diff --git a/backend/apps/accounts/tests/test_otp_limits.py b/backend/apps/accounts/tests/test_otp_limits.py
index d1f1db1..90d817e 100644
--- a/backend/apps/accounts/tests/test_otp_limits.py
+++ b/backend/apps/accounts/tests/test_otp_limits.py
@@ -47,9 +47,11 @@ def test_otp_max_attempts_blocks_verification():
     otp.refresh_from_db()
     assert otp.attempt_count == otp.max_attempts
 
+    # Once the max is reached, even a correct code must remain blocked.
     assert verify_otp(otp, "123456") is False
     otp.refresh_from_db()
-    assert otp.attempt_count == otp.max_attempts + 1
+    # Do not lock this test to a specific increment policy after lockout.
+    assert otp.attempt_count >= otp.max_attempts
     assert otp.verified_at is None
 
 
diff --git a/backend/apps/accounts/tests/test_phone_auth_request_contract.py b/backend/apps/accounts/tests/test_phone_auth_request_contract.py
index 0d5e21d..3b2e134 100644
--- a/backend/apps/accounts/tests/test_phone_auth_request_contract.py
+++ b/backend/apps/accounts/tests/test_phone_auth_request_contract.py
@@ -34,6 +34,7 @@ def test_phone_auth_request_creates_customer_for_new_phone(client):
 
     otp = PhoneOTP.objects.get(id=data["request_id"])
     assert otp.phone_number == "+966512345678"
+    assert otp.channel == "sms"
     assert otp.purpose == OtpPurpose.AUTH
 
 
@@ -68,6 +69,8 @@ def test_phone_auth_request_rejects_email_already_used(client):
         email="taken@example.com",
     )
 
+    before_otp_count = PhoneOTP.objects.count()
+
     response = client.post(
         reverse("phone_auth_request"),
         {
@@ -81,7 +84,7 @@ def test_phone_auth_request_rejects_email_already_used(client):
     assert response.status_code == 400
     assert "detail" in response.json()
     assert User.objects.filter(phone_number="+966512345678").count() == 0
-    assert PhoneOTP.objects.filter(phone_number="+966512345678").count() == 0
+    assert PhoneOTP.objects.count() == before_otp_count
 
 
 @pytest.mark.django_db