SENDING money online means waiting for a brief message with a six-digit OTP. Receiving that code on phones brings a sense of relief. The scene has started to change. What is considered a ‘secure’ method has become one of the easiest gateways for fraud. That era is gradually coming to an end. The United Arab Emirates has announced that by March 2026, all banks will completely phase out SMS and email-based OTPs. A new system will take over: biometric authentication in which transactions will be approved using a person’s face or fingerprint, effectively making the user the password.
The Gulf country has clearly recognised this challenge. Over the past few years, banks in the country have undergone massive digital transformation. Online banking, mobile apps and digital payments have all seen a surge in the number of users. At the same time, cyber fraud and incidents of hacking have also increased. In many cases, hackers use social engineering to gain access to phones and collect OTPs. As a result, banks are forced to look for a solution entirely based on user identity rather than external codes or passwords.
In the United Arab Emirates, every transaction will require biometric verification, using facial recognition or fingerprint scanning. This ensures that no one else can perform a transaction unless the users are physically present. The motivation behind this move is to combat financial fraud. According to the UAE central bank, in 2023 alone, customers lost about $87 million due to online banking scams. In many instances, criminals exploited OTPs through phishing links or SIM swapping to drain accounts. In short, no matter how advanced the technology, if the OTP falls into the wrong hands, security is effectively nullified.
This is why biometric authentication is emerging as the most logical and secure alternative. Whether it is fingerprint, facial recognition, iris scanning, or voice authentication, the methods ensure that only the legitimate user can authorise a transaction. No matter how sophisticated a hacker’s tools may be, replicating someone’s face or fingerprint is nearly impossible. Additionally, biometric data is usually stored in encrypted form and verified locally on the device, greatly reducing the risk of server-side breaches.
Someone commuting to the office daily and returning home in the evening and occasionally using online banking to pay bills or send money to his family, one morning, may receive a bank notification: ‘BDT 200,000 has been transferred from your account.’ He may be shocked that he did not authorise this transaction. On contacting the bank, he may learn that the OTP was sent to his phone and has been used. Further investigation might show that a fraudster previously sent him a phishing link, captured his banking credentials, performed a SIM swap and used the OTP to steal money. This shows that even with OTPs, customers remain vulnerable.
If it had been a biometric process, the bank app would not process the transaction without verifying the face or fingerprint. Even if the OTP was compromised, it would be worthless because biometric information cannot be easily forged. This shows the strength of the technology. With biometric security, users essentially become the passwords, with the face, fingerprint or voice serving as the proof of the legitimate user.
Biometric security offers numerous benefits for customers. There is no need to memorise codes or passwords. The risk of fraud drops dramatically. Banks gain assurance that transactions are genuinely initiated by the account holder. Setting up biometrics may feel a bit bothersome at first, but once it is done, using it becomes easy. No more waiting for OTPs, no worries about forgotten passwords. Transactions can be completed safely in seconds. It is not just a technological upgrade. It provides psychological comfort as well.
The role of the government is crucial in this transition. The United Arab Emirates, for instance, has launched a national digital identity system called UAE PASS, applicable to both citizens and residents. Through this platform, unified biometric authentication is possible across government and private services. Once registered, a user’s face or fingerprint alone suffices for all transactions from logging into a bank account to paying taxes or signing official documents.
This model is highly relevant for Bangladesh. While digital banking is rapidly expanding, security threats are growing alongside. Reports of online scams, phishing attacks and mobile banking hacks are almost daily occurrences. OTPs often provide only a weak security barrier, especially when users are careless or when malware intercepts codes automatically. It is, therefore, time for Bangladesh to move towards biometric authentication.
Bangladesh already possesses a vast store of biometric data through the national identity register database. If this database is securely integrated with the banking sector, it can revolutionise digital authentication. Banks could begin with pilot projects to introduce biometric logins and transactions while the Bangladesh Bank could work out policies to ensure data protection, encryption and user consent.
Technology alone is, however, not enough. Awareness is equally important. Many users still believe that OTPs are entirely secure unaware that they can be hacked or stolen. Banks should regularly conduct digital security awareness campaigns, particularly targeting rural and less tech-savvy users. True success will be achieved when awareness reaches the grass-roots level.
The future of banking will no longer depend on passwords or OTPs. The identification of the user will be the key. The UAE experience shows that biometric security is not just a convenience. It is a necessity. If Bangladesh adopts this system in time, online banking will become safer, more convenient and more trustworthy.
Once, we memorised passwords. Later, came the OTP era. Now, even that era is fading into history. From now on, the face, fingerprint and voice will stand guard as the security. This transformation is not only technological but also a revolution of trust. It envisions a banking ecosystem where humans are the reflection of their own security. The United Arab Emirates has taken the first step on this journey. Others will learn, adapt and together build a safer, smarter and more connected digital world. Because in today’s world, cybersecurity is no longer a luxury; it is an absolute necessity.
Ìý
Brigadier General Mohammad Shahjahan Majib, NDU, PSC, is head of the department of computer science and engineering at the Military Institute of Science and Technology.