PIN/TAN methode
PIN/ TAN procedures are transaction procedures for online banking. In addition to the classic PIN/TAN procedure, there are various PIN/TAN procedures with indexed, transmitted, electronically generated transaction numbers or transaction numbers sent via a bar code. The classic PIN/TAN procedure used in home banking has been replaced by the Home Banking Computer Interface( HBCI).
All PIN/TAN procedures use two-factor authentication( 2FA) for the transaction. Such authentication is divided into access to the account, which is done with the personal identification number (PIN), and the actual business transaction, which is done with the transaction number (TAN). The PIN number gives the subscriber access to his or her account. It is a multi- digit combination of numbers that is sent to the participant in a sealed envelope and is stored in the bank's computer. The PIN number remains valid for all account accesses and transactions until changed by the user or reissued. In contrast, a transaction number loses its validity after each business transaction. Transaction numbers are six-digit random numbers that are sent to the user as a list in a sealed envelope.
As far as the TAN procedures are concerned, there are several of them with different security requirements. In the simple TAN procedure, one of many transaction numbers listed in a TAN list is selected for a transaction. There is also the indexed transaction number( iTAN). This is a specific transaction number from a TAN list. The mobile transaction number( mTAN), also known as smsTAN, represents a further security enhancement. Other transaction numbers are the smartTAN, eTAN and chipTAN. The use of the PIN/TAN procedure is always limited to one credit institution and is not multibank-capable.
The European Union has abolished the indexed TAN procedure for transfers from current accounts in September 2019. It will be replaced by the European Payment Service Directive (PSD2).