The chipTAN procedure is one of the secure transaction procedures for online banking. It is a two-way procedure with separate devices for generating the transaction number( TAN) and for transmitting it in the PIN/TAN procedure. In this procedure, a special TAN generator in combination with the bank's chipcard generates a transaction number (TAN) that the customer can enter as a mobile transaction number into his smartphone or personal computer for a transaction.
With the chipTAN procedure, the money transfer is entered and a start code is displayed on the screen. To generate the chipTAN, the bank's chipcard is inserted into the TAN generator and the start code shown is entered via the number field of the TAN generator. After the transfer recipient's account number and the transfer amount have been entered, a transaction-related transaction number is calculated.
This number is displayed on the screen by means of optical transmission via five light bars and can be scanned by the TAN generator, which has five photodiodes on the back. The individual scan phases are "Start search", "Transmission" and "Successful". The account number, amount and transaction number are then shown one after the other on the TAN generator display. The transaction number is then entered in the TAN field for the money transfer.
The ChipTAN procedure is considered secure against phishing and man-in-the-middle attacks. Transaction numbers generated with blocked chip cards are rejected. An improvement of the ChipTAN procedure is the ChipTAN USB procedure, in which the display device for the transaction number is connected to the USB interface.