Prime Highlights
- Major UAE banks will stop sending one-time passwords by SMSfor online card payments, moving fully to app-based transaction approvals.
- Banks say the shift will strengthen security and reduce fraud risks, urging customers to activate their mobile banking apps before the deadline.
Key Facts
- From January 6, 2026, all online card transactions must be approved through banks’ mobile apps, with no SMS OTP option available.
- The transition follows Central Bank of the UAE guidance, with banks gradually phasing out SMS and email OTPs since mid-2025.
Background
Several major banks in the UAE have informed customers that they will stop sending one-time passwords (OTPs) by text message for online card payments from January 6, 2026, as the sector completes a move to app-based verification.
In alerts sent to customers on December 31, banks said that all online card transactions will now require approval through their smart mobile applications. From the effective date, customers will no longer receive SMS OTPs and must confirm payments using in-app actions such as tapping or swiping.
Banks urged customers to download and activate their mobile apps to avoid disruption to card payments. They said the new method offers stronger security and protects users from common fraud risks linked to text-based authentication.
The shift follows a gradual transition that began in mid-2025. In July last year, UAE banks started phasing out OTPs delivered through SMS and email for electronic transactions and fund transfers. At the time, banks cited instructions from the Central Bank of the UAE, which asked institutions to move toward safer in-app approval systems.
By October 2025, several banks had already completed the change and were relying only on mobile apps to authorise electronic payments. Industry sources had earlier said the entire sector was expected to finish the transition by the end of 2025.
While some banks had considered keeping the SMS option for customers who did not wish to use mobile apps, this would require a written request and would also transfer liability for fraud from the bank to the customer.
With the January 6 deadline now set, customers who have not yet activated their banking apps may face problems making online card payments. Banks continue to advise users to ensure their apps are updated and ready before the change takes effect.
