UAE banks are beginning to phase out traditional one-time passwords sent via SMS or email, replacing them with in-app transaction approvals aimed at improving speed and security.
The move comes as financial institutions respond to a rise in phishing attempts, SIM-swap scams and OTP interception, which have made text-based verification increasingly vulnerable.
Under the new system, customers authorise card payments directly inside their banking apps using push notifications and built-in security features such as biometric authentication or smart pass PINs. This keeps the entire approval process within a secure, bank-controlled environment rather than relying on external messaging channels.
As previously reported by Khaleej Times, Emirates NBD is among the banks that have started replacing OTPs with app-based verification. Instead of receiving a code by SMS, customers are prompted to approve transactions through the ENBD X mobile app. A recent transaction review shows how the new process works in practice.
How the new approval system works
Step 1: Authorisation prompt
After entering card details for an online payment, customers no longer see an OTP request. Instead, a message appears on the payment page asking them to authorise the transaction through their bank’s mobile app.
At the same time, an SMS alert is sent advising that a card payment requires confirmation and directing the customer to log in to the ENBD X app and visit the Activities section.
Step 2: Pending payment alert
Once logged into the app, customers receive a notification indicating that there is a pending online card payment awaiting review.
Step 3: Review and verify
Tapping the alert opens an “Authorise transaction” screen. Customers are prompted to carefully check the payment details, including the merchant name and transaction amount. Clear options are provided to approve or decline the payment, along with a two-minute countdown timer showing how long the request remains valid.
Step 4: Final approval
If the customer approves the transaction, the app requests a smart pass PIN or biometric verification. Once confirmed, the payment is completed instantly, with no OTP required or shared.
What customers should expect
The transition away from OTPs is being implemented in phases. From July 25, UAE banks began discontinuing SMS and email OTPs for selected digital and card transactions. During the rollout period, customers may still encounter a mix of authentication methods depending on the bank, transaction type and channel.
