https://mattersoftesting.blog.gov.uk/improving-mot-testing-service-security/

Improving MOT testing service security

AN MOT tester looking at the advisories screen on the MOT testing service.

In our last Matters of Testing blog post, Neil Barlow talked about making a number of security improvements to the MOT testing service.

Keeping the data on the MOT testing service secure is a big priority for us and we want to reduce the risk of fraud.

As technology changes and improves, we need to make sure we keep up. To do this, we’ve focused on reducing how often you need to use your security card while improving other security measures.

Following comments from MOT testers and user research, we've made several changes to the testing service to make it more secure and easier to use.

Choosing the right password

We’ve found that lots of MOT testing service users have very simple passwords that aren’t secure enough. This could compromise the integrity of the service, so we've made improvements to make sure passwords are more robust.

Users on the MOT testing service will need to start updating their passwords to make them more secure.

You’ll be prompted with an on-screen message the next time you need to change your password change or use security questions to log in.

Your new password will need:

  • at least 8 characters
  • at least 1 number
  • a mixture of upper and lower case letters

You'll also need to choose a password you’ve not used before and certain common words are not allowed. You’ll receive messages on-screen to help make sure your password and answers are secure enough.

So these changes don’t cause too much disruption, we’re bringing them in gradually.

Why security is so important

We know that having to come up with secure, strong passwords can be a pain, but it’s really worthwhile to make sure the MOT testing service remains secure.

After all, the information stored there can be quite sensitive. And the possible risks involved in someone gaining access to your account don’t bear thinking about.

It’s entirely possible, for example, that someone could use your account to issue fraudulent MOT certificates if they managed to get access to it. This could not only mean potentially dangerous vehicles are allowed on the road, but could also damage your business and your reputation.

So it’s essential that users make sure they do everything they can to make sure accounts remain as secure as possible.

We’ll take disciplinary action against anyone who uses an account fraudulently.

Making working more convenient

It isn’t all about making you jump through hoops, though!

We’re updating the MOT testing service so you’ll only have to use your security card to log in once per day. After that, you’ll only need your username and password.

This will make logging in and out quicker, saving you time and effort, particularly if you have lots of vehicles to test.

If we notice any changes to the way you log in during the day, you'll be prompted to use your security card again.

Our aim is to make the system easier to use and to pave the way for more advanced security tracking in the future.

Event history

Some of you have noticed the new “event history” area on MTS.  We’ve introduced this new feature so you can see information relevant to you and your garage.

The information recorded there will include interactions with DVSA, like vehicle inspections carried out and site visit results.  Not all DVSA visits result in an event being recorded, and there may be no history showing if you haven’t had any visits from DVSA yet.

We’ve introduced this in preparation for the new site review process we’re planning to introduce later this year. The information in the "events history" area will help users understand their ratings.

We’ll let you know how the garage review process is going in the next blog post.

Feedback

We’d love to hear what you think about these changes in the comments below. So please leave some feedback on how you think we can improve the MOT testing service.

Sharing and comments

Share this page

129 comments

  1. Comment by Shaun posted on

    How can you give someone a risk rating on their averages when they may test vehicles that are a lot older than say some who works in a main dealership testing cars for the first time therefore the nation average and the testers average will been dramatically different

  2. Comment by Wynn Morris posted on

    Totally agree, anyone can see what "secret" answers you're typing. This is the worst security risk I can think of!

  3. Comment by chris garrett posted on

    I would like to see password history reset every 12 month or so. We have that many different logins and passwords in a modern garage that coming up with new passwords on a regular basis is becoming a pain.

    Clear-cut documentation on what's the law and what's MOT criteria.
    For instance the use of German style pressed number plates or font, and with the font that's the gel type with a carbon fibre style.

    • Replies to chris garrett>

      Comment by Tony S posted on

      And is a tyre that has good tread across the central 3/4 but is BALD at the edges Legal to drive or not.
      Could really do with a definitive answer on this one.
      When ever I've been on a refresher course or spoken to a VE they say it is illegal as far as the Law is concerned, but passes the MOT.
      Can't find the answer on line.

      • Replies to Tony S>

        Comment by chris garrett posted on

        Tony S. I had exactly the same thing the other day. Our local vosa guy came out for a site visit. He was saying along the jist of if the 3 main lines in between of the tyre treatment blocks (where the wear indicators are) are 1.6 or above then it's a pass and advise. Same for if it's worn to the second layer of rubber.

