UAE’s Payment Authentication Revolution: The End of SMS OTP
On July 25, 2025, the Central Bank of the UAE (CBUAE) issued a landmark directive mandating all UAE banks to phase out SMS and email OTPs by March 2026. This pivotal move signals a major overhaul of the payment infrastructure, aiming to standardize in-app biometric authentication across the entire banking ecosystem. For years, SMS and email OTPs have been the go-to method for authenticating financial transactions. However, this approach has increasingly revealed vulnerabilities, including OTP leaks and delays due to inconsistent telecommunications infrastructure. Globally, fraud related to SMS OTPs caused a staggering $6.7 billion in losses in 2021. In the UAE alone, scams surged by 43% year-on-year, impacting over 40,000 individuals in 2023, making SMS OTPs an easy target for cybercriminals. To mitigate risks and enhance the user experience in payments and transactions, the CBUAE has directed the banking sector to adopt safer and more advanced authentication mechanisms integrated into mobile banking applications. The directive mandates all UAE banks to: This means that within the first eight months of implementation, financial institutions must develop a transition roadmap, test, and roll out new authentication systems to fully replace traditional OTPs. Users will no longer receive OTPs via SMS or email; instead, they will approve transactions directly within banking apps using fingerprints, facial recognition, or push notifications. This shift reduces transaction latency, enhances user experience, and strengthens security. Currently, banks like Emirates NBD and ADIB have already adopted biometric login and soft tokens, while many others still rely on traditional OTPs and must urgently upgrade before the deadline. This bold move by the UAE is expected to ripple across the GCC, particularly Saudi Arabia, within the next 12 months. A unified standard for secure payment authentication across the MENA region is likely to emerge, fundamentally transforming the current payment infrastructure. Savyint – Pioneering Strong Authentication Solutions for MENA Payments Amid increasingly stringent payment security and user authentication requirements, particularly with the CBUAE’s new regulations, SAVYINT – a global technology leader in open banking, data security, and authentication solutions – is poised to partner with financial institutions and payment service providers across the MENA region. SAVYINT delivers a comprehensive ecosystem of advanced strong authentication solutions, fully compliant with international standards and leveraging cutting-edge passwordless technologies to elevate user experience: SAVYINT offers a robust suite of authentication solutions for payments and transactions: By combining robust authentication technologies with strict adherence to international security standards such as FIDO2, PSD2, eIDAS, GDPR, and PCI DSS, Savyint’s solutions enable banks, fintechs, and service providers in MENA to rapidly deploy modern, flexible authentication platforms that integrate seamlessly with existing systems and fully comply with CBUAE regulations. Connect with Savyint’s experts today to build a secure and compliant payment ecosystem.
Establishing Digital Trust in Banking
As digital services continue to grow, user expectations for security and data privacy are rising. Digital Trust has become a competitive advantage in banking, where financial institutions must not only deliver services but also demonstrate reliability in protecting customers’ personal data, assets and privacy. What is Digital Trust? Digital Trust is the confidence customers place in an organization’s ability to protect data, ensure secure transactions, and comply with regulations. It extends beyond mere trust in a business to include confidence in technology, data management, operational transparency, customer service, and adherence to fair, lawful practices. For example, Public Key Infrastructure (PKI) provides a foundation for secure digital identity, document signing, data encryption, and timestamping—core elements for a secure and reliable digital experience. Broadly, adopting PKI is part of building Digital Trust, reinforcing customer confidence in an organization’s ability to safeguard data, comply with laws, and operate transparently. The Importance of Digital Trust in Banking Digital Trust is critical for financial institutions, as banks handle vast amounts of sensitive information daily, from personal data and transaction histories to financial assets. Strengthening Digital Trust enables organizations to: The Core Pillars of Digital Trust in Banking To build robust Digital Trust, banks must focus on six key pillars: security, transparency, privacy, data integrity, ethical technology use, and regulatory compliance. Each pillar plays a critical role: Protecting customer data from unauthorized access, cyberattacks, and fraud is paramount. Banks should adopt modern security technologies, such as: + Data encryption + Multi-factor authentication (MFA) + Biometric authentication (fingerprint, facial recognition) Privacy goes hand-in-hand with security. Banks must minimize unnecessary data collection and sharing while empowering users with transparent, understandable privacy policies and control