Revision as of 09:03, 5 May 2017 edit Sleske (talk \| contribs) Extended confirmed users 1,648 edits →Mobile TAN (mTAN): 2017 attach via SS7 ← Previous edit		Revision as of 10:10, 5 June 2018 edit undo 79.148.122.177 (talk) No edit summary Tag: Visual edit Next edit →
Line 1: A '''transaction authentication number''' ('''TAN''') is used by some [[online banking]] services as a form of ''single use'' [[one-time password]]s to ~~authorize~~authorise [[financial transaction]]s. TANs are a second layer of security above and beyond the traditional single-password [[authentication]]. TANs provide additional security because they act as a form ofo [[two-factor authentication]]. Should the physical document or token containing the TANs be stolen, it will be of little use without the password; conversely, if the login data are obtained, no transactions can be performed without a valid TAN. ==Classic TAN== Line 10: # The password (PIN) is mailed separately. # To log on to his/her account, the user must enter user name (often the account number) and password (PIN). This may give access to account information but the ability to process transactions is disabled. # To perform a transaction, the user enters the request and ~~authorizes~~authorises the transaction by entering an unused TAN. The bank verifies the TAN submitted against the list of TANs they issued to the user. If it is a match, the transaction is processed. If it is not a match, the transaction is rejected. # The TAN has now been used and will not be recognized for any further transactions. # If the TAN list is compromised, the user may cancel it by notifying the bank.

Transaction authentication number: Difference between revisions