PhotoTAN The method is based on ideas that enhance security, but are not fundamentally new. Rather, it combines and optimizes existing facilities. On the one hand, as in chipTAN – waived and mobileTAN method on printed lists with transaction numbers. Thus, the TAN accompanied only generates held in reserve when needed and are only valid for the process that is being made. Secondly, a smartphone or a special reader is required which makes the photoTAN decrypted using an application (app) and readable. The fact that online banking and smartphone constitute two separate systems and are not connected to each other, the procedure is considered extremely safe.
Images for more security
But how does the photoTAN process? The customer enters all the data for a transfer or another job in the online banking form. Then, instead of asking directly after the transaction number, which is on a list or sent to the mobile phone, the bank will display a picture. This is purely visual, a colored QR code. For the user, the diagram only a jumble of colored dots dar. Behind the transaction data and the numeric code that is required for the release of hide. “Read” is the image of a smartphone app. This app is the respective bank. If the QR code is read, it is decrypted on the phone and there is a 7-digit TAN displayed. This TAN is only provided this one action, can not be used twice and expires after a certain time, if it remains unused. The TAN must now be entered in the online banking and the contract is therefore authorized.
To use the photoTAN process, one needs not only a smartphone or alternative reader the corresponding app (there by the bank). Of course, you have to register in advance for the process and unlock the app using a code.
What makes the photoTAN process safe?
A crucial factor is the fact that can not be accessed from outside of the data. In addition, the TAN is valid only for an order and the transmission is encrypted. Scammers would therefore have access to online banking and simultaneously gain possession of the mobile phone of the customer. Since the app has to be activated with a personal code, it would in fact bring nothing to install the tool on another smartphone.