Starting from January 6, 2026, banks in the UAE will no longer send one-time passwords (OTPs) through SMS or email for online card payments. Instead, customers will be required to approve all online transactions directly through their bank’s official mobile app.
Banks have advised customers to download, register, and activate their mobile banking apps in advance to avoid any disruption in making online payments. Without the app, customers may not be able to complete card transactions on websites or apps.
This change is part of a wider move toward app-based verification that first started in July 2025. The goal is to improve security, protect customers from fraud, and reduce risks linked to SMS and email-based verification methods. By using mobile apps for authentication, banks aim to offer safer and more reliable digital banking experiences.
