What UAE residents need to know about banks' biometric verification

Most banks in the UAE have transitioned from static one-time passcodes (OTPs) and security PINs to in-app authentication based on biometric data such as fingerprints and facial recognition.

The change seeks to bolster security and to fight the increasing incidence of phishing and online fraud. Nevertheless, some residents have expressed distress about confidentiality and permission, as well as concerns regarding required facial recognition approval.

Why Banks Are Adopting Biometrics

Biometric authentication by financial institutions to protect against cybercriminals and unauthorized access

Key Benefits

• More secure than traditional OTPs;

• Lower likelihood of being targeted by phishing & password theft

• Bring banking services more accessible and faster.

• Improved verification for online transactions.

Residents Raise Concerns Over Privacy and Choice

K.A.M, who is a Dubai resident, said she understands tighter security measures need to be implemented but customers should not be forced into how they secure their accounts.

In her opinion, biometric technology does reduce remote fraud but not risks — like physical coercion. When use of biometric methods is forced, she also raises important issues on consent and privacy.

Main Concerns Raised

• Limited customer choice in authentication methods.

• Privacy issues related to biometric data collection.

• Potential misuse of sensitive personal information.

• Risk of physical coercion to gain access to accounts.

Experts Warn Biometric Data Cannot Be Easily Changed

According to cybersecurity expert Maher Yamout, Lead Security Researcher at Kaspersky, biometric authentication is mostly far more secure than OTPs. But with the rapid advancement in artificial intelligence, it is very convenient for criminals to replicate biometric characteristics.

Expert Recommendations

• Encrypt and securely store biometric data.

• Regularly monitor biometric systems for security breaches.

• Implement strict access controls.

• Follow the highest security standards to prevent misuse.

UAE Central Bank Guidelines

The UAE Central Bank requires banks to protect customer credentials from vulnerabilities and unauthorized access.

Banks are also expected to:

• Monitor biometric applications regularly.

• Detecting and responding to security breaches.

• Maintain strong cybersecurity frameworks.

• Ensure customer data remains protected.

Multi-Factor Authentication Considered the Safest Option

Yamout believes the most secure approach is combining biometrics with additional authentication methods such as PINs or passwords.

Advantages of Multi-Factor Authentication

• Combines "something you are" (biometrics) with "something you know" (PIN/password).

• Significantly reduces unauthorized access.

• Provides stronger protection for financial transactions.

• Enhances security for sensitive personal data.

Customers Want Alternative Options

Rihea Sadarangani, founder and CEO of Iconic Episode raised related concerns — saying that if a person's fingerprints are compromised (as they can never be changed), then it may not work appropriately at the time of authentication.

She feels biometric authentication has transitioned from a set of options to more of an obligation, or even pressure for users as banks are pushing them to turn on biometric Authentication within banking apps.

What Customers Are Asking For

• The option to choose between PINs and biometrics.

• Greater transparency about data usage.

• More control over account security preferences.

• Alternative authentication methods for those uncomfortable with biometrics.

Balancing Security and Customer Choice

Biometric authentication, thus delivering you certain ease of use and secure against some cyber crimes but still there are lots of concerns on the basis of privacy, consent is also a big issue. There's agreement among experts and consumers alike that a combination of biometrics and other authentication streams may provide the most balance between security and user choice.