        I personally think if there's a worn bit on any part of the tyre that's devoid of a tread pattern it should be a fail.

        Gone are the days of people making sure their tyre pressures, lamps work and levels all good under the bonnet before the MOT are gone. If there's substantial wear then it should be a fail. Not a "okay at time of test, but legal to drive for 12 months untill next year"

  4. Comment by Peter Gilbert posted on

    i don't have a smart phone and don't want one.

  5. Comment by DAZ posted on

    WE FINALLY HAVE OUR TESTER RATINGS. BUT IF ITS RED THERE IS NO EXPLANATION ON HOW IT IS WORKED OUT AND WHAT THE AE OR TESTER CAN DO TO IMPROVE IT .

    • Replies to DAZ>

      Comment by Julia (DVSA) posted on

      • Replies to Julia (DVSA)>

        Comment by Alastair posted on

        With respect Julia, the blog post explains nothing. Testers can review their test quality information, but if a high quantity of vehicles presented fail the MOT with obvious suspension defects for example that in turn significantly increase your failure percentage over the national average for that category, what has the tester done wrong apart from performing the test properly following DVSA guidelines? Obviously if you have negative events on your event history then yes, I can see why this would affect your rating but if you don't and you are still rated amber or red because of high failure rates/component failure rates there is still no obvious explanation for this?

        • Replies to Alastair>

          Comment by Barry Babister posted on

          The only thing that we can do if we are in the red is to firstly prove that we are aware of this matter, then to document that we are aware in a manner which can be presented to the DVSA, then to protect ourselves we need to record the acknowledgement and create an action to address the risk.

          An example we have had at our test stations is one tester being too high on brakes, so we made him ask another tester to retest any brakes that he was thinking of failing to make sure that results were same from both testers, we documented this process and will keep that for when a VE comes to visit.

          This is what the DVSA are wanting, they do state that they expect some testers to be in the red, but so long as you have a system in place to identify and resolve any risk you should be fine.

          The MOT Juice system does this for you and should have a video on their blog by end of November..... maybe check out what they are supplying and see if that works for you.

        • Replies to Alastair>

          Comment by Steve posted on

          I work at two sites for the same company we test over 130 vehicles a month a lot higher than the average so my stats will be no where near the average
          Also I tested 3 vehicles at site number two , failed two of the passed one my fail rate is at 67% which I assume will put my rag in the red and make me unemployable if I look for another job do we now do our mot tests so the stats line up nicely for Dvsa or as presented

  6. Comment by graham posted on

    I see that there has been an update, yet we still have to sign in with our cards every time, when will this change happen? Thanks

    • Replies to graham>

      Comment by Wayne posted on

      Yes I’d like to know when the use of our security cards is once per day but not been told anything as per usual! No update from dvsa kept in the dark yet again!

  7. Comment by marcus paton posted on

    i think they should be more worried about the manual and get that sorted out before anything else is done and as for this annual assesment i think alot of older testers would agree why not go back to the old way but change it to every 2.5 years instead of 5 years alot of us older boys prefer face to face and arnt that great on computers,and what happens when we leave the eu,all these changes to the manual is taking up time you are always having to check it well most of us have a life outside work and struggle to get a chance at work if you are doing 9 or 10 tests a day.

  8. Comment by Gary McRae posted on

    It's been proven by security experts that changing your password regularly isn't the best method as you are more inclined to make it something easier to remember or write it down somewhere. Its far better to have a longer more complicated password and keep it for longer.

  9. Comment by daz posted on

    The new change to the screen when u go to print the checklist tells u to print it so u dont forget any items . It prints the checklist that does not give u the list of items to check .You have to go to bottom of screen for that come on get it right first time .

  10. Comment by stoker posted on

    I notice today 2/11/18 that you have changed the screen layout when logging on and now provide a green link to print A v29 inspection sheet and suggest it will assist with the test .This link however does not print a vt29.

  11. Comment by Wynn Morris posted on

    The biggest security issue I have faced is when waiting for a new security card, logging in using security questions.
    I couldn't believe that when the (secret) answers were entered anybody could see what I'd typed! This is a serious breach of security and having to do it twice for each test, there is a good chance that somebody will see your answers.
    Why can't the answers come up as an asterix like on every other site?

