CBUAE Mandates Enhanced Anti-Fraud Security for UAE Financial Institutions

The Central Bank of the UAE (CBUAE) has issued directives to financial institutions across the country to implement advanced security protocols that extend beyond traditional One-Time Passwords (OTPs). The move follows a rise in sophisticated cyber-attacks and social engineering tactics targeting bank customers. Shift Toward Multi-Factor Authentication Financial institutions are now required to deploy enhanced multi-factor authentication (MFA) frameworks to secure digital transactions. While SMS-based OTPs have served as a standard second layer of security, regulators have identified vulnerabilities, including SIM-swapping and phishing, which allow unauthorized access to accounts. The new requirements push for more robust verification methods, including biometric data and hardware-based security keys. The directive mandates that banks integrate behavioral analytics and device fingerprinting into their security architecture. These technologies monitor user patterns—such as typing speed, navigation habits, and geographic location—to flag anomalies that suggest fraudulent activity, even if a transaction is initiated with correct credentials. Combating Evolving Fraud Tactics Industry…