One Time PIN (OTP)

A One Time PIN (OTP) is a 6-digit code that T-Mobile Care / VR sends to customers as a secondary verification to protect customers from sensitive account changes.

1. Review OTP Guidelines

Review OTP guidelines, exceptions, and what systems support them.

  • Only a Billing Responsible Party (BRP), Primary Account Holder (PAH), or Authorized User (AU) can verify OTPs.
  • Use Atlas to manually send and verify OTPs, unless otherwise noted.
  • Atlas and Samson require 2-Factor Authentication (2FA) during account verification, such as account PIN + OTP.
    • Accounts with no voice lines (data or HSI-only) and cancelled accounts can be verified with either PIN or OTP to access the account. Sensitive transactions still require both.
    • OTP is required to verify an active account with at least 1 voice line, unless Atlas displays "OTP not required" or using bypass.
    • To handle OTP during account verification, including difficulty verifying, see Account verification: Care / VR.
  • Atlas displays "Verified - OTP Not required" after system verification and when the customer is calling from a T-Mobile device. See Check Transaction Type > OTP not required.
  • Only one OTP is required for multiple account changes.
    • If the customer is updating the SIM card and the billing address on the account, only send one OTP to complete both account changes.
    • For some account changes, like a SIM card change, the customer receives a confirmation SMS and the OTP. The OTP is required to complete the SIM change. Always check the policy for any other notifications that are sent, to know if they are required.
  • OTPs must be validated on the same mobile number.
    • If you send an OTP to 123-456-7891, you must select the 123-456-7891 line or the OTP won't validate.
    • The system remembers one OTP at a time. If you send two to the same phone number, only the second one will work.
  • An OTP is valid for 3 minutes after it has been sent.
  • OTPs usually arrive within seconds when sent by SMS.
  • OTPs should be sent via SMS only unless another option is available in the policy, like HSI line activations.
    • If customers state they received a call from T-Mobile asking for sensitive information such as an OTP or account PIN, capture the phone number that called the customer and complete an incident report.
    • Never make account changes or share information with customers who cannot fully verify, and always report suspicious activity, watch for red flags and be familiar with Fraud call scenarios > Refuses or has trouble verifying.
  • OTPs for suspended accounts (Atlas)
    • OTP is available to send by SMS for verification with some accounts in Atlas with a suspended status, including military, seasonal, and non-payment reasons.
    • Lost/stolen and fraud suspended accounts are ineligible to receive an OTP.
    • OTP for suspended accounts is not available in other systems, such as Samson.

Suspend Reason CodeSuspend Reason
CCSPConnected Car Suspend
CDDSCustomer Delayed Deployment
EDUSEducation Summer Suspend
ELDXEmpl Sus - Ladex
ERSUEmergency Response Suspend
FPFirst Pmt Default
FPQFirst Pay Default
GLRNGSM Line Req Not Met Suspend
HBLQHigh Bal Ladex
HBLTHigh Balance Suspend
HBLXHigh Balance Ladex
HBSQHigh Bal Sus
IFReturned Check
IFQReturned Pmt
LADXSus - Ladex
LDIFReturned Pmt
LDXMSus - Ladex
LXNCSus - Ladex
MSSMilitary
NSNon-Payment
NSQNon-Payment
PRHBPR High Balance Suspension
RETNRetention Suspend
RMReturned Mail
RMLXReturned Mail Ladex
RMQReturned Mail
RSLXReseller Ladex
RSQReseller Sus
RSSFor use by Resellers Only
RTPMReturned Pmt
SACSBy Special Acct Care
SNP1Non-Payment
SNQ1Non-Payment
SNQ2NonPay No Restore Fee
SSSeasonal
SSQSeasonal
SU60Proof of Age Needed
SUNCSpecial Unlimited No Charge
SUWOAddl WO Acct
TMPSTemporary Suspend

