Content deleted Content added
m Robot: Editing intentional link to disambiguation page in hatnote per WP:INTDABLINK (explanation) Tag: Disambiguation links added |
RandFreeman (talk | contribs) Changing short description from "Type of one time password" to "One-time password used in banking" |
||
| (2 intermediate revisions by 2 users not shown) | |||
Line 1:
{{Short description|One-time password used in banking}}
{{Other uses|TAN (disambiguation){{!}}Tan}}
A '''transaction authentication number''' ('''TAN''') is used by some [[online banking]] services as a form of ''single use'' [[one-time password]]s (OTPs) to authorize [[financial transaction]]s. TANs are a second layer of security above and beyond the traditional single-password [[Authentication protocol|authentication]].
Line 53 ⟶ 54:
ChipTAN is a TAN scheme used by many German and Austrian banks.<ref>[https://www.postbank.de/privatkunden/services/banking-und-brokerage/chiptan.html Postbank chipTAN] official page of Postbank, Retrieved on April 10, 2014.</ref><ref>[http://www.sparkasse.de/privatkunden/sicherheit-im-internet/chipTAN.html chipTAN: Listen werden überflüssig] official page of Sparkasse, Retrieved on April 10, 2014.</ref><ref>[http://www.raiffeisen.at/cardtan Die cardTAN] official page of Raiffeisen Bankengruppe Österreich, Retrieved on April 10, 2014.</ref> It is known as ChipTAN or Sm@rt-TAN<ref>{{Cite web|url=https://www.vr-banking-app.de/smart-tan.html|title=Sm@rt-TAN|website=www.vr-banking-app.de|language=de|access-date=2018-10-10}}</ref> in Germany and as CardTAN in Austria, whereas cardTAN is a technically independent standard.<ref>[http://ebankingsicherheit.at/die-neue-cardtan Die neue cardTAN] ebankingsicherheit.at, Gemalto N.V., Retrieved on October 22, 2014.</ref>
A ChipTAN generator is not tied to a particular account; instead, the user must insert their [[bank card]] during use. The TAN generated is specific to the bank card as well as to the current transaction details. There are two variants: In the older variant, the transaction details (at least amount and account number) must be entered manually. {{anchor|Flicker code}}In the modern variant, the user enters the transaction online, then the TAN generator reads the transaction details via a flickering [[barcode]] on the computer screen (using [[photodetector]]s). It then shows the transaction details on its own screen to the user for confirmation before generating the TAN.
As it is independent hardware, coupled only by a simple communication channel, the TAN generator is not susceptible to attack from the user's computer. Even if the computer is subverted by a [[Trojan horse (computing)|Trojan]], or if a [[man-in-the-middle attack]] occurs, the TAN generated is only valid for the transaction confirmed by the user on the screen of the TAN generator, therefore modifying a transaction retroactively would cause the TAN to be invalid.
| |||