In May 2025, the Central Bank of the United Arab Emirates issued Notice 2025/3057, mandating the elimination of SMS and email one-time passwords (OTPs) for consumer-facing financial institutions by March 31, 2026, as part of a broader effort to combat rising digital fraud rates. The directive prohibits vulnerable standalone authentication methods such as SMS OTPs, which are susceptible to sophisticated attacks, and instead recommends secure alternatives like FIDO2 passwordless authentication, biometric verification, and real-time fraud detection systems. With the liability now shifted to financial institutions for any fraud involving SMS OTPs, banks are under pressure to adopt these advanced methods to reduce fraud, lower costs, and enhance user experience. The notice also requires integrating device, location, and behavioral analysis into fraud detection systems to identify and halt suspicious transactions. Descope, a platform offering no/low-code solutions, supports institutions in transitioning to compliant authentication methods quickly by providing tools like passkeys, adaptive MFA, and trusted device recognition, enabling a seamless shift away from legacy systems without extensive custom development.