Remote Purchase Fraud in the UK — How OTP Scams Work & How to Protect Yourself
Introduction
Online shopping and mobile banking have made life easier — but they’ve also opened new doors for criminals. One of the fastest-growing scams in the UK is remote purchase fraud. This is where fraudsters use your stolen details to make online purchases, but to succeed they need one extra thing: your one-time passcode (OTP).
By tricking you into handing over that code, scammers get past security checks — and you’re left footing the bill. In 2025 alone, losses from this type of scam are estimated at £400m+ in the UK.
👉 Here’s how OTP scams work, the red flags to watch for, and how to protect yourself.
How Remote Purchase Fraud Works
Criminals get hold of your details (from phishing, fake websites, or data breaches).
They try to use your card online — but the system requests a one-time passcode (OTP), sent to your phone or banking app.
You then get a call or text pretending to be from your bank’s fraud team. They warn of “suspicious activity” and pressure you to share the code.
Once you read it out, the transaction goes through. Because you “authorised” it, banks may refuse reimbursement.
Real-World Examples
A text arrives saying: “Barclays Fraud Team: Unusual activity detected. Please confirm the OTP we just sent you.”
A call from a spoofed number tells you: “Your account is at risk, we need your code to block the transfer.”
In both cases, the scammer already has your details. All they need is the OTP to break through security.
💡 Pro Tip
Banks will never ask you to share an OTP. If someone does, hang up and call back on the official number.
💡 Pro Tip
Save 7726 in your contacts. You can forward scam texts there for free and help block fraudsters quickly.
How to Protect Yourself
Never share OTPs, PINs, or passwords.
Ignore caller ID — it can be faked.
Call your bank using the number on your card, not one texted to you.
Enable app alerts for suspicious logins or payments.
Save 7726 in your contacts to forward scam texts instantly.
🔑 Key Takeaway
If anyone pressures you to share an OTP, it’s a scam. Banks will never ask for it.
FAQ
What is remote purchase fraud?
It’s when criminals use your details to make online payments, often by tricking you into sharing a one-time passcode.
Will my bank refund me if I gave out an OTP?
Not always. Because you “authorised” it, banks may argue it’s your responsibility. Prevention is best.Not necessarily. Fraudsters pay for ads too. Go directly to the bank’s official website instead.
Can caller ID be faked?
Yes — it’s called spoofing. Fraudsters make their number look like your bank’s.
What should I do if I already gave out an OTP?
Call your bank immediately, block your card, and report to Action Fraud.
Are OTP scams the same as authorised push payment fraud?
They overlap. Both involve tricking you into “authorising” a payment.
Resources & Next Steps
- 👮 Report scams to Action Fraud (official UK centre)
- 📱 Forward scam texts to 7726 (free)
Related Cleverways Guides
- 📞 Bank Phone Call Scam — How to Spot and Stop It
- 📦 Royal Mail Redelivery Scam — How Fake Delivery Texts Work
- ❌ Scam Myths — 5 Common Misconceptions That Put You at Risk
Extra Protection
Further Reading — Recommended Books
- 📘 Scam Me If You Can — Frank Abagnale’s guide to spotting modern scams
- 📘 Swiped — How to Protect Yourself in a World Full of Scammers
- 📘 The Confidence Game — Psychology of how con artists win trust
- 📘 The Art of the Con — Classic scams explained by a magician & fraud expert
- 📘 The Big Con — How consultancy culture exploits trust and money
📘 Get our Free PDF: Spot Scams in 10 Seconds
Learn 10 instant checks you can use to stop scams in texts, emails, and calls before they trick you.
Get My Free GuideNo spam. Just practical, scam-prevention tips.