A person looking down at a cell phone with a book open to the left

The Role of One-Time Passcodes

One-time passcodes are unique codes sent to your mobile device or email that verify your identity before completing sensitive transactions, often involving money. One-time passcodes are effective because they are only valid for a short period and can only be used once, making it difficult for unauthorized users to access your account. However, their effectiveness depends on how securely you handle them. 


Common Scams to Obtain Your One-Time Passcodes 

Scammers use a lot of tricks to obtain your one-time passcodes.
  • Scammers often use urgency and fear to create confusion.
    • Scammers may claim your account will be closed or that you’ll be fined or face legal action if you don’t provide your passcode.
  • Scammers often pretend to be from respected businesses to trick you. Trustworthy organizations will never call, text, email or message you asking for your one-time passcodes or other private information.
    • Scammers may claim they need your passcode to update your records or verify your information for security purposes.
    • Scammers may pretend to be tech/IT support and say they need your passcode to fix an error.

How to Protect Your One-Time Passcodes

  • Think before you act. If you’re asked for a one-time passcode by a caller or via a link in an email or text, it’s a scam.
  • Trustworthy organizations will never use fear or pushy tactics. Do not respond to anyone who contacts you using aggressive or fearful language.
  • Never share your one-time passcode or other private information—even if someone contacts you and says they’re with a company you do business with. Trustworthy organizations will never call, text, email or message you asking for your private personal or financial information.
  • Use antivirus software to defend your electronic devices against malware (malicious software).
  • Enable multi-factor authentication requiring more than one method of verification. This makes it harder for scammers to access your accounts even if they have your one-time passcode.

What to Do if You Suspect a Scam

  1. Change your account passwords immediately.
  2. Contact your financial institution to inform them of the potential fraud.
Your one-time passcode is a helpful tool for keeping your information safe. Remember the mantra “private eyes” and treat every unsolicited request for personal information with suspicion. Ensure you are a private eye for your financial secrets, ensuring they remain just that—secret.