Exceptions

  • Try another voice line.
    • If the customer cannot receive an SMS OTP, attempt to send SMS OTP to another active line on the account (if available).
    • If the customer’s phone is lost or stolen or cannot receive SMS, and the account has no other voice lines, then OTP can be sent to an eligible Home Internet line on the account by SMS (if gateway is capable).
    • If policy requires the OTP to be sent only to the BRP/PAH’s phone number for specific transactions (including TPOP), then the OTP should not be sent to other lines on the account.
    • Accounts in a cancelled status: Verify the account PIN.
      • For canceled accounts, OTP verification in Atlas can be sent to the paperless billing email address.
      • Sensitive account changes still require 2FA (PIN+OTP).
    • Non-voice accounts (wearable/HSI/tablet/etc.) with no active voice line:
      • Verify the account PIN,
      • Or verify with an OTP to the registered email address.
      • Sensitive account changes still require 2FA (PIN + OTP).
  • If there are no voice lines on the account that can receive an SMS OTP (such as lost/stolen, cancelled, or full suspend accounts that are not eligible for OTP), see Cannot receive OTP below.
  • If a customer cannot verify the account, see Account verification: Care / VR > Unauthorized or unable to verify.
  • HSI exceptions:
    • HSI line activations require OTP via email. The customer receives the OTP via email even if they have active voice lines on their account.
    • For specific HSI guidelines to bypass the OTP, see Account Verification: Home Internet or Connected Car Support.

2. Check Transaction Type

Check the list of OTP required transactions on every call.

Account changes requiring OTP

  • Verification at account entry:
    • Atlas: Active accounts with at least 1 voice line require an OTP to verify an account, unless Atlas displays "OTP not required" or using bypass.
    • Samson: Both PIN and OTP are required to verify an account.
    • See Account verification: Care / VR for more details
  • Check if policy requires an OTP.
    • If the account was verified with 1-factor authentication (1FA) or bypass, the sensitive transactions below can trigger OTP.
    • Some policies may require an OTP and they may not be captured below.
    • Always check the policy first before making the change.
  • Home Internet only accounts without T-Mobile ID registration: An OTP is required to update their service notifications email address. This is also the case for new HSI lines that are being activated. See Verification exceptions & Special Account Care > Home Internet only notifications for details.
  • Accounts with both fiber and wireless
    • Accessing T-Fiber Portal (via Atlas Toolbox):
      • The OTP must be sent to a MSISDN marked as PREFER in the "Search and Verify" screen.
      • PREFER means the line has a registered T-Mobile ID, with a Primary Account Holder (PAH) or Authorized User (AU).
      • If there are multiple AU registered, multiple PREFER lines appear.
    • No PREFER line on the account: Send the OTP to the primary line to complete verification. If speaking to the PAH, assist with T-Mobile ID setup in T-Life.
    • PREFER line cannot receive an OTP (lost/stolen/broken device): Look for another PREFER line on the account to send the OTP. If speaking to the PAH, assist with T-Mobile ID setup in T-Life.
    • Other issues: Refer customer to Retail for ID verification scan or escalate to Leadership to assist your customer.
  • RSL: See Issues that need RSL assistance if you're wondering if you can help.

  • When completing these account changes, the OTP automatically sends to the customer unless they are calling from their T-Mobile device.
  • If the customer is not calling from their T-Mobile device and the OTP is not sent, manually send the OTP.
  • Exception: On transactions restricted to the Billing Responsible Party (BRP)/Primary Account Holder (PAH), only send the OTP to the BRP/PAH phone number.
  • Account changes requiring OTP are marked with ✔ below:
Samson & Atlas actionsSamsonPrepaid

Business Retail

Business & Government (Non-Retail)

Activating a new line of service; adding a line to an existing account (AAL)

Validate an OTP, then generate a Token to use in DASH for AALs

 

 

Add/change /remove authorized users

Samson steps
TFB steps

✔*


 

