Content deleted Content added
Rescuing 1 sources and tagging 0 as dead. #IABot (v2.0beta) |
→ChipTAN / CardTAN: mention Sm@rt-TAN |
||
Line 49:
However, the TAN generated is not tied to the details of a specific transaction. Because the TAN is valid for any transaction submitted with it, it does not protect against [[phishing]] attacks where the TAN is directly used by the attacker, or against [[man-in-the-middle attack]]s.
=== ChipTAN / Sm@rt-TAN / CardTAN ===
[[File:SmartTAN optic-Gadget.jpg|thumb|ChipTAN generator (optical version) with bank card attached. The two white arrows mark the borders of the barcode on the computer screen.]]
ChipTAN is a TAN scheme used by many German and Austrian banks.<ref>[https://www.postbank.de/privatkunden/pk_chiptan.html Postbank chipTAN comfort] official page of Postbank, Retrieved on April 10, 2014.</ref><ref>[http://www.sparkasse.de/privatkunden/sicherheit-im-internet/chipTAN.html chipTAN: Listen werden überflüssig] official page of Sparkasse, Retrieved on April 10, 2014.</ref><ref>[http://www.raiffeisen.at/cardtan Die cardTAN] official page of Raiffeisen Bankengruppe Österreich, Retrieved on April 10, 2014.</ref> It is known as ChipTAN or Sm@art-TAN<ref>{{Cite web|url=https://www.vr-banking-app.de/smart-tan.html|title=Sm@rt-TAN|website=www.vr-banking-app.de|language=de|access-date=2018-10-10}}</ref> in Germany and as CardTAN in Austria, whereas cardTAN is a technically independent standard.<ref>[http://ebankingsicherheit.at/die-neue-cardtan Die neue cardTAN] ebankingsicherheit.at, Gemalto N.V., Retrieved on October 22, 2014.</ref>
A ChipTAN generator is not tied to a particular account; instead, the user must insert their [[bank card]] during use. The TAN generated is specific to the bank card as well as to the current transaction details. There are two variants: In the older variant, the transaction details (at least amount and account number) must be entered manually. In the modern variant, the user enters the transaction online, then the TAN generator reads the transaction details via a flickering [[barcode]] on the computer screen (using [[photodetector]]s). It then shows the transaction details on its own screen to the user for confirmation before generating the TAN.
| |||