UAE Restructures Banking Auth with New Fraud Regulations

The Central Bank of the UAE will enforce new regulations by March 2026 that mandate financial institutions to abandon SMS and email-based one-time passwords (OTPs) for customer authentication. This shift comes in response to increasing vulnerabilities associated with these traditional methods, which have been easily compromised by fraudsters through tactics like SIM swapping. As a secure alternative, mobile authentication tied directly to banking apps is being advocated, promising enhanced security and cost-effectiveness.

These changes coincide with a surge in impersonation scams, compelling banks to implement advanced techniques such as behavioural analytics and active call detection to thwart fraud. By integrating these technologies, financial institutions can gain a more sophisticated understanding of customer interactions and detect suspicious activities in real time. This regulatory evolution not only fortifies national defense against fraud but also enhances the overall trust in the UAE’s financial infrastructure.