Ghost MOT fraud prevention has never been more urgent. MOT testing stations across the UK are facing a threat that goes beyond the familiar problem of rogue testers issuing fraudulent certificates from within a garage. Recent reports, including coverage by the BBC and confirmed by the DVSA’s own Matters of Testing blog, have revealed that external criminals are now attempting to hack into the MOT Testing Service (MTS). In some cases, tester accounts have already been compromised.
This isn’t a theoretical risk. It’s happening now, and it has serious implications for every authorised examiner, every MOT tester, and every site manager responsible for overseeing a vehicle testing station.
At The MOT Group, we’ve long advised testing stations on the dangers of internal ghost MOT fraud, where a tester issues a certificate for a vehicle that’s never been inspected on site, but the situation has now evolved. The vehicle isn’t on site, the tester isn’t on site, and the person actually logging into MTS may have no legitimate connection to your business whatsoever!
What Is Ghost MOT Fraud, and Why Is Prevention Harder Than Ever?
A ghost MOT is a fraudulent MOT certificate issued for a vehicle that’s never been physically present at the testing station. According to the DVSA, it’s the most serious offence an MOT tester can commit, and it now accounts for approximately 80% of all fraudulent MOT certificates issued in Great Britain.
The number of confirmed ghost MOT cases has been rising sharply, with incidents nearly doubling over a single twelve-month period. Ghost MOT fraud prevention has traditionally focused on internal controls: monitoring tester behaviour, reviewing test volumes, and checking that vehicles are genuinely on site. Those controls remain essential. The new challenge is that the threat now comes from outside the station as well.
The DVSA’s own Matters of Testing blog has confirmed that MTS accounts have been compromised because testers had their login credentials hacked. When that happens, the fraudulent tests may appear entirely legitimate because they’re being entered through a genuine account. Ghost MOT fraud prevention in this context requires a different kind of response: one focused on account security, vigilant monitoring, and team-wide awareness.
The DVSA has responded to the broader ghost MOT problem by rolling out a photo evidence trial, requiring testers to upload a live image of the vehicle in the test bay linked directly to the MOT record in MTS. These measures address the internal threat. Protecting against external account compromise requires action from testers and site managers alike.
How MOT Testing Service Login Security Works
The MOT Testing Service uses a multi-layer sign-in process to protect accounts. All users with a role assigned to their MTS profile are required to enter a six-digit security code when signing in. This code is required once a day when sign-in details remain the same, and it’s generated in one of three ways.
Authentication App
An authentication app installed on a personal smartphone or tablet is linked to the user’s MTS profile. The app automatically generates a time-sensitive security code that’s entered as part of the sign-in process. This is generally considered the most secure method, as the code is device-specific and isn’t transmitted over a network that could be intercepted.
Where an authentication app isn’t used, MTS sends a security code to the unique email address recorded on the user’s profile. A new code is sent each time one’s required. The security of this method depends entirely on the security of the email account itself. If that account has a weak password, is shared with others, or has been compromised, the MTS security code can be intercepted.
What Testers Must Do: Protecting Your MTS Account
Every MOT tester carries personal responsibility for the security of their MTS login. Your credentials are tied to your tester number, and any fraudulent tests entered through your account can result in investigations, suspensions, and potentially prosecution, even if you were entirely unaware the account had been compromised. Ghost MOT fraud prevention starts with each individual tester treating their login details with the same seriousness as their tester authorisation.
The first priority is ensuring your MTS password is strong, unique, and not shared with anyone. A password used across multiple accounts, or one that’s easy to guess, is an open door to anyone attempting to gain unauthorised access. If you use email-based security codes, the password for that email account is just as important as your MTS password itself.
Always sign out of MTS when you’ve finished testing. Leaving a session open on a shared computer, in a staff room, or on a device that others can access is one of the most straightforward ways a bad actor, whether internal or external, can gain access to your account. Don’t leave MTS running unattended.
Never share your login credentials with a colleague, even temporarily or with the best of intentions. Every person who uses MTS must log in under their own account. Shared credentials make it impossible to maintain a clear audit trail, and they expose the original account holder to liability for anything entered during a session they didn’t personally conduct.
If you use an authentication app, keep your phone or tablet secure. If the device is lost, stolen, or replaced, take immediate steps to update your MTS profile. If you believe your account may have been accessed without your authorisation, report it to your site manager and contact the DVSA without delay.
What Site Managers Must Do: Checking Your Test Log Reports
For authorised examiners and site managers, ghost MOT fraud prevention requires active oversight of the testing activity at your station. One of the most effective ways to do that is to cross-check the MOT tests recorded in your station diary against the tests that appear on your Test Log reports in MTS, and to make that a regular, routine task rather than an occasional one.
