A '''transaction authentication number''' ('''TAN''') is used by some [[online banking]] services as a form of ''single use'' [[one-time password]]s (OTPs) to authorize [[financial transaction]]s. TANs are a second layer of security above and beyond the traditional single-password [[authentication]].
TAN.
TANs provide additional security because they act as a form of [[two-factor authentication]] (2FA). Should the physical document or token containing the TANs be stolen, it will be of little use without the password; conversely, if the login data are obtained, no transactions can be performed without a valid TAN.
==Classic TAN==
An outline of how TANs function:
# long.
# The bank creates a set of unique TANs for the user. Typically, there are 50 TANs printed on a list, enough to last half a year for a normal user; each TAN being six or eight characters long.
# The user picks up the list from the nearest bank branch (presenting a [[passport]], an [[ID card]] or similar document) or is sent the TAN list through mail.
# The password (PIN) is mailed separately.
# To log on to his/her account, the user must enter user name (often the account number) and password (PIN). This may give access to account information but the ability to process transactions is disabled.
