The savings banks and Volksbanks are changing their TAN procedure and doing away with a method for creating transaction numbers that was previously used frequently. This forces many customers to take action.
A few years ago banks abolished the previously used TAN numbers on paper. They were replaced by processes such as pushTAN, chipTAN and smsTAN (also called mobileTAN), which offer far more flexibility and security. But one of these methods has now come to an end. The savings banks and Volksbanks will abolish the smsTAN in the course of this year. TECHBOOK reveals what this means for customers and what alternatives those affected have.
Security concerns about smsTAN
According to the Handelsblatt, it will probably only be possible to use the smsTAN procedure at the savings banks and Volksbanks until the summer. Then the procedure should be abolished. The reason for this decision are security concerns that have existed for a long time and the comparatively high costs. Depending on the savings bank, many customers have already been converted. This is also the case for TECHBOOK colleague Andreas Filbig at Sparkasse Nürnberg.
The BSI, the Federal Office for Security, warns that SMS can be intercepted by unauthorized persons and the TAN can therefore be misused. “This entails a not inconsiderable risk of abuse. The possibility of using a duplicated/cloned SIM card, which makes it possible to intercept the corresponding TANs, should also be taken into account here.”
Instead, the BSI refers to alternative methods that are considered more secure. The approximately 800,000 customers of the savings banks and around 1.6 million customers of the cooperative banks who have been using the smsTAN procedure so far only have a few months to switch to one of these other procedures.
Alternative TAN procedure
Most banks offer their customers the option of choosing from a range of TAN methods. The so-called chipTAN procedure, which is also known as eTAN, is considered to be particularly secure. In addition to their bank card, users also need a TAN generator for this, which they can use to generate an individual and permanently assigned TAN for each transaction. The TAN generator works offline, i.e. it is not connected to the Internet, which makes misuse very difficult.
Also read: The best TAN generators for online banking
If you don’t want to use hardware to generate a TAN number, you can use the so-called pushTAN as an alternative. Similar to the smsTAN, the transaction number ends up on the registered smartphone, which gives users a high level of flexibility in use. The method is considered secure because only a specific smartphone can be registered and users need a strong password at the same time. A disadvantage of the process can be that users have to install the respective bank app.
The photoTAN or QR-TAN is a newer process that Commerzbank, for example, recommends to its new customers. Here, users use a special reading device or their smartphone and the photoTAN app installed on it to scan a photoTAN graphic displayed in online banking and thus generate their individual TAN.
Also read: All TAN procedures at a glance and how they work
Not all banks abolish smsTAN
Although more and more banks are saying goodbye to the smsTAN, some financial institutions continue to offer it as an alternative. In addition to Commerzbank, which charges 12 cents for each SMSTAN used, this also includes Deutsche Bank. Here, 9 cents are charged for sending a successfully used mobileTAN via SMS.
In contrast, Postbank, which belongs to Deutsche Bank, removed the smsTAN from the list of available TAN procedures as early as 2019. The DKB does not offer the procedure either. ING DiBa has announced on its website that it will no longer offer smsTAN or mobileTAN from April this year.