The introduction of Practice Guide 82 (PG82) by HM Land Registry marked a pivotal shift in the conveyancing sector’s journey toward digitisation. With clearly defined steps for using electronic signatures in property transactions, PG82 has provided the much-needed regulatory clarity to help firms operate confidently in a digital landscape.
But as with any regulation, ticking the compliance boxes doesn't necessarily guarantee security. Conveyancers need a clear understanding of the requirements of PG82, the vulnerabilities in OTP-based authentication and need to think beyond compliance if they want to avoid the serious legal and reputational risks of digital fraud.
PG82 provides a framework for using electronic signatures in deeds lodged with HM Land Registry. To be compliant, conveyancers need to follow a series of steps.
On the surface, these steps form a robust process that combines identity confirmation, digital trails and certification. But look closer, and a key weakness emerges; the reliance on OTP authentication as a central form of identity verification.
One-Time Passwords (OTPs) are widely used in digital transactions. They're quick, easy, and convenient, but not inherently secure. In fact, OTPs have been a known attack vector for fraudsters for years. The harsh truth is that the possession of an OTP does not equal proof of identity. And yet, under PG82, it is currently accepted as a key step in confirming a signatory’s legitimacy, bringing a number of vulnerabilities to the table.
A fraudster impersonating a firm may trick a customer into entering their OTP into a fake site, then immediately use it on the legitimate platform.
In these scenarios, a criminal takes control of a victim's phone number by convincing the mobile provider to issue a new SIM, giving them full access to OTPs sent by text.
If OTPs are sent via email, a hacked or poorly secured email account can give a fraudster direct access to authentication codes.
In some cases, a fraudster may directly contact a victim, posing as a legal representative, and manipulate them into sharing an OTP under the guise of verifying their identity.
PG82 compliance creates a structure, but not a guarantee. If fraud is later uncovered, and your only evidence is that an OTP was sent and entered, you may find yourself defending your process in court, rather than being protected by it.
Legal disputes arising from fraudulent transactions are costly, time-consuming and reputation-damaging, even if you’ve followed PG82 to the letter. Because courts don’t just ask whether you complied, they ask whether your actions were reasonable and robust in the circumstances. Simply stating that a signatory “entered the OTP we sent to their mobile” is not enough.
True fraud prevention comes from designing systems that are compliant and resilient to manipulation. For conveyancers and legal professionals, that means embedding deeper verification measures into the signature process through a holistic end-to-end platform.
PG82 sets the standard, but it doesn’t guarantee protection. OTPs alone are too easy to intercept, manipulate, or misuse, and relying on them as your main defence leaves your firm exposed. Fraud prevention requires more than compliance. It demands robust identity verification, secure audit trails, and end-to-end control over the signing process.
If your only safeguard is an OTP, you’re taking a risk. Compliance might satisfy the checklist, but when challenged, only a defensible, evidence-backed process will truly protect you.
That’s why using a comprehensive end-to-end platform is critical. When identity checks, document signing, witness verification and evidence capture all happen within one secure process, there are no weak links. Just a clear, defensible journey from start to finish.
Download our latest guide to see how your firm can move beyond basic compliance and build a fraud-resistant, fully auditable signing process that stands up to scrutiny.