Victory is well familiar with the digital finance space. She knows about payment service providers, digital wallets, and even OTPs. One day, she comes across a new concept - the Transaction Authentication Number. She is interested in learning what this is and understanding how it applies to everyday Internet transactions or activities.
If you’re like Victory and want to know what a Transaction Authentication Number is then just keep reading.
What is Transaction Authentication Number?
Transaction Authentication Number or TAN, refers to a unique number generated and used for confirming digital payments. TAN is always between six to eight digits long and it is only valid for a single use.
The Transaction Authentication Number is closely similar to an OTP code. This is because both are used for verification and they are used just once. However, the key difference between OTP and TAN is that the former consists of more characters than the latter. Secondly, OTPs have a wider use case than TANs.
For example, an OTP may be sent/requested for log-ins, transactions, or other online activities. On the other hand, a TAN is only sent when authorizing a transaction.
TANs may be applied as an additional layer of security. In this setting, a user is requested to use their TAN right after inputting their transaction PIN.
How Transaction Authentication Number Works
TAN serves to verify the identity of a user who intends to make a transaction. The number is generated by the website which the user is interacting with. It is then sent to the user’s registered phone number or email.
The user will access the SMS or email containing the TAN and input the code on the website, therefore, confirming their identity.
Types of Transaction Authentication Number
There are many different types of TAN:
1. Classic TAN
The classic Transaction Authentication Number (TAN) involves a list of one-time codes written out on paper. This paper document is issued to a user as a source of reference when making transactions. There could be as many as 50 TANs on each user’s classic TAN document, lasting for over six months.
This type of TAN is considered to be insecure as the paper document might get stolen or lost. However, if a user reports such incidents, their financial institution will issue a new TAN document and disable all TANs on the previous one which was stolen or missing.
Generally, the classic TAN is vulnerable and highly prone to spoofing and phishing attacks.
2. Mobile TAN
Mobile TANs, or mTANs, allow you to receive your one-time code through a phone call, SMS, or email message. The code will only be sent to a recognized device or the registered phone number or email of the user. Losing access to any of these receiving methods might mean being unable to complete your transaction.
This type of TAN is vulnerable to Sim Swap Fraud where a scammer impersonates an individual who uses an mTAN. They contact a network operator pretending to be a victim who has lost their sim and in the process, they request to have their mTAN sent to a different phone number.
The network operator might end up sending TANs to this impersonator, giving them access to manipulate a user’s transactions.
3. TAN Generator
A TAN generator refers to a key-chain device or token that produces one-time codes which serve as TAN. This way of accessing a TAN is secure but the browser may be vulnerable to phishing and man-in-the-middle attacks.
4. Push TAN
Another type of TAN is the Push TAN. It is so-called the Push TAN because the code is generated by a third-party multi-factor authentication app and sent directly to the user’s device.
The Push TAN is relatively more secure compared to other types of TAN. Much of this security is because the TAN is not sent to a phone number and so a sim swap attack is not possible. Moreover, the Push Tan system will automatically be disabled if a jailbreak or “root” is identified on the device.
This type of TAN is invulnerable to many common electronic scams or fraud.
5. CHIP/SMART TAN
The chip/smart TAN works alongside a handheld device. This device has a small display screen and a card slot compartment.
How it works is that the user inserts their financial or bank card at the moment when they require a TAN. The device will automatically detect the ongoing transaction and generate a TAN which is displayed on the screen.
Chip/smart TAN devices are secure from most forms of cyber attacks. They make use of a unique type of hardware which is much different from those on phones and regular computers. This makes them less hackable.
If one of these smart TAN devices gets stolen, the user can simply request a new one. This interesting part is that the user won’t have to bother about the stolen device. Given it way this device operates, it is barely possible for it to be used in accessing an account when lost or stolen.
Why Transaction Authentication Number Is Important
The benefits and advantages of TAN are very closely similar to those of OTP codes. These benefits include:
Protects a user’s sensitive data:
Some platforms require users to input their login credentials and a TAN before gaining access to their dashboard or account. In this case, the TAN serves as a secondary login security.
Attackers who successfully steal a user’s login credentials will still not gain access to their account since they do not have a TAN. Similarly, anyone who happens to come in possession of a user’s TAN will be blocked since they do not have their login PIN or password.
Safeguards against funds theft:
Funds in digital wallets are safe from theft thanks to the introduction of TAN. For instance, it is impossible for hackers to remotely access the classic TAN since it is a paper document. With no access to this, the chances of an authorized funds transfer from a user’s account are limited.
Provides flexible security:
The availability of different types of TAN means more flexible security for digital wallet owners. Users can choose any of these methods of receiving TAN, based on how well it covers the potential risks they face. For instance, a user who believes that their phone number or email is compromised can choose the Push TAN as a sturdy alternative. Similarly, a user who is at risk of losing their device could opt for the classic TAN.
Conclusion
You will agree that the Transaction Authentication Number is a kind of OTP. There’s just one thing that makes it stand out. It’s that you never get to see an OTP - much less get handed an entire list of them - except you’re at the point of making a transaction.
Now that you know all that, do well to request a TAN from your financial institution. Extra security is never too much.