UAE’s Payment Authentication Revolution: The End of SMS OTP
On July 25, 2025, the Central Bank of the UAE (CBUAE) issued a landmark directive mandating all UAE banks to phase out SMS and email OTPs by March 2026. This pivotal move signals a major overhaul of the payment infrastructure, aiming to standardize in-app biometric authentication across the entire banking ecosystem. For years, SMS and email OTPs have been the go-to method for authenticating financial transactions. However, this approach has increasingly revealed vulnerabilities, including OTP leaks and delays due to inconsistent telecommunications infrastructure. Globally, fraud related to SMS OTPs caused a staggering $6.7 billion in losses in 2021. In the UAE alone, scams surged by 43% year-on-year, impacting over 40,000 individuals in 2023, making SMS OTPs an easy target for cybercriminals. To mitigate risks and enhance the user experience in payments and transactions, the CBUAE has directed the banking sector to adopt safer and more advanced authentication mechanisms integrated into mobile banking applications. The directive mandates all UAE banks to: This means that within the first eight months of implementation, financial institutions must develop a transition roadmap, test, and roll out new authentication systems to fully replace traditional OTPs. Users will no longer receive OTPs via SMS or email; instead, they will approve transactions directly within banking apps using fingerprints, facial recognition, or push notifications. This shift reduces transaction latency, enhances user experience, and strengthens security. Currently, banks like Emirates NBD and ADIB have already adopted biometric login and soft tokens, while many others still rely on traditional OTPs and must urgently upgrade before the deadline. This bold move by the UAE is expected to ripple across the GCC, particularly Saudi Arabia, within the next 12 months. A unified standard for secure payment authentication across the MENA region is likely to emerge, fundamentally transforming the current payment infrastructure. Savyint – Pioneering Strong Authentication Solutions for MENA Payments Amid increasingly stringent payment security and user authentication requirements, particularly with the CBUAE’s new regulations, SAVYINT – a global technology leader in open banking, data security, and authentication solutions – is poised to partner with financial institutions and payment service providers across the MENA region. SAVYINT delivers a comprehensive ecosystem of advanced strong authentication solutions, fully compliant with international standards and leveraging cutting-edge passwordless technologies to elevate user experience: SAVYINT offers a robust suite of authentication solutions for payments and transactions: By combining robust authentication technologies with strict adherence to international security standards such as FIDO2, PSD2, eIDAS, GDPR, and PCI DSS, Savyint’s solutions enable banks, fintechs, and service providers in MENA to rapidly deploy modern, flexible authentication platforms that integrate seamlessly with existing systems and fully comply with CBUAE regulations. Connect with Savyint’s experts today to build a secure and compliant payment ecosystem.
Savyint Group attends Entrust UNRIVALED APAC Partner Bootcamp FY26
From July 22-24, 2025, Savyint Group joined leading technology partners from the Asia-Pacific region in Da Nang, Vietnam, to participate in the UNRIVALED APAC Partner Bootcamp FY26, Entrust’s annual in-depth training program. The APAC Partner Bootcamp FY26, hosted by Entrust – a global pioneer in security and PKI – aims to provide comprehensive training for strategic partners across the Asia-Pacific region. This year, event brought together numerous IT experts, strategic partners and senior Entrust leaders from across the Asia-Pacific (APAC) region. The bootcamp served not only as a platform for exchanging expertise in cybersecurity but also as an opportunity for Savyint Group to reinforce its leadership position, expand its data security and PKI solutions in Vietnam and strengthen international partnerships. Through various sessions, Entrust experts shared insights on critical cybersecurity topics, including: Crypto Security – Unified cryptography management to support compliance and risk management; PKI & CLM – Public Key Infrastructure and Certificate Lifecycle Management; Cyber Risk Prevention – Centralized security and identity verification; nShield5 HSM – Next-generation hardware security modules, enhancing performance and meeting the highest security standards. Notably, the topic “Data Security in the AI and Quantum Era” provided deep insights into challenges and solutions for enhancing data security in the age of artificial intelligence and quantum computing – an area where Savyint Group is actively advancing and holds a strong market position. At the event, Mr. Steve Hoang, CTO of Savyint Group, stated: “Participating in the UNRIVALED APAC Partner Bootcamp FY26 alongside Entrust enables Savyint Group and regional strategic partners to stay ahead of 2026 data security trends and expand our ecosystem of comprehensive security solutions. This is also an opportunity for us to enhance our capabilities to serve clients and increase our influence in the region.” With over 20 years of experience in consulting and deploying PKI, HSM, and digital identity and signing platforms for government, finance, banking, healthcare, and education sectors, Savyint Group is committed to partnering with Entrust to build a secure and sustainable digital ecosystem, meeting the growing demands of customers in the digital era. Event hilights: Day 1: Day 2: Day 3:
Establishing Digital Trust in Banking
As digital services continue to grow, user expectations for security and data privacy are rising. Digital Trust has become a competitive advantage in banking, where financial institutions must not only deliver services but also demonstrate reliability in protecting customers’ personal data, assets and privacy. What is Digital Trust? Digital Trust is the confidence customers place in an organization’s ability to protect data, ensure secure transactions, and comply with regulations. It extends beyond mere trust in a business to include confidence in technology, data management, operational transparency, customer service, and adherence to fair, lawful practices. For example, Public Key Infrastructure (PKI) provides a foundation for secure digital identity, document signing, data encryption, and timestamping—core elements for a secure and reliable digital experience. Broadly, adopting PKI is part of building Digital Trust, reinforcing customer confidence in an organization’s ability to safeguard data, comply with laws, and operate transparently. The Importance of Digital Trust in Banking Digital Trust is critical for financial institutions, as