Frankfurt Both the savings banks and the Volksbanks will probably abolish the SMS-Tan as a security procedure in online banking in the summer. This was explained by the IT service providers of savings banks, Finanz Informatik (FI), and cooperative banks, Atruvia (formerly Fiducia GAD), on request. The background is, among other things, cost and security issues. To date, the process, also known as mobile TAN, has been used by a total of almost 2.4 million customers from the two financial associations.
FI boss Andreas Schelling told the Handelsblatt: “We plan to switch off the SMS tan procedure in the middle of the year. So the customers still have about six months to switch to other processes.”
As a reason for leaving the SMS-Tan, the savings banks cite cost reasons on the one hand. Sending messages via the app-based alternative push-tan method is significantly cheaper. “We can save the institutes several million euros per year with this, although we already buy the SMS quotas very cheaply on a large scale.”
In addition, FI wants to promote the push-tan because it has been deeply integrated into processes and applications and is simple, convenient and secure. “Customers can just put their finger on the finger and the order is approved,” said Schelling.
Top jobs of the day
Find the best jobs now and
be notified by email.
Federal Office for Information Security warns against misuse
The Volks- und Raiffeisenbanken are also planning to replace the mobile TAN procedure by mid-2022, as Atruvia announced. They refer to their new app-based process (VR SecureGo plus), which also works by means of direct release without an extra TAN entry.
Atruvia also mentions security concerns that the Federal Office for Information Security (BSI) has been expressing for some time. “Tans sent via SMS can theoretically be intercepted by third parties. In addition, if the mobile phone is stolen, the tan procedure can be used quite easily,” explained Atruvia.
So far, almost 1.6 million customers of cooperative banks and a good 800,000 savings bank customers are still using SMS-Tan. A large proportion of the Volks- und Raiffeisenbanken and a number of savings banks have already said goodbye to the mobile TAN in recent years, and customers have accordingly switched to other methods.
Meanwhile, Deutsche Bank continues to offer its customers the mobile tan. “There are currently no plans to change the existing legitimation procedures. The customers decide according to their own preferences which method suits them best”, according to the largest German money house. In turn, Postbank, which belongs to Deutsche Bank, abolished SMS-Tan for private customers in 2019.
The chip tan process is considered to be particularly secure
At Commerzbank, existing customers can continue to use SMS-Tan if they wish. The newer Photo-Tan process is offered to new customers. The most common procedures are push tan and photo tan. In both cases, customers have to install an additional app on their smartphone.
With the Push-Tan, customers prepare the transfer in their banking app or in the online banking portal on their computer, then they open the Push-Tan app – with a password or face recognition. There you can check and approve transfer data.
There are different variants of the Photo-Tan process. Anyone who prepares a transfer by computer must take a picture of a square with colored pixels on the computer screen with their smartphone – or a special reader. When banking via smartphone, there is no need to take photos – the information is exchanged between the apps in the background. The details of the processes differ depending on the bank.
The chip tan process is considered to be particularly secure. Customers need a so-called tan generator for this. Depending on the device, they have to enter a control number and part of the transaction data – such as the account number – into the tan generator by hand.
In another variant, a so-called flicker code or QR code is scanned from the computer screen with the device, for example. Users can check the data again on the generator display and then enter the displayed number in online banking.
More: Solarisbank is growing rapidly – Bafin sends special auditors.