UAE Banks to Replace SMS OTPs With App Based Payment Approvals

Banks in the UAE will end SMS and email one-time passwords for online card payments and require approvals in mobile banking apps, with full adoption due by March 2026. The change shifts payment authorisation from codes sent by text or email to approvals completed inside the customer’s banking application. The Central Bank of the UAE has issued guidelines requiring banks to implement in-app authentication for both domestic and international transactions. Under the new flow, customers receive a push notification in the bank app to authorise a pending payment, view key details such as the merchant name and transaction amount, and then approve using biometric verification or a smart pass PIN; requests expire if not actioned within a set time. This keeps the entire authorisation process within a secure, bank-controlled environment. The rollout is being implemented in phases, and some banks have already begun enabling app-based approvals, including Emirates NBD. During the transition, authentication methods may vary by bank, transaction type or payment channel.