banks handle vast amounts of sensitive information daily, from personal data and transaction histories to financial assets. Strengthening Digital Trust enables organizations to: The Core Pillars of Digital Trust in Banking To build robust Digital Trust, banks must focus on six key pillars: security, transparency, privacy, data integrity, ethical technology use, and regulatory compliance. Each pillar plays a critical role: Protecting customer data from unauthorized access, cyberattacks, and fraud is paramount. Banks should adopt modern security technologies, such as: + Data encryption + Multi-factor authentication (MFA) + Biometric authentication (fingerprint, facial recognition) Privacy goes hand-in-hand with security. Banks must minimize unnecessary data collection and sharing while empowering users with transparent, understandable privacy policies and control over their data. Customers must know how their data is used, who has access, and what safeguards are in place. Transparency—from clear privacy policies to timely communication of changes—builds trust. In case of breaches, banks should have response mechanisms in place, including timely customer notification, damage control, and fair compensation if needed. User-friendly and secure authentication is essential for trusted digital transactions. Banks should implement solutions such as: + Biometric authentication + Blockchain-based identity management + Strong authentication to prevent unauthorized access A secure digital identity process also helps banks comply with KYC requirements while ensuring customer convenience and data protection. Customers expect up-to-date, accurate data—from account balances to transaction records. Banks should ensure this by: + Conducting regular audits + Establishing clear data verification processes + Maintaining transparent reporting systems Artificial Intelligence (AI) and Machine Learning (ML) can further enhance reliability by detecting anomalies, automating data handling, and ensuring data consistency. As AI becomes more integrated into banking—from loan suggestions to credit scoring—banks must ensure: + AI systems provide fair, unbiased recommendations, without discrimination based on gender, age, geography, or income (e.g., not denying loans solely based on rural residence). + Use of Explainable AI, allowing customers to understand decisions made. + Clear feedback and appeal channels if customers disagree with AI-driven decisions. To establish Digital Trust, organizations must adopt technology platforms recognized for compliance with national and international standards, ensuring secure, transparent, and verifiable digital transactions. For example, PKI enables secure encryption, digital signing, and identity verification. Leveraging services from trusted providers and adhering to standards like eIDAS, FIPS, GDPR, and ISO/IEC 27001 demonstrates a serious commitment to protecting customer data and privacy. Digital Trust is now a strategic priority in the digital transformation of financial institutions. Building it through robust security, transparency, privacy, data integrity, and ethical technology use is essential for banks to maintain a leading position. Establishing Digital Trust with SAVYINT SAVYINT is a global technology company pioneering open banking, data security, and protection across critical sectors like Finance-Banking, Government, Manufacturing, Telecommunications, Healthcare, Education, and Media. Beyond being a trusted service provider, SAVYINT offers electronic authentication services, including timestamping and Qualified Trust Services (QTSP) for digital signing and electronic seals through its QTSP Remote Signing solution. With extensive experience in designing, deploying, and operating electronic identity systems (eKYC), digital signing, data encryption, and PKI and CA systems (national, internal and public CAs) for numerous banks and financial institutions, SAVYINT provides a comprehensive suite of solutions to establish Digital Trust: Connect with SAVYINT experts HERE to establish Digital Trust for your organization!
SAVYINT and ENTRUST Strengthen Collaboration in PKI and Blockchain Development in Vietnam
SAVYINT is a leading provider of best-in-class trusted solutions and services. Its strategic partnership with ENTRUST to develop PKI and Blockchain systems marks significant progress in the quality and product offerings of SAVYINT. Founded in 1969 and headquartered in Minneapolis, Minnesota, USA, ENTRUST employs over 2,500 people globally and is a world leader in secure transaction and trusted authentication technology. In 2020, the company rebranded from Entrust Datacard to ENTRUST Corp., with a focus on secure identities, payments, and data protection. ENTRUST has expanded its offerings through acquisitions, including nCipher for hardware security modules (HSM), HyTrust for data security management, and WorldReach for cloud infrastructure, creating a comprehensive product ecosystem with seamless customer experiences. SAVYINT is one of ENTRUST’s key partners in providing security and digital identity solutions. The collaboration includes the development of ENTRUST’s products such as: During a recent meeting between ENTRUST and SAVYINT, Chris Siah, Director of Digital Security Solutions for ASEAN & China at ENTRUST, emphasized, “ENTRUST’s solutions meet international standards such as eIDAS, GDPR, PSD2, HIPAA, and more. In Southeast Asia, we continue to upgrade our strategic security, encryption, and digital identity solutions to match local market demands and regulations. SAVYINT is a leading brand in Vietnam’s IT sector, and we are confident that this partnership will drive ENTRUST’s further expansion in Vietnam.” Mr. Van Hoang Nguyen – Chairman of the Board of SAVYINT, added, “Post-COVID-19, the market for cross-border digital transactions is primed for growth. The expansion of PKI and Blockchain applications in healthcare, education, and finance is advancing rapidly, driven by the vibrant digital transformation in Vietnam. SAVYINT is the first in Vietnam to achieve QTSP certification for providing electronic signature and remote signing services that comply with the EU’s eIDAS regulations. This is a key competitive advantage as SAVYINT’s services are recognized across 27 European countries. With our strong foundation and ENTRUST’s top-tier products, we look forward to even closer collaboration in the future.” SAVYINT is solidifying its leadership position in the digital signature market, gaining certifications for key services like TrustCA Timestamp and TrustCA Qualified Remote Signing. This partnership between SAVYINT and ENTRUST promises to deliver comprehensive security for digital signature applications, electronic identity and authentication systems, and Blockchain, fully complying with both Vietnamese and global information security regulations.