E-Paper
Sign In
Sun, Jan 18, 2026 | Rajab 29, 1447 | Fajr 05:45 | DXB 
22.2°C
iPhone | iPad
Android
No more OTPs for UAE banking: Step-by-step guide to new 2026 payment system
Khaleej Times recently completed a transaction to understand what the new app-based verification looks like in practice
UAE banks are beginning to move away from traditional one-time passwords (OTPs) sent via SMS or email, replacing them with in-app transaction approvals designed to be faster and more secure. The shift comes as banks respond to rising cases of phishing, SIM-swap fraud and OTP interception, which have made SMS-based verification increasingly vulnerable.
Under the new system, customers are required to authorise card payments directly within their banking app, using push notifications and app-level security such as biometric verification or smart pass PINs. This ensures transaction approvals happen within a secure, bank-controlled environment rather than through external messaging channels.
Recommended For You
As reported by Khaleej Times, Emirates NBD is among the banks that have begun replacing OTPs with app-based verification, where customers receive a push notification on their banking app instead of an SMS code. We recently completed a transaction to understand what the new app-based verification looks like in practice.
Stay up to date with the latest news. Follow KT on WhatsApp Channels.
Step 1: Authorisation prompt
After entering card details for an online payment, customers no longer receive an OTP pop-up. Instead, a message appears on the payment screen asking them to authorise the transaction via the bank’s mobile app.
At the same time, the bank sends an SMS alert informing the customer that a card payment requires confirmation and instructing them to log in to the ENBD X app and navigate to the Activities section to approve the transaction.
Step 2: Pending payment
Once logged into the app, a notification appears stating that there is a pending online card payment. The message prompts the user to review the payment.
Step 3: Review window
Tapping the alert opens a dedicated ‘Authorise transaction’ screen. Customers are reminded to carefully review the payment details before proceeding.
The screen shows key information such as the merchant name, transaction amount, and clear options to approve or decline the payment. A countdown timer of two minutes indicates how long the customer has to take action before the request expires.
Step 4: Final approval
If the customer chooses to approve the transaction, the app prompts them to enter their smart pass PIN. Once verified, the payment is completed instantly, without any OTP being entered or shared.
What happens now?
The shift away from OTPs is being rolled out in phases. From July 25, UAE banks began phasing out OTPs sent via SMS and email for certain digital and card-based transactions. During this transition period, customers may experience a mix of authentication methods depending on the bank, transaction type and channel used.
Banks are expected to fully discontinue SMS and email OTPs by March 2026, as part of a wider push by regulators to strengthen digital banking security.
Sahim Salim
As Associate Editor, Sahim Salim helps tell the UAE story like no one else does — and leads a team of reporters that asks the questions to get news and headlines that matter.
Don’t just scroll. Know it all. Sign up for your daily UAE news fix.
Get the top stories of the day right in your inbox.
