UAE Banks Phase Out OTPs Amid Fraud Surge

News

1. UAE Banks Phase Out OTPs Amid Fraud Surge
2. Data Leak at Abu Dhabi Finance Week Exposes Details of 700+ Delegates
3. Alibaba’s Latest Open-Weight Qwen3.5 Enters a Crowded Field
4. MBZUAI Secures $1M from Google.org to Narrow AI’s Language Divide
5. UAE Emerges as Global Powerhouse, 42% of Firms Named ‘AI Leaders’
6. Riyadh Launches Automated Traffic Compensation Under Osool Program

Banks in the UAE are accelerating a shift away from SMS-based one-time passwords (OTPs), arguing that app-based transaction authorisation offers stronger protection against a surge in social engineering scams.

Under new regulatory timelines, lenders must phase out OTPs sent via SMS and email by March 31, 2026. In their place, banks are deploying in-app approvals that require customers to authenticate transactions directly within their mobile banking platforms — a move executives describe as a transition from “soft” to “hard” authentication.

“It’s happening because the amount of fraud and scams globally has become a very big issue, and UAE residents have also been victims,” said Raheel Ahmed, Group CEO of RAKBank, in an interview with Khaleej Times. 

Many of these scams, he noted, rely on social engineering tactics that trick customers into sharing OTPs received via SMS. By shifting authentication into the bank’s app environment, institutions aim to reduce interception risks and limit the effectiveness of phishing schemes.

The timing reflects broader structural changes in the UAE’s payments ecosystem. Digital and e-commerce transactions have expanded rapidly, crossing an estimated $60 billion in 2025 as consumers deepen their reliance on online platforms. Data from the Central Bank of the UAE shows retail transactions under the UAE Funds Transfer System (UAEFTS) rose 22.57 percent in 2024 to 109.7 million transactions, with total value climbing 20.63 percent year-on-year to Dh7.4 trillion. As transaction volumes scale, so too does the attack surface for fraud.

RAKBank, listed in Abu Dhabi, has already migrated more than 180,000 customers to in-app authentication. According to Ahmed, authorisation rates have reached 80 percent, with limited friction reported. The bank has supported adoption through customer education campaigns, including instructional videos embedded within its digital channels.

The shift also aligns with the UAE’s longer-term ambition to build a cashless economy. App-based authorisation increases customer engagement with digital banking interfaces, potentially reinforcing ecosystem lock-in while reducing reliance on legacy infrastructure such as telecom-based SMS gateways.

Yet the transition is not purely technical. Banks must manage behavioural and generational divides in digital literacy. Ahmed acknowledged that elderly customers require additional support, and lenders are introducing targeted assistance to ease onboarding. The effectiveness of this migration will depend not only on cryptographic robustness, but on usability and trust.