Dubai, UAE – United Arab Emirates banks are actively phasing out SMS and email One-Time Passwords (OTPs) in favor of in-app banking authorisation, a move designed to bolster security and streamline transaction approvals. This shift impacts all residents who conduct online banking and aims to mitigate the growing threat of digital fraud. Customers are now being encouraged to adopt this more secure method for authorizing payments and transfers.
The transition to in-app authorisation is happening now, with major banks leading the charge. This change isn’t simply a technological upgrade; it represents a fundamental shift in how financial institutions approach security in the digital age. The move is being implemented following guidance from the Central Bank of the UAE, which has emphasized the need for stronger authentication methods.
What is In-App Banking Authorisation?
In-app banking authorisation allows users to approve or reject financial transactions directly within their bank’s mobile application. This eliminates the need to switch between apps or rely on codes delivered via SMS or email. The process typically begins when a user initiates a payment, transfer, or online purchase through their bank’s platform.
- A push notification is sent to the user’s smartphone via the bank’s app.
- Tapping the notification opens the app and displays the complete transaction details.
- The user then verifies their identity using biometric authentication, such as a fingerprint or facial recognition, or a PIN.
- Finally, the user can approve or decline the transaction with a single tap.
This system operates within a secure app environment, offering a more controlled and protected process compared to traditional methods.
Why the Move Away from SMS OTPs?
For years, SMS and email OTPs were the standard for verifying online transactions. However, these methods have become increasingly vulnerable to sophisticated cyberattacks. According to security experts, SMS-based authentication is inherently less secure due to vulnerabilities in the telecommunications network.
One major concern is phishing. Fraudsters can create fake websites that mimic legitimate banking portals, tricking users into entering their OTPs. Because in-app authorisation takes place entirely within the official banking app, it significantly reduces the risk of falling victim to these scams.
Another growing threat is SIM-swap fraud, where criminals hijack a user’s mobile number to intercept OTPs. In-app authorisation bypasses this vulnerability by relying on the device itself and the user’s biometric identity, rather than the SIM card.
Banks are also leveraging the enhanced security features available within mobile apps. These include multiple layers of protection, such as biometrics, passcodes, and even liveness checks – which require users to perform a specific action, like a video selfie, to prove they are a real person. These features are difficult to replicate through SMS or email.
Ultimately, in-app authorisation provides users with greater control and transparency. Before approving a transaction, they can review the exact amount, the recipient’s name, and the purpose of the payment, minimizing the risk of unauthorized charges.
Benefits of In-App Banking Authorisation
Beyond enhanced security, in-app authorisation offers several user-friendly advantages. The process is typically faster and more convenient than waiting for an SMS code to arrive, especially for those travelling internationally or in areas with poor network coverage.
The one-tap approval process, utilizing fingerprint or facial recognition, simplifies the authentication process. This streamlined experience is particularly beneficial for frequent online banking users. Additionally, having all transaction details and the approval process contained within a single app creates a more cohesive and intuitive user experience.
How to Activate In-App Authorisation
Major UAE banks, including Emirates NBD, Mashreq, ADCB, and FAB, are currently rolling out “App-based Authentication” or “Smart OTP” features within their mobile apps. Activation generally involves a few simple steps.
- First, update your bank’s mobile app to the latest version available in the app store.
- Next, navigate to the security settings or authentication options within the app.
- Enable biometric login, if prompted, and toggle the “App-based authorisation” feature on.
Banks typically provide detailed step-by-step guides on their websites or through their customer service channels to assist users with the activation process.
As the transition progresses, some customers may still receive OTPs for certain transactions. However, the long-term goal is to eliminate reliance on SMS and email OTPs entirely, making in-app authorisation the standard for all online banking activities in the UAE. The adoption of this technology is also expected to reduce the overall incidence of financial fraud.
Looking ahead, the complete phasing out of SMS OTPs is expected within the next year, although a firm deadline has not been set. Banks will continue to monitor the transition and provide support to customers as they adopt the new system. The success of this initiative will depend on widespread customer adoption and ongoing vigilance against emerging cyber threats.
Justin is a personal finance author and seasoned business journalist with over a decade of experience. He makes it his mission to break down complex financial topics and make them clear, relatable, and relevant—helping everyday readers navigate today’s economy with confidence.
Before returning to his Middle Eastern roots, where he was born and raised, Justin worked as a Business Correspondent at Reuters, reporting on equities and economic trends across both the Middle East and Asia-Pacific regions.
