusion, the mandate that UAE banks will end SMS OTPs is a proactive security upgrade. By moving to secure in-app approvals, the banking sector aims to drastically reduce payment fraud. Customers should act now to ensure a smooth transition and continue enjoying safe, seamless online shopping.