Transaction Authentication Number TAN What it is How it Works
Contents
Transaction Authentication Number (TAN): What it is, How it Works
What is a Transaction Authentication Number (TAN)
A transaction authentication number is a one-time code used in processing online transactions. It represents an additional layer of security beyond a password for logging into an account or conducting a transaction.
BREAKING DOWN Transaction Authentication Number (TAN)
Transaction authentication numbers (TANs) provide extra security. Merchants and payment card companies have an incentive to improve transaction security as better security reduces fraud. Organizations like the Payment Card Industry Security Standards Council create standards for encrypting card information at the point of interaction (POI) and later decrypting and processing the transaction.
Transaction authorization numbers are one way financial institutions can reduce fraud. They are single-use numbers that provide two-factor authentication. The first level of authentication may include a personal identification number (PIN) or password to access an account, while the second level may be the TAN.
Financial institutions typically provide a list of passwords or passphrases for authenticating a transaction, with each TAN valid