Content deleted Content added
cleanup |
Date/fix the maintenance tags or gen fixes |
||
Line 1:
{{Cleanup|date=August 2007}}
A '''transaction authentication number''', or '''TAN''', is used by some [[online banking]] services as a form of ''single use'' [[password]]s to authorize [[financial transaction]]s. TANs are a second layer of security above and beyond the traditional single-password [[authentication]].
Line 18:
Should the client system become compromised by some form of [[malware]] that enables a [[cracker|malicious user]] to obtain both the login data and a TAN number (in some systems, a TAN is usable for some minutes after the initial insertion), the possibility of an unauthorized transaction is high. It should be noticed that the remaining TANs remain uncompromised and can be used safely, even though action should be taken by the user as soon as possible.
{{
{{ Off-topic-other | identity theft }}
Recent research has shown that slightly over half of all [[identity theft]] is committed by an insider, often a family member. An insider would, of course, have greater access and opportunity to gain simultaneous access to both the TAN list and to the user's password. While an improvement over simple single-password methods, it is important to keep in mind that a system's security strength depends on multiple factors.
REFERENCES:▼
*[http://www.tricerion.com/ Tricerion Strong Mutual Authentication (SMA)] solution is a Zero-Footprint, Strong Mutual Authentication Solution. One version of the SMA implementation uses Out of Band Authentication to deliver the one-time password at the transaction level, which is sent via voice to a phone of text message (sms) to a mobile phone. For example, if bank user wants to have an additional layer of protection, he may want to receive a one-time password delivered to his mobile phone. That password (numeric or alphanumeric) is then entered on a personalized keypad, which will prevent phishing, session hijacking, MITM, MITB, and other kinds of attacks. The SMA technology is simple to use and very cost effective, since it does not require printing TAN cards for each user.▼
[[Category:Authentication methods]]
Line 28 ⟶ 32:
[[de:Transaktionsnummer]]
[[nl:TAN-code]]
▲REFERENCES:
▲*[http://www.tricerion.com/ Tricerion Strong Mutual Authentication (SMA)] solution is a Zero-Footprint, Strong Mutual Authentication Solution. One version of the SMA implementation uses Out of Band Authentication to deliver the one-time password at the transaction level, which is sent via voice to a phone of text message (sms) to a mobile phone. For example, if bank user wants to have an additional layer of protection, he may want to receive a one-time password delivered to his mobile phone. That password (numeric or alphanumeric) is then entered on a personalized keypad, which will prevent phishing, session hijacking, MITM, MITB, and other kinds of attacks. The SMA technology is simple to use and very cost effective, since it does not require printing TAN cards for each user.
| |||