The United Arab Emirates has announced a major digital shift in online payment security, as banks will completely discontinue SMS-based One-Time Passwords (OTPs) for online card transactions starting January 6, 2026.
According to messages sent by banks to customers on December 31, 2026, online payment verification will now be carried out exclusively through official bank mobile applications. Banks have clearly stated that no OTPs will be sent via SMS after the deadline.
Under the new system, customers will receive a confirmation request directly on their bank’s mobile app in the form of a notification. Payments will only be completed after approval through the app.
Banks have advised customers to download and activate their official banking apps immediately and ensure that notifications are enabled, to avoid disruptions while making online purchases.
This move is part of the UAE’s broader digital transformation initiative, which began last year. From July 2026, banks had already started gradually limiting OTP delivery via SMS and email for online transactions and fund transfers.
An official document issued earlier confirmed that the changes are being implemented in line with directives from the UAE Central Bank. The document stated that SMS and email OTPs would eventually be phased out and replaced by a more secure app-based authentication system.
Bank officials say app-based verification is safer and more reliable, significantly reducing the risk of fraud, delayed messages, and fake or intercepted OTPs.