  12. Comment by stephen Elsden posted on

    Stephen
    How does the removal of the security card random number every time you log on improve it yes, it takes time but lets get serious here on average i do 7/8 a day i think 2/3 minutes a day is hardly a hardship. I do believe its down to cost and cost only going forward

  13. Comment by Neset Ceri posted on

    Please leave it as it is..this " we love technology " is getting out of hand. I do not want to use my smart phone- tablet for MOT testing, I want to concentrate performing a quality test. Linking your phone to brake-emission testing, to DVSA is a ridiculous idea, it will cause so many problems. And I honestly think MOT security card is unnecessary over kill-expense, for logging to my online banking all I need my name-password and a random figures, I do not need a physical card. During my work in Somerset I meet many testers who are fed up with all this technological ideas being forced down their throats on weekly basis from the people who come up with all these ideas from their offices. Secondly this online annual assessment is a waste of time and money, any intelligent person can pass it just by searching manuals , you do not have to be a tester , previous system by attending class room- workshop was a better idea, you also learnt something from people's experiences. Of course MOT system advanced and improved a lot for good during last 15 years . but please DVSA ...just give us time to digest the info before you bombarding us with more !

    • Replies to Neset Ceri>

      Comment by Wayne posted on

      Yes totally agree! Why have a stupid card anyway surely your user name and a password that only us as testers knows is enough! Put the wasted money into bringing back a refresher course that would benefit us most!

  14. Comment by myke posted on

    At this present time, MOT security cards to manufacture / distribute / replace is a cost to DVSA. On the blog you state "Our aim is to make the system easier to use and to pave the way for more advanced security tracking in the future". Are you indicating the phasing out of security cards ? to eliminate the weak link. At a guess 99.9% of testers have a mobile phone, and this number is probably listed in the MOT testing Service, profile of the tester. Therefore are you contemplating 2 Factor Authentication via SMS text ?

    • Replies to myke>

      Comment by Julia (DVSA) posted on

      Hi Myke

      This is an interesting idea that we have looked at. The only thing is do AEs want testers on their phones regularly in the workshop and would all testers be happy for DVSA to 'use' their phones in that way? This isn’t necessarily about phasing out the cards but being ready to look at better ways of working and embracing technology as it moves on.

      • Replies to Julia (DVSA)>

        Comment by jim posted on

        my manager has stopped us using our phones in the workshop , can only use them on our break period , so that wont work for me !

        • Replies to jim>

          Comment by Julia (DVSA) posted on

          Hi Jim

          It wouldn't work in all situations - it was just an idea put forward.

  15. Comment by Michael posted on

    leave it as it is

  16. Comment by Derek posted on

    What percentage of the test issued do you estimate are fraudulent?

    What percentage of this is as a result of identification fraud?

    Some statistics, please.

    • Replies to Derek>

      Comment by Julia (DVSA) posted on

      Hi Derek

      From a combination of monitoring the IT and enforcement visits, we know that errors are being entered into the system. Some of these will be genuine mistakes but in some cases it is deliberate where a user has used someone else’s details to record a test. These security changes are a small step to combat this and we have plans to further improve security and monitoring of the system.

  17. Comment by Steve l posted on

    Anyone reading this actually been hacked?

  18. Comment by Paul Woods posted on

    ~Seriously how can we take security concerns seriously when you think it's a good idea to remove a level of security because it takes seconds.
    There are many aspects of testing cars that are repetitive but necessary
    It's the Job do it properly or don't do it.

    • Replies to Paul Woods>

      Comment by richard posted on

      Exactly this, it's a backward step ,these days it should be about strengthening your online security , not weakening it ! Can you imagine if the banks all decided we don't have to fully use the security features they have given us to make it easier to log on , there would be uproar.
      There are far more pressing things that need to be sorted first, ie the manual.

  19. Comment by Guy posted on

    I still can not understand why the typed responses to your log in questions are shown on screen and not hidden by ****
    Also I can not understand why the Card has had so many failures. I must have been through five. Each time it fails the last generated number remains in the window, and the screen display inverts in contrast and then fails.... anyone else experiencing this?

    • Replies to Guy>

      Comment by David Self posted on

      Cheap cards...!!

  20. Comment by Keith Cater posted on

    Change for changes sake. I'm still on the same security card i was issued with when the system first came out !!! That is the truth and I average about 8 tests a day, 6 days a week. I keep my card in my phone case, which lives in my pocket. That way it can't get bent and damaged. It all works fine as it is, why spoil it. Oh and before someone says something about answering phones when logged on a test, I don't, even when a certain VE called me mid test. Nice try !!