chipTAN
The chipTAN procedure offers a mixture of convenience and security. Some banks also call this procedure smartTAN.
The TAN is generated by a TAN generator.
This can be used either manually (with EC card and without flicker code) or optically (with EC card and flicker code).
The use of two separate devices makes it almost impossible for fraudsters to manipulate the connection.
How the chipTAN procedure works
The TAN generator is the input or output medium for generating the TAN.
The TAN itself is calculated on the chip of the card used. Hence the name chipTAN.
The chipTAN or, for some banks, the smartTAN procedure.
The procedure can be used in two different ways.
chipTAN manual / smartTAN-plus
With this procedure, the transfer data (account number and amount) must not only be entered into the PC, but also into the TAN generator. The bank uses this information to generate the order-related TAN, which must now be entered in the field provided on the PC.
chipTAN comfort / smartTAN optic
The customer enters the transfer data. These are converted by the bank and displayed in the form of a flicker code. The customer inserts their EC card into the device and holds the TAN generator directly up to the computer screen. The transfer data is now displayed on the device and can now be compared with the invoice. If the data is correct, it can be confirmed with OK. A TAN is then automatically generated, which is only valid once and must be entered in the corresponding field.
Advantages of the chipTAN procedure
- Practical: the TAN generator fits in every pocket
- Convenient: You can use the TAN generators immediately. Installation on your PC is not necessary.
- Convenient: TAN generation at the touch of a button,
- Secure: TAN generation with two separate devices and the PC-independent entry, display and confirmation of the transaction makes it impossible for hackers to install banking Trojans or manipulate transfers. By transferring data to the device, you can recognize deviations immediately and react accordingly.
- Unique: TAN is only valid for one and only for this specific transaction
- Simple: can be used both for banking in the browser and for software
- Inexpensive: There are no follow-up costs such as SMS charges.
- Independent: Transactions are processed exclusively via the bank’s network. This means that infrastructures outside your bank’s sphere of influence, such as mobile networks, are not required. This ensures maximum security for your data.
- Multi-bank compatible: The procedure can be used at almost any bank.
- Mobile: TAN generation is also possible from mobile devices
Dangers of the chipTAN procedure
As the PC and the TAN generator are not connected to each other, the chipTAN procedure is currently considered the most secure procedure, as no one can interfere.
The only way for fraudsters to obtain a TAN is to exploit the carelessness of the user.
“Social engineering”
It is popular to use “social engineering” to persuade customers to make transfers to the fraudster themselves. This involves begging for money, pretending to make a test transfer or asking the customer to transfer back money that has been booked incorrectly.
Phishing
Phishing attacks are also ideal. Here the user is shown a page that looks similar to that of their own bank. If the victim enters his user data and TAN there, they are intercepted.
Trojan
Trojans that are installed on the user’s PC when a link in an email is called up or an attachment is opened can also spy on sensitive data. The Trojan can read along, but it can also display a false website or form by asking the user to enter the TAN. If he does not notice this, the fraudsters filter out your usage data and the generated TAN.
