According to a recent LinkedIn post from Ideem, the Central Bank of the UAE has set a 2026 deadline for licensed financial institutions to move from SMS and email one-time passwords to stronger authentication methods. The post notes that affected entities include banks, card issuers, acquirers, payment service providers, and stored value providers.
Claim 30% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The LinkedIn post highlights that acceptable alternatives include biometrics, cryptographic tokens such as passkeys, in-app verification, and behavioral biometrics, while SMS OTPs, email OTPs, and standalone static passwords no longer qualify. It also indicates that 3DS fraud involving SMS OTPs now obliges full customer refunds with immediate effect.
The post suggests that Saudi Arabia’s earlier stance on stronger authentication has been followed by a more explicit deadline in the UAE, signaling a regional regulatory shift. For investors, this tightening of standards may create near-term compliance and technology upgrade costs for financial institutions, while potentially expanding demand for providers of strong authentication and fraud-prevention solutions.
If Ideem operates in authentication, digital identity, or fraud-mitigation technologies, the regulatory timeline referenced in the post could represent a catalyst for increased customer adoption and contract activity. More broadly, the described global move away from OTPs may influence competitive dynamics in payments security, favoring firms positioned with scalable biometric and cryptographic solutions.