Online Banking with eTAN and eTAN Plus

Last Checked :

The lists and blocks of transaction numbers will be obsolete by the eTAN and eTAN Plus process. In its place technology in the form of a TAN generator or a card reader. For bank customers, this means that you no longer need to handle labels with full numerical codes, but only need a small box, which is reminiscent of a calculator and provided by the Bank.

The method eTAN

In the simplest variant, in these devices is a TAN generator. Once a transaction is to be executed, such as a transfer, the bank’s system generates a control number and displays it online. This sequence of digits must be entered and confirmed in the TAN generator. The device then determines a transaction number which the reservation will be released. The system is very safe. Fraudsters who want to go with phishing e-mails to the bank and access, have no chance, because the transaction number is valid only with the appropriate check digit. However, the data traffic between the bank and the customer can be intercepted as before and the transfer will be forwarded to (man-in-the-middle attack).

The eTAN Plus process

This risk is largely off the eTAN Plus process. To the TAN generator is added to a card reader function. If the customer wants to transfer money or set up a standing order, the bank card must be inserted into the reader. As with eTAN method requires the TAN generator data so that it can work. Also here is a control number. Many systems require, moreover, that in addition the account number of the payee is entered. This information and data stored on the bank card-keys are the basis for calculating the transaction number. The fact that the account number flows with the TAN, are man-in-the-Middelburg attacks as well as phishing attempts Washed assigned.

Store equipment safely

However, should thieves come into possession of the generator or the card reader and the bank card, they can still make transfers. Therefore, the equipment should be kept as safe as possible. Especially with pure TAN generators already rich the access to online banking (customer or account number and personal identification number) to vacate the checking account is empty.

1 thought on “Online Banking with eTAN and eTAN Plus”

  1. Hello,

    In the „THE ETAN PLUS PROCESS“ section
    you talk about “man-in-the-Middelburg attacks”.

    They seem quite dangerous to me. 😉

    Kind regards,


Leave a Comment