January 2, 2026 | Dubai, UAE: UAE banks to end SMS OTPs for online card payments from January 6 as part of a nationwide shift toward enhanced biometric security. Following a mandate from The Central Bank of UAE, financial institutions are replacing traditional text message codes with secure in-app authentication to combat rising digital fraud.
Critical Deadline for Cardholders
The Decision for UAE banks to end SMS OTPs for online and card payments from January 6 means that millions of customers must now transition to mobile banking applications to authorize transactions. This move targets the vulnerabilities of SMS, such as SIM swapping and phishing. Which have increasingly been exploited by cyber criminals to intercept one-time passwords.
Starting next week, when a customer initiates a purchase on an e-commerce platform they will no longer receive a six-digit code via text. Instead, a push notification will appear on their registered smartphone. The user must then open their banking app and verify the payment using FaceID, a fingerprint scan, or a secure digital PIN.
Mandatory Steps for Seamless Transactions
To ensure service continuity as UAE banks to end SMS OTPs for online card payments from January 6, customers must ensure their banking apps are updated to the latest version. It is essential to enable push notifications within the phone settings. Otherwise, the authentication prompt will not appear leading to declined transactions at checkout.
Banks across the Emirates including Emirates NBD, ADCB, and Mashreq, have already begun sending notices to clients. For those without smartphones, some institutions may offer hardware tokens, but the vast majority of the population will be required to use biometric-enabled devices. This transition is a core component of the UAE’s broader digital transformation strategy to secure the nation’s financial ecosystem.
Read More UAE Jobs Law Clarifies When Notice Periods Can Be Shortened or Skipped
Future of Financial Security in the UAE
The shift as UAE banks to end SMS OTPs for online card payments from January 6 aligns the country with global cybersecurity standards like the European PSD2 regulations. By removing the reliance on cellular networks for SMS delivery, banks expect to reduce transaction latency and eliminate the risk of “man in the middle” attacks.
The focus remains on building a cashless society rooted in trust. While the change requires a shift in user behavior, the long term benefits include faster checkouts and a significant reduction in unauthorized card usage. Residents are urged to register their biometrics within their banking portals immediately to avoid disruptions during the January 6 transition.
Also Read UAE Visa Rules 2025: Multiple Entry New Salary Brackets and Key Changes Explained
