TAN lists: that's why they were abolished
Related Videos: State of the Union 2020: President Donald Trump addresses nation, joint session of congress (May 2024).
In the past, transaction numbers (TAN) for online banking were sent to bank customers on lists, but since 14 September this procedure has no longer been permitted across the EU. Here you can find out why the lists were abolished.
That is why the TAN lists were abolished
A TAN is a one-time password. It is used to enable a transaction, such as a transfer, for online banking. Banks sent lists of these TAN numbers to their customers. They could then use one of the numbers for online banking and then cross them out.
- Since September 14, 2019, however, this has come to an end: As part of the PSD2 directive on European payments, banks were prohibited from issuing further TAN lists.
- The reason: The procedure is too uncertain and makes it too easy for fraudsters to carry out unauthorized transactions. Since the directive came into force, TANs must now be generated dynamically, i.e. anew before each transaction.
- The TAN lists were usually sent by post. A fraudster only had to intercept the corresponding letter to get the transaction numbers.
- Alternatives to the TAN lists have been in use for some time. As a customer, you can choose between the chipTAN, pushTAN, or photoTAN procedure to enable your online banking transactions.
- The risk of the transaction numbers generated in this way being misused is significantly lower, as they become invalid after a few minutes and can no longer be used.
- Incidentally, the process called smsTAN or mTAN, in which users receive a TAN by SMS on their cell phone, is not affected by the PSD2 directive. Nevertheless, it has long been criticized.
- Even the Federal Office for Information Security (BSI) advises against its use. SMS could be intercepted too easily, the messages contained in it could be read unencrypted.
- For this reason, Postbank and some savings banks have already completely abolished the process. Other banks such as DKB and Volksbanken also consider mTAN to be a phase-out technique.
Another practical tip will tell you why the mTAN process is so unsafe. If you want to switch to a safer alternative, a TAN generator is one option. We will explain how such a TAN generator works in the next practical tip.