UAE Banks Shift To In-App Approvals: Banks in the UAE are making a big change to how they keep your money safe. Starting Friday, July 25, they’ll begin gradually moving away from sending one-time passwords (OTPs) through SMS and email. Instead, they’ll shift to more secure app-based approvals, following new rules from the UAE Central Bank.
UAE Banks Begin Phasing Out SMS and Email OTPs
Don’t worry, it won’t happen all at once. Banks have until March 2026 to fully make the switch. That gives customers plenty of time to get used to the new system, which is designed to offer better protection from fraud and scams.
Expert Insight: Why In-App Approvals Are Safer
“This update makes sense. App-based approvals are safer than SMS, and it’s the direction banking needs to go. Of course, scammers will keep trying new ways. So just stay smart: don’t approve anything unless you’re the one who triggered it, and reach out to your bank if something feels suspicious,” said UAE-based financial coach Jay Adrian Tolentino.
Jay Adrian Tolentino pointed out that scammers are constantly evolving. Even with better tech, people still need to stay alert.
Financial content creator Kartik Iyer welcomed the change and said it was long overdue. He explained that most scams don’t happen because people are careless. They happen because scams are getting more clever.
“Even the sharpest minds can fall for it. In a rush, in a moment of stress, we slip and that one OTP can cost you thousands. The new move by banks to shift OTPs inside the app instead of relying on SMS, WhatsApp, or email is brilliant,” he said.
Many banks and financial systems around the world are already switching to more secure ways of verifying transactions. These include app notifications or biometrics like fingerprint or facial recognition.
“Why should someone have to go to a third-party app to access something as sensitive as an OTP? Keep it in-app. Keep it secure. This is a small change that will prevent countless scams,” Iyer added.
Kartik Iyer, UAE-based financial content creator:
This move was long overdue. Most banking scams happen because people unknowingly give away their OTPs not because they’re careless or uneducated, but because scams are getting smarter. Even the sharpest minds can fall for it. In a rush, in a moment of stress, we slip and that one OTP can cost you thousands.
Finance coach and chartered accountant Carol Glynn also supports the update. She said traditional methods like SMS and email are easy targets for hackers.
“The traditional authentication methods of SMS and email OTPs are susceptible to interception and fraud. Attackers can hijack mobile numbers through SIM swapping or trick users via phishing to obtain OTPs, making it easy to bypass these security measures,” she explained.
Glynn explained why SMS and email OTPs are risky:
SIM swap attacks: Hackers trick mobile providers to get control of your phone number and grab your OTPs.
Phishing: Scammers make fake websites or messages to fool you into giving up your OTPs.
Delays and fatigue: Sometimes you don’t get OTPs on time, or you get so many that you accidentally approve something you shouldn’t.
- Outdated systems: The SMS network (SS7) is old and easier to hack.
- Fake cell towers: Criminals can pretend to be mobile networks and intercept your texts.
- Email hacks: If someone breaks into your email, they can steal your OTPs.
- Phone malware: If your device is infected, it can send your OTPs straight to scammers.
Instead, Glynn recommends in-app approvals and biometrics, which don’t rely on networks or email and offer more protection.
“In-app verification requires customers to approve transactions directly within their bank’s official mobile app, often using fingerprints, facial recognition, or device-based authorisation,” she said.
“This approach reduces phishing risks, eliminates dependency on the telephone network or email, and adds layers like biometric scans, passcodes, or liveness detection for stronger security.”
Besides being more secure, in-app approvals are also faster and easier to use. You can confirm transactions with a single tap, and usually see the transaction details first. That gives you more control and peace of mind.
“Biometric authentication (fingerprint, facial recognition, etc.) leverages unique user physical traits, which are much harder to replicate or steal compared to OTPs. This adds strong security by verifying both device possession and user identity,” Glynn added.
Are In-App Approvals Foolproof?
While in-app approvals are a big step forward in security, they’re not completely foolproof. Finance coach Carol Glynn pointed out that fraud tactics are always evolving, and even app-based methods have their weaknesses.
“Push based MFA [multi-factor authentication] can carry the risk of MFA fatigue attacks where a hacker repeatedly triggers approval prompts until the user unwisely taps ‘Accept’,” she said.
That’s why staying informed and having strong app security is still very important. Users need to stay alert and banks need to keep their systems updated and secure.
Glynn explained that how well this shift works will depend on a few key things: how well banks build and maintain these new systems, how smoothly customers adjust to the changes, and whether everyone stays cautious as fraud tactics continue to change.
ALSO READ: Why iPhone Cases Have That White Circle at the Back