over their data. Customers must know how their data is used, who has access, and what safeguards are in place. Transparency—from clear privacy policies to timely communication of changes—builds trust. In case of breaches, banks should have response mechanisms in place, including timely customer notification, damage control, and fair compensation if needed. User-friendly and secure authentication is essential for trusted digital transactions. Banks should implement solutions such as: + Biometric authentication + Blockchain-based identity management + Strong authentication to prevent unauthorized access A secure digital identity process also helps banks comply with KYC requirements while ensuring customer convenience and data protection. Customers expect up-to-date, accurate data—from account balances to transaction records. Banks should ensure this by: + Conducting regular audits + Establishing clear data verification processes + Maintaining transparent reporting systems Artificial Intelligence (AI) and Machine Learning (ML) can further enhance reliability by detecting anomalies, automating data handling, and ensuring data consistency. As AI becomes more integrated into banking—from loan suggestions to credit scoring—banks must ensure: + AI systems provide fair, unbiased recommendations, without discrimination based on gender, age, geography, or income (e.g., not denying loans solely based on rural residence). + Use of Explainable AI, allowing customers to understand decisions made. + Clear feedback and appeal channels if customers disagree with AI-driven decisions. To establish Digital Trust, organizations must adopt technology platforms recognized for compliance with national and international standards, ensuring secure, transparent, and verifiable digital transactions. For example, PKI enables secure encryption, digital signing, and identity verification. Leveraging services from trusted providers and adhering to standards like eIDAS, FIPS, GDPR, and ISO/IEC 27001 demonstrates a serious commitment to protecting customer data and privacy. Digital Trust is now a strategic priority in the digital transformation of financial institutions. Building it through robust security, transparency, privacy, data integrity, and ethical technology use is essential for banks to maintain a leading position. Establishing Digital Trust with SAVYINT SAVYINT is a global technology company pioneering open banking, data security, and protection across critical sectors like Finance-Banking, Government, Manufacturing, Telecommunications, Healthcare, Education, and Media. Beyond being a trusted service provider, SAVYINT offers electronic authentication services, including timestamping and Qualified Trust Services (QTSP) for digital signing and electronic seals through its QTSP Remote Signing solution. With extensive experience in designing, deploying, and operating electronic identity systems (eKYC), digital signing, data encryption, and PKI and CA systems (national, internal and public CAs) for numerous banks and financial institutions, SAVYINT provides a comprehensive suite of solutions to establish Digital Trust: Connect with SAVYINT experts HERE to establish Digital Trust for your organization!
eKYC solution using HyperLedger Fabric
The Central Bank of Bahrain (“CBB”) has has launched the eKYC by financial institutions in the Kingdom as part of its initiatives for digital transformation in the sector. The eKYC solution built by Bahrain BENEFIT utilizes hyperledger Fabric Blockchain platform. The platform was built in collaboration with Avanza Innovation company. The national eKYC platform, which was the first of its kind in the region targeting retail banks, financial services providers and money exchange networks, is operated by BENEFIT in collaboration with the Information and eGovernment Authority (IGA) and under the supervision of the CBB. The platform provides a national digital identity database for financial institutions to securely verify the identities of their customers, validate their information and share data digitally before providing products and services. This includes retrieval of customer data from governmental entities including IGA. BENEFIT has also developed the Application Programming Interface (“API”) for the platform, which allows for seamless integration with financial institutions core systems, digital channels and mobile apps. With the introduction of Open Banking in Bahrain, this also provides an opportunity for fintech companies to verify customers identities through their online and mobile applications. Mr. Khalid Al Hamad, Executive Director of Banking Supervision at the CBB said “The CBB urges all licensed financial institutions to avail of this innovative and streamlined service and accelerate its efforts towards automating the maintenance of its customer data and reputation records, by implementing eKYC API integration with their core systems, digital channels and mobile apps. We continue to support technological advancement in the sector to minimize cost while also fostering innovation and integration between financial institutions and fintech companies. This is also in line with the CBB’s continuous efforts in developing the financial sector infrastructure in light of the Covid-19 repercussions to ensure