UAE Banks Swapping SMS OTPs for Biometric Verification in Online Payments 

_{Photo credit: Kirill Neiezhmakov / Shutterstock.com}

Starting January 6, 2026, major banks in the UAE will stop sending one-time passwords (OTPs) via SMS for online transactions and money transfers, according to messages sent to UAE bank customers. 

Biometric Update reports that instead of entering codes received by text message, impacted customers will be required to approve their payments securely within their banks’ respective mobile apps using biometric authentication, such as fingerprint or facial recognition, or a Smart Pass PIN.

The move is part of a Central Bank of the UAE (CBUAE) strategy to increase cybersecurity and reduce fraud risks associated with OTPs, which can be vulnerable to interception, SIM-swap attacks, and phishing. This follows a significant rise in fraudulent activity in the UAE. 

The CBUAE has mandated a deadline of March 2026 for banks to make this transition away from SMS and email OTPs and toward stronger means of authentication for 3DS transactions, including biometric checks and in-app authentication. Any fraud liability from risk-based passive authentication will fall on the bank, which will need to fully refund any 3DS fraud if SMS OTPs were used. 

Many UAE banks began phasing out SMS and email OTPs in mid-2025, instead encouraging users to use app-based verification methods.