Skip to main content

According to UK Finance, banks prevent two thirds of financial fraud cases. And in many cases, they have two factor authentication (2FA) to thank.

2FA is an extra security step where you provide two different security details to prove you’re you. Using a card and a PIN, a passcode and a fingerprint, or online login details and a one time passcode are all common examples of 2FA.

Want to know more about the technique protecting you from fraud? Read on as we take a closer look at one time passcodes and how they keep your money safe.

Why do we send one time passcodes?

We’ll send you a one time passcode (OTP) when we need to check that it’s really you using your account.

This might be when you’re sending money within the UK using Faster Payments, when you log in to Online Account Management or the app from a new device, or when you buy something online with Mastercard 3D Secure.

One time passcodes (OTPs) help to keep your money safe, because even if a fraudster has your account details or login information, they’re unlikely to have your phone too. And without that code, they’ll struggle to get their hands on your cash.

Why shouldn’t I reveal a one time passcode?

Just like a lock on your front door helps keep burglars out of your home, OTPs keep fraudsters out of your account. And you wouldn’t hand your front door key to a burglar, so don’t give your OTP to anyone.

Fraudsters attempt to trick victims into revealing a one time passcode by pretending to be their bank. They might claim that they’re contacting you about suspicious activity on your account and panic you into handing over account details or log in information.

The fraudster will then try and make a payment from your account, which triggers your bank to send an OTP. And once they’ve got the OTP, they’ve got all the information they need to steal your cash.

What should I do if I receive an OTP I wasn’t expecting?

If you receive a one time passcode which you didn’t request, report it to your bank straight away.

OTPs can take a few minutes to come through, so if you receive a code within 15 minutes of trying to make a payment or log in online, it might not be too worrying. Though if you’re unsure, it’s worth giving your bank a call to double check.

Our advice on one time passcodes

Keep them to yourself! Don’t reveal a one time passcode to anyone, even if they claim to be from thinkmoney. We’ll never ask you to reveal a one time passcode, so if you get asked for one over the phone, by text or by email, it’s a scam. Hang up, don’t click any links in emails and texts, and don’t reply to messages directly.

For more fraud prevention tips and advice, visit the Take Five to Stop Fraud website.

Legal Information