UAE banks are increasingly moving away from traditional SMS one-time passwords (OTPs) and shifting toward in-app authentication, a change that reflects growing concern over fraud and digital security. While the move adds an extra step for customers, many residents say the added protection is a worthwhile trade-off.
UAE banks are increasingly moving away from traditional SMS one-time passwords (OTPs) and shifting toward in-app authentication, a change that reflects growing concern over fraud and digital security. While the move adds an extra step for customers, many residents say the added protection is a worthwhile trade-off.
The shift comes as OTP-related scams surge across the UAE, with fraudsters using phishing links, fake calls and social engineering tactics to trick users into sharing SMS codes. Once obtained, these codes can give criminals immediate access to bank accounts, enabling unauthorised transfers within seconds. Banks and regulators have repeatedly warned that SMS-based verification, while convenient, is vulnerable because messages can be intercepted or manipulated.
In-app authentication is designed to close these gaps. Instead of receiving a text message, users are prompted to approve transactions directly within their bank’s official mobile app. Crucially, the app displays exact transaction details, such as the amount, merchant or recipient, before approval is granted. This allows customers to immediately spot suspicious activity and reject unauthorised requests.
For many residents, particularly those who have experienced scams, the change brings reassurance. “Seeing the amount before approving makes a big difference,” some customers say, noting that it reduces panic-driven mistakes during high-pressure scam attempts. Security experts also note that in-app approvals are more difficult for criminals to exploit remotely, as they rely on device-level protections, such as biometrics and encrypted connections.
However, not everyone is convinced. Some users argue that the process feels slower or less convenient, especially when internet connectivity is weak or when switching between apps during payments. Others worry about what happens if their phone battery dies or if they are locked out of the app. Banks say they are working to improve reliability and offer backup verification options where needed.
Despite these concerns, the overall direction is clear. Financial institutions globally — not just in the UAE — are phasing out SMS OTPs in favour of more secure methods, including app-based approvals and biometric authentication. Regulators have encouraged the shift as part of broader efforts to combat digital fraud and protect consumers.
As scams become more sophisticated, banks argue that convenience can no longer come at the cost of safety. For a growing number of UAE residents, the answer to the debate is simple: security over convenience — even if it takes an extra tap.
In-app authentication is designed to close these gaps. Instead of receiving a text message, users are prompted to approve transactions directly within their bank’s official mobile app. Crucially, the app displays exact transaction details, such as the amount, merchant or recipient, before approval is granted. This allows customers to immediately spot suspicious activity and reject unauthorised requests.
For many residents, particularly those who have experienced scams, the change brings reassurance. “Seeing the amount before approving makes a big difference,” some customers say, noting that it reduces panic-driven mistakes during high-pressure scam attempts. Security experts also note that in-app approvals are more difficult for criminals to exploit remotely, as they rely on device-level protections, such as biometrics and encrypted connections.
However, not everyone is convinced. Some users argue that the process feels slower or less convenient, especially when internet connectivity is weak or when switching between apps during payments. Others worry about what happens if their phone battery dies or if they are locked out of the app. Banks say they are working to improve reliability and offer backup verification options where needed.
Despite these concerns, the overall direction is clear. Financial institutions globally – not just in the UAE – are phasing out SMS OTPs in favour of more secure methods, including app-based approvals and biometric authentication. Regulators have encouraged the shift as part of broader efforts to combat digital fraud and protect consumers.
As scams become more sophisticated, banks argue that convenience can no longer come at the cost of safety. For a growing number of UAE residents, the answer to the debate is simple: security over convenience – even if it takes an extra tap.
