Fight FraudBank Safety Controls

How to keep your OTP secure

With more and more people transacting online, online banking fraud has become a more serious problem than ever. Hackers and fraudsters have gotten more difficult to spot, that’s why it’s important for users to keep their accounts as safe as possible to avoid becoming the next victim.

Financial institutions including Metrobank go through great lengths to ensure that users’ accounts stay secure. One of the extra layers of protection used is the One-Time Password or OTP.

What’s the meaning of OTP?

OTP or One-Time Password is a form of identification that is part of a security system called 2-factor authentication or 2FA. OTPs are used by companies, such as banks, to prove the user’s identity.

How does OTP work?

Through the use of OTP, users need to go through an extra step in the login process or payment transaction to prove that they are the legitimate owners of the account. When triggered, the app or website will require a password before pushing through with a transaction. These passwords are sent by your bank to your registered mobile number or email, and usually expire after five minutes or less.

Each OTP is unique and generated right at the moment of transaction, preventing hackers with access to your login credentials from stealing from your account.

Is OTP safe?

Generally, OTP is safe. Think of your username as your passport and your OTP as your boarding pass to your online bank account. You’ll need both to successfully log in. Your OTP is your online bank account’s last line of defense, which is why it is very important to keep it private. Hackers may acquire your username and password, but the OTP will keep them out.

However, they won’t stop here. Expect that they would exhaust every possible way to get that OTP from you. Here are some things to look out for to keep your OTP secure.

OTP best security practices

  1. Keep your OTP private. Never share your OTP with anyone. This includes family members, friends, and people claiming to be representatives of banks, telephone companies, subscription networks, etc. Service providers will never ask for your OTP, so if someone calls you and urgently asks for your online banking OTP, immediately change your access password and report the fraud attempt to your bank.

  2. Limit your trusted devices. It’s best to limit your account to one linked device. This makes it easier for you to track if an OTP request is being made for your account. If you receive an OTP out of the blue, change your credentials right away.

  3. Report theft at once. Since OTPs are linked to your mobile number, any change in mobile number has to be reported to your bank or account administrator especially if your mobile phone gets lost or stolen. Thieves won’t waste time before hacking your account, so make sure you lock your account, change the linked mobile number, or terminate the mobile number with your service provider right away.

If you suspect you’ve been a victim of fraud, call us immediately and report the fraud incident to (02) 88-700-700 or 1-800-1888-5775. You can also email us at using “Report on Possible Fraud” as the subject line.