UAE Central Bank Tells FIs to Drop SMS, OTP Authentication

Banking Sector Faces Challenges in Meeting March 2026 Compliance Deadline Suparna Goswami (gsuparna) • June 4, 2025

The Central Bank of UAE has issued a directive asking financial institutions to eliminate weak authentication methods including SMS and email one-time passwords.

See Also: AI, Cloud, and Cyber Threats: A Financial Sector Survival Guide

The directive requires the adoption of robust, risk-based user authentication technologies including Emirates Face Recognition, soft tokens and biometrics. Banks are also expected to implement real-time fraud monitoring, suspend sessions when malicious activity is detected and equip consumers with tools to manage their accounts securely.

But meeting the compliance deadline of March 2026 poses significant challenges. Many banks still rely on legacy systems built around OTP infrastructure that will require a fundamental overhaul to support cryptographic tokens, biometric authentication and secure app-based verification.

Educating and transitioning customers to new authentication methods poses another ...