Online banking is only as secure as possible with the right tools. While iTAN lists have largely disappeared, chipTAN and mTAN are enjoying great popularity. But mTAN in particular harbors considerable risks. You can find out how secure mTAN is here.
With online banking, you have a security mechanism called “TAN” to verify transfers or the like. Today there are three TAN methods. This includes:
- iTAN (pre-prepared list with TAN numbers)
- chipTAN (a small device that generates individual TANs in conjunction with its own EC card and a readable code)
- mTAN (request for TANs via your own smartphone)
In our article chipTAN and mTAN we explain the differences between the TAN procedures in more detail.
How Secure is mTAN?
mTAN is very popular with bank customers. This is mainly due to mobility. No matter where you are, mTAN will provide you with a functioning TAN if required. With chipTAN you would always have to carry the generator with you.
However, the security of mTAN is only given to a limited extent. Initial attempts at attack by researchers and criminals have shown that the user’s smartphone can be infected with malware. The only task of this malicious program: spying on and redirecting TANs.
As early as 2012, the damage caused by specific mTAN Trojans such as “ZitMO” is said to have been well over 35 million euros. The bank customers were led to believe that there was a necessary update for their smartphone. In truth, however, it was the Trojan that began to intercept TANs immediately after installation. These are transferred to the criminals’ constantly changing servers.
Also Read: How To Protect Digital Identity
chipTAN and mTAN
Online banking is now used by millions of German citizens, but there are still many skeptics. We took a closer look at the various TAN procedures in online banking and analyzed the security situation.
If you want to do online banking, you can choose between different TAN processes after activation by the bank. Currently, the two options mobileTAN (mTAN) and chipTAN are mainly used.
The so-called iTAN also exists but is no longer used. You can find out why iTAN is no longer used in this article.
Which TAN procedures are there?
With the large number of TAN procedures, it is difficult to keep track of things. We will briefly show you the three known TAN procedures and their characteristic features.
- iTAN: prefabricated TAN numbers on a transaction sheet. Is considered unsafe and is no longer used.
- mTAN: Allocation of a TAN via the mobile phone.
- chipTAN: Allocation of a TAN via the EC card and a TAN generator
How do the respective TAN procedures work?
The TAN procedures mentioned work in different ways. Below is a description:
- iTAN: With the iTAN procedure, you as a customer receive a “TAN sheet” from your bank. This is a document on which there are several TANs. During the transaction you will be asked to enter the TAN from a certain column.
- mTAN: The mobileTAN procedure (primarily mTAN) uses your mobile phone. As soon as you want to carry out a transaction, the TAN number will be sent to your previously registered mobile phone. A transaction can only be carried out if you have the login for online banking and your mobile phone.
- chipTAN: With the chipTAN procedure, you need your EC card and a TAN generator. Insert your EC card into this TAN generator and then select the function with which you want to generate a TAN.
Now you have to hold the generator to the monitor of your PC. There is a “flickering” image when making a transfer. This contains the encoded transaction data. The card reader reads this out and compares it with your EC card. The TAN is then generated from this.