Wikipedia

Transaction authentication number: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
RussBot (talk | contribs)
Bots
1,418,510 edits
m Robot: Editing intentional link to disambiguation page in hatnote per WP:INTDABLINK (explanation)
ChipTAN / Sm@rt-TAN / CardTAN: +anchor for redirects
Line 53:
ChipTAN is a TAN scheme used by many German and Austrian banks.<ref>[https://www.postbank.de/privatkunden/services/banking-und-brokerage/chiptan.html Postbank chipTAN] official page of Postbank, Retrieved on April 10, 2014.</ref><ref>[http://www.sparkasse.de/privatkunden/sicherheit-im-internet/chipTAN.html chipTAN: Listen werden überflüssig] official page of Sparkasse, Retrieved on April 10, 2014.</ref><ref>[http://www.raiffeisen.at/cardtan Die cardTAN] official page of Raiffeisen Bankengruppe Österreich, Retrieved on April 10, 2014.</ref> It is known as ChipTAN or Sm@rt-TAN<ref>{{Cite web|url=https://www.vr-banking-app.de/smart-tan.html|title=Sm@rt-TAN|website=www.vr-banking-app.de|language=de|access-date=2018-10-10}}</ref> in Germany and as CardTAN in Austria, whereas cardTAN is a technically independent standard.<ref>[http://ebankingsicherheit.at/die-neue-cardtan Die neue cardTAN] ebankingsicherheit.at, Gemalto N.V., Retrieved on October 22, 2014.</ref>
 
A ChipTAN generator is not tied to a particular account; instead, the user must insert their [[bank card]] during use. The TAN generated is specific to the bank card as well as to the current transaction details. There are two variants: In the older variant, the transaction details (at least amount and account number) must be entered manually. {{anchor|Flicker code}}In the modern variant, the user enters the transaction online, then the TAN generator reads the transaction details via a flickering [[barcode]] on the computer screen (using [[photodetector]]s). It then shows the transaction details on its own screen to the user for confirmation before generating the TAN.
 
As it is independent hardware, coupled only by a simple communication channel, the TAN generator is not susceptible to attack from the user's computer. Even if the computer is subverted by a [[Trojan horse (computing)|Trojan]], or if a [[man-in-the-middle attack]] occurs, the TAN generated is only valid for the transaction confirmed by the user on the screen of the TAN generator, therefore modifying a transaction retroactively would cause the TAN to be invalid.
Retrieved from "https://en.wikipedia.org/wiki/Transaction_authentication_number"