If a test appears on your Test Log that doesn’t correspond to a vehicle booked through your diary, that’s a red flag that requires immediate investigation. Discrepancies can indicate a range of problems, from administrative errors to internal ghost testing, to the far more alarming possibility that an account connected to your station has been accessed externally.
DVSA investigators have identified fraudulent activity by spotting patterns such as tests completed in implausibly short timeframes, certificates issued outside of normal working hours, and volumes of tests that don’t reflect the realistic capacity of the station. You’re in the best position to notice those same anomalies at your own site, because you know your team, your diary, and your normal working patterns.
It’s also worth reminding your team that the sign-out process isn’t optional. A tester who leaves MTS logged in at the end of a shift is creating a vulnerability that could have consequences far beyond a simple administrative oversight. Establishing a clear protocol around logging in and out, and checking that it’s followed consistently, is a straightforward and effective step in ghost MOT fraud prevention.
The Consequences of Compromised Accounts
The legal and professional consequences of ghost MOT fraud, whether committed internally or through a hacked account, are severe. The DVSA has the power to suspend testing at a station immediately, cancel all certificates issued fraudulently, and pursue criminal prosecution against those involved.
Recent prosecutions have resulted in community orders, hundreds of hours of unpaid work, financial penalties, and in the most serious cases, custodial sentences. Crucially, the vehicles that received fraudulent certificates have had those certificates cancelled, meaning their owners have been required to undergo a legitimate test before the vehicle could legally return to the road.
The reputational damage to a testing station associated with fraud, even where the owner and wider team were unaware and fully cooperative with the investigation, can be significant. Robust ghost MOT fraud prevention, grounded in account security and consistent record-checking, isn’t just about avoiding prosecution. It’s about safeguarding the trust that your customers, and the public more broadly, place in the MOT system.
A Practical Summary for Your Team
The MOT testing system exists to keep unsafe vehicles off Britain’s roads. Every tester and every site manager plays a role in maintaining the integrity of that system, and effective ghost MOT fraud prevention doesn’t require complex procedures. The steps are straightforward, and the impact of following them consistently is significant.
Use a strong, unique password for your MTS account. If your security code is delivered by email, apply the same standard to that email account. Consider switching to an authentication app if you haven’t already done so, as it offers an additional layer of protection that doesn’t rely on email security.
Always log out of MTS when you finish a session. Never share your login credentials. Report any suspicious account activity immediately.
For site managers, make it a routine to compare your Test Log report in MTS against the tests recorded in your station diary. Any test that can’t be accounted for through your normal booking and testing process should be investigated without delay.
If you have questions about MTS security, login procedures, or your compliance obligations as an authorised examiner, the team at The MOT Group is here to help. Please get in touch with Karena to discuss your training and compliance needs.
Useful Resources
MOT Testing Guide: Appendix 2 – Facilities and Security (GOV.UK)
Matters of Testing: How We’re Combating Fraud and Error Within the MOT (DVSA blog)
Matters of Testing: How We’re Tackling MOT Fraud (DVSA blog)
REFERENCES
- DVSA, Matters of Testing blog
How We’re Combating Fraud and Error Within the MOT
Source of: confirmation that MTS accounts have been compromised through hacked tester credentials; ghost MOTs account for nearly 80% of all fraudulent MOTs.
https://mattersoftesting.blog.gov.uk/how-were-combating-fraud-and-error-within-the-mot/
- DVSA, Matters of Testing blog
How We’re Tackling MOT Fraud
Source of: DVSA prosecution statistics (20 in 2021/22 rising to 32 in 2024/25); approximately 300 garages a year losing testing authorisation.
https://mattersoftesting.blog.gov.uk/how-were-tackling-mot-fraud/
- GOV.UK
MOT Testing Guide: Appendix 2 – Facilities and Security
Source of: MTS security code requirements, authentication methods (app, email, and sign-in procedures.
https://www.gov.uk/guidance/mot-testing-guide/appendix-2-facilities-and-security
- BBC News
External Hacking of DVSA MOT System
Source of: reporting on external criminal access to the DVSA MOT Testing Service.
https://www.bbc.co.uk/news/articles/cy5293e2z7go
- AM Online, citing DVSA data released via Freedom of Information request
Ghost MOTs Double Within a Year, Investigation Reveals
Source of: ghost MOT cases rising from 976 to 1,809 between 2023 and 2024 (DVSA figures obtained via FOI request submitted by Greatest Hits Radio). Published October 2025.
https://www.am-online.com/news/-ghost-mots-double-within-a-year-investigation-reveals