Add or remove NOPORT or NOPORTMI features

Atlas / Samson steps

✔*

Billing address change

Atlas / Samson steps

 
Cancel account (BAN) or line (MSISDN)✔*✔***

Change/add billing account PIN/passcode

Prepaid / Samson steps

✔*

Change Of Responsibility (COR)

Samson steps

✔*

 

✔***

Change primary subscriber indicator

Samson steps

✔*

Existing AU forgot/unable to verify Account PIN/Passcode

Atlas / Prepaid steps

Paperless billing or T-Mobile ID email address change

Atlas steps

  

Release account number
(When an account is canceled for write-off, you don't need to validate an OTP to provide the account number.)

Atlas / Prepaid steps

✔**

SIM change

Atlas / Samson steps

 

SSN changes

Samson steps

✔*

   

Temporary Port-Out PIN (TPOP)

Atlas Lite - NTC, NTC CRT, & NTC Casework ONLY

✔*


   

Upgrade/Device purchase

Atlas steps

 

 

* Only the Billing Responsible Party (BRP) or Primary Account Holder (PAH) can request these changes. Send the OTP to the BRP/PAH's number. Do not send the OTP to an Authorized User (AU) or End User.

** The OTP is for inbound calls or messages only. It is not required for accounts with assigned Support Experts.

*** Business Care Offline can cancel account (BAN) or line (MSISDN) or complete Change Of Responsibility (COR) without an OTP.

Rebellion actions:

  • There are 5 transaction types that require a ‘2FA’. This is dependent on which verification method the customer utilized at the account verification step.
  • How was the prepaid account verified?
    • Account PIN – There will be a prompt for OTP verification.
    • OTP – There will be a prompt for Account PIN verification.
      • If a customer forgets their PIN, the Send Reset PIN Instructions button will send a message to the customer with details, the account holder to change the PIN by logging in with the primary line in self-service.
      • If a customer verified with the account PIN, an OTP is required.
  • Required 2FA transactions:
    • Change SIM
    • Change PIN
    • Change Email
    • Change ZIP/PPU
    • Remove Port Out Protection

  • Atlas displays ATLAS Verified - OTP Not required (also known as ANI verified) after system verification and when the customer is calling from their device on the T-Mobile network.
    • For transactions restricted to the Billing Responsible Party (BRP)/Primary Account Holder (PAH), the BRP/PAH must verify. See: Billing Responsible Party & Authorized Users.
    • Authorized Users can only perform eligible transactions. If they request a restricted transaction, refer them to the BRP/PAH.
  • Caller name and PIN/Passcodes are required to complete account verification.
  • If the customer forgot their PIN and Atlas shows "Verified - OTP Not required" (ANI verified), the "Forgot PIN" link is available to send an OTP instead.
  • Eligibility restrictions for ATLAS Verified - OTP Not Required:
    • Not available while roaming. Customers must be on the T-Mobile network.
    • Caller must be verified as the BRP or AU on the account.
    • Only available for supported account types in Atlas.
    • For lines newer than 30 days when the account has other lines older than 30 days, OTPs & Atlas Verified are unavailable for the following changes:
      • Resume from cancel
      • SIM change
      • AAL to existing BAN
      • Add AU to existing BAN
    • Note: For lines less than 30 days of tenure, refer to Verification by caller type > Account with less than 30 days of tenure.
  • If the caller's name is the BRP/PAH and the account has been verified with ATLAS Verified - OTP Not Required, the following transactions do not require an additional OTP:
    • Add/change /remove authorized users
    • Billing address change
    • Change/Add billing account PIN/Passcode
    • Paperless Billing or TMO ID email address change
    • SIM change
    • Upgrade/Device purchase

Manually validate SMS (Care & VR only)

If the OTP is not able to be validated automatically by the system, follow the below steps to manually validate the OTP. Once validated, you can then generate a token to continue working on the account.

  • Use Atlas to verify an OTP to use in other systems. In Atlas, hover over Tools, select One Time PIN, and this let you generate a token to use in another system.
  • See Token verification to pass verification and OTP status to other systems.

  1. Access the OTP verification screen by choosing from the following:
    • From Tools, click One Time PIN.
    • Navigate to the transaction requiring an OTP and initiate the transaction.
  2. Select MSISDN or email address to send the OTP, then click Send.
  3. Manually enter OTP in the One Time PIN field.
  4. Click Verify. If successful, the Verify button switches to Proceed.
  5. Click Proceed to return the transaction, fully verified.

  1. Under the One Time PIN Verification section of Checkout, select MSISDN or email address to send the OTP, then click Send One-Time PIN.
  2. Manually enter OTP in the One Time PIN field.
  3. Click Verify One-Time PIN.
    • If successful, One-Time PIN Verification shows verified and the Payment Information option becomes available.
    • If unsuccessful, attempt to confirm the One-Tim PIN again with the customer or attempt to send a new One-Time PIN.

3. OTP Support

Learn about what to do when an OTP cannot be sent or a workaround is needed.

Non-voice line OTP bypass

Use the OTP bypass only if both the Guidelines and the Transaction type are met.

Guidelines

  • Only applies to non-voice lines.
  • Do not verify these transaction types with email OTP. No exception.
  • Check the table for the transaction type:
Non-voice line transactionOTP bypassSend to Retail store
or receive via SMS/digital

Change of Responsibility

 

 

 

Move authorization

 

 

 

Device Upgrade/Replacement

 

 

 

Manage Security Features (NOPORT, SIM PROTECTION)

 

 

 

Release Account Number

 

 

 

SIM Change

 

 

 

SSN Changes

 

 

 

Address Changes

 

 

 

Temporary Port Out PIN

 

 

 

Update e-mail address (for paperless billing/notification)

 

 

 

Reinstalling eSIM Profile

 

 

 

*The SIM change transaction can be handed back for completion in Atlas after a leader has bypassed the OTP.

Care/RSL/VR process

  • If you require an OTP to verify the account, use Verification by account type to understand when and how to use OTP during verification.
    • If you suspect your caller's request doesn't seem right, send a One time PIN from Atlas to confirm their identity, even if the request does not require an OTP.
    • If you send an OTP for account verification, and policy requires an OTP for a second reason, like a SIM change, you do not have to complete a second OTP.
  • Accounts without voice lines that cannot receive SMS OTPs: Work with your site leadership and follow the OTP verification bypass.
  • Customers can visit My T-Mobile (limited transactions) or a Retail store to complete One Time PIN-required account changes if they cannot validate or receive an OTP. (These transactions are covered in Account changes requiring OTP.)
  • Standalone accessories purchases do not require an OTP. (You may need to complete the OTP process to access the portion of DASH to place the order.)
  • If you've exhausted all options to send an OTP, the customer must visit a Retail store for assistance and needs to provide ID verification.

Retail stores

  • Complete and successfully verify the ME by following Mobile Expert verification.
    RSL: For COR Store-in-Store (SiS) kiosks, see the exception below.
  • Advise the Mobile Expert (ME) that for Care/RSL to assist, the customer must verify an OTP to complete any OTP-required changes.
    • Do not bypass the OTP.
    • System issues are not an acceptable reason for RSL to bypass an OTP for transactions that can be completed in-store. If an ME asks for an OTP bypass, advise that they must work with their customer and store leadership to resolve the request and report their system issue.
    • Most OTP-required transactions that retail can support or bypass are completed by the ME in-store, and RSL is not required. See common transactions that require an OTP.
  • If the customer cannot receive the OTP:
    • Ask if the customer can use self service options on My T-Mobile or the T-Mobile app.
    • If they cannot use self service and the transaction is listed below as one that can be completed in-store, do not assist without the OTP. Do not bypass.
    • Bypass is only for specific account types/scenarios, such as HSI-only and Connected Car support. See those respective policies for bypass eligibility.
    • For SIM Protection handling, see SIM Protection.
  • If the Mobile Expert needs help with a SIM change, explain that the SIM transaction can be completed in-store with ID verification and RSL cannot bypass the OTP.
    • If the customer suspects someone may have their device or SIM and is declining the SIM change, follow Fraud call scenarios to report fraud, and reach out to your site leadership for assistance with restoring the customer's SIM if necessary.
    • Make sure you review the memos and status to see that the declines are in fact happening.

RSL exception: COR Store-in-Store (SiS) kiosk

SiS Store Managers at Company-owned kiosks in SiS locations occasionally need to contact RSL for support with SIM changes on their kiosk’s store phone (Company-Use BAN) in order to make sure they can receive calls from customers at their location.

  • If the SiS Store Manager contacts RSL through the IVR and is able to provide their dealer code, name, token code, and passcode, engage a supervisor for bypass support.
  • Leaders and Global Care Leaders review Account Verification and Bypass in Coach’s Toolkit for more details on exception bypass handling on this use case for SiS Kiosk phone line SIM maintenance during RSL calls.

Common in-store transactions that require an OTP (RSL does not bypass)

These are some scenarios when an OTP is needed if the customer is in store, and RSL should not bypass a OTP for these reasons. This does not include every scenario in retail, but do not bypass any RSL action that requires an OTP. (For SIM Protection handling, see SIM Protection.)

MEs can complete the following transactions after verifying with an ID scan:

  • Change account PIN
  • Change SIM card
  • Change Authorized Users
  • Change Billing Name
  • Change Billing/Mailing Addresses
  • OTP verification bypass - Single-line account unable to receive OTP

Cannot receive OTP

  • There are situations where accounts may have lines that are unable to receive an OTP. For example:
    • Single voice line accounts without an active device (lost/stolen)
    • Some Mobile Internet, Wearable devices, or inactive Home Internet lines showing as not eligible to send the OTP
    • If the customer has set up additional authentication methods (examples: 2-step verification, SMS authentication, Google Authenticator, account Security Questions, or ID Verify) and they follow the “Forgot Password” flow via TMO.com (cannot get an OTP sent via email)
  • ID Verify: The PAH and AU can use ID Verify as an alternative to OTPs. Customers can authenticate in T-Life, on the web, and on one of their other active lines to transact in T-Life and web.
    • Set up: Refer to Set up T-Mobile ID: Self-Service for customer steps and supported ID types.
    • Authenticate: If the customer already completed a digital or Retail ID Verify and provided ongoing biometric consent, they can verify with just a selfie.
  • OTP to alternate line: If there are multiple voice lines on an account, send the SMS OTP to another line on the account that can receive an OTP. 
  • For prepaid verification issues, see Account verification: Prepaid.

Care/RSL/VR refer the customer to Retail

Follow these steps before sending a customer into the store when they cannot receive OTP:

  1. Confirm the BRP has a valid ID that can be scanned.
  2. Confirm the BRP can visit a retail store to verify the account with their ID.
  3. Tell the customer that after a Mobile Expert verifies their account with an ID, they can complete some common transactions that require an OTP.

Cannot verify OTP/Verification Team process

Care/VR only

If the customer cannot get an OTP due to the customer not having a device active on the network (such as lost/stolen), and the customer cannot update or verify their PIN in self-service:

  • Refer the customer to Retail for assistance to have their acceptable ID verified.
  • Only if the customer cannot go to Retail due to a mobility or distance issue, partner with your Coach or Team Manager for assistance to use all available options, including the Verification Team as a last-resort. Reference the Verification Team section in Account verification: Care / VR under Unauthorized or Unable to Verify.

Retail only

If the customer cannot get an OTP due to the customer not having a device active on the network such as lost/stolen, and the customer’s ID is not able to be scanned, the Verification Team may be able to assist. Use Account Verification - In Store > Account PIN/ID verification issue (Contacting the Verification Team) section.