Starting July 25, 2024, the Central Bank of the UAE will begin implementing a major security change: banks will no longer send one-time passwords (OTPs) via SMS or email for credit and debit card transactions. Instead, institutions must adopt stronger authentication methods, such as in-app notifications or tokenized authentication flows.
This change will be rolled out gradually over the next 20 months, giving banks time to update their systems—but the shift needs planning now.
What’s Changing?
The new rule requires all banks to replace OTP delivery through SMS and email with secure multi-factor authentication (MFA) methods. This includes in-app notifications, digital banking channels, and tokenized authentication to ensure transactions remain safe and frictionless.
Why the Shift?
SMS and email OTPs are vulnerable to phishing, SIM swap attacks, and email compromises. Moving to app-based and tokenized authentication strengthens security and customer trust in the payments landscape.
Impact on Card Transactions
- Applies to all credit and debit card transactions that require authentication
- Banks must upgrade their infrastructure to support real-time, secure authentication flows
- Customers will rely on mobile apps and embedded authentication experiences
How NymCard Helps You Stay Ahead
With NymCard’s API-first, modular platform, you can:
✅ Embed real-time, secure authentication flows into your customer experience
✅ Enable tokenized transactions and digital wallet integrations
✅ Ensure compliance with CBUAE regulations while maintaining speed and UX
If your institution is still reliant on SMS/email OTP for authentication, now is the time to upgrade. Future-proof your payments infrastructure with a platform designed for security, compliance, and innovation.
👉 Talk to our team today to learn how NymCard can help you implement next-gen authentication.
.svg){kind=small}