appropriate solutions for electronic payment systems.” BENEFIT’s Chief Executive Officer Abdulwahid Janahi said “It gives us great pleasure to continue developing the eKYC platform in an effort to drive digital transformation in the Kingdom’s various sectors. We have succeeded in enabling the integration of this digital platform into core banking systems and smart phone applications, and we are pleased to announce that Bahrain Islamic Bank has successfully integrated this platform into its core banking services system, while “ila” Bank offers customer on-boarding in a completely digital and autonomous manner through its mobile app, both based on eKYC API integration. We look forward to the use of eKYC services on a larger scale during the coming period.” The Vice Chairman of eTransformation in the Information & eGovernment Authority (iGA), Dr.Zakareya Ahmed Alkhaja, confirmed that iGA cooperated with “BENEFIT” that implemented the technical development of the project, under the supervision of CBB. The project aims to provide an advanced comprehensive eSystem for financial entities to verify the identity of their customers and the validity of the information, before providing the financial services. He pointed out that the authority has started providing identity verification services to the government sector, and this project complements providing the services to the private sectors, especially the banking sector, as the project will allow the it to start providing innovative, high-quality, secure data services that keep the privacy of individuals. That will lead to enhance economic growth and expand commercial activities in the Kingdom. He expressed his pride that the (eKYC) project is the first of its kind in the region and the first at the level of global applications in terms of cooperation between the government and the banking sector, as the implementation of projects globally is limited to cooperation between banks in the private sector. This project is also one of the first Projects using Block Chain technology in the Kingdom of Bahrain. Source: https://www.unlock-bc.com/news/2021-02-01/central-bank-of-bahrain-launches-hyperledger-fabric-ekyc-platform-with-benefit/
SAVYINT and Wultra strengthen partnership to develop authentication solution
On April 17, 2024, SAVYINT and Wultra entered into a collaboration to develop and implement authentication and compliance solutions for digital banking and financial services, aligning with Decision 2345/QĐ-NHNN. Accordingly, both parties pledge to collaborate closely in fostering the development of cutting-edge authentication solutions that adhere to the stringent security standards and regulations mandated for clients in the Finance, Banking, Insurance, Securities, Healthcare, Digital Media & Broadcasting and Government sectors. Wultra will provide advanced authentication, identity management, data security, and privacy solutions for SAVYINT’s digital solutions and services, encompassing: SAVYINT’s enterprise customers can now leverage the most cutting-edge authentication platform to enhance end-user experiences, safeguard data privacy and minimize e-commerce transaction risks. In addition to these core offerings, SAVYINT is also focused on accelerating the development of innovative platforms and solutions, including: By seamlessly integrating and developing these solutions, SAVYINT and its partners can achieve comprehensive improvement and enhance their business operations. Mr. Ondrej Kupka – A Wultra representative has emphasized SAVYINT’ position as a crucial strategic partner, citing the company’s comprehensive Digital Signature Solution and Open Banking Platform. The representative stressed that this collaboration will benefit both parties and foster market growth. Wultra’s comprehensive authentication solution fully complies with the legal requirements outlined in Vietnam’s Decision No. 2345/QĐ-NHNN. About SAVYINT SAVYINT is a leading provider of trusted digital products, solutions, and services with deep expertise in PKI systems, digital signature solutions, data encryption/privacy, open banking, blockchain & key management, cybersecurity services and AI and cloud applications… Committed to international standards, SAVYINT delivers top-tier solutions designed to meet the highest security and compliance requirements. Its advanced technical infrastructure supports digital transformation across diverse sectors such as government, healthcare, finance, education, logistics, transportation, telecommunications, and broadcasting. With a strong focus on innovation and security, SAVYINT is a reliable partner for organizations seeking to enhance operational efficiency and data security in the digital era. About Wultra Wultra is a global pioneer in authentication, information security, and data privacy solutions. Wultra serves as a digital financial guardian, empowering banks and fintech companies with modern, easy-to-deploy authentication solutions that elevate customer experiences. As a trusted partner with an open-source, developer-friendly approach, Wultra’s solutions can be implemented in weeks, not months. Wultra has established itself as a leading provider of digital banking security in the Czech Republic. The company is actively expanding its international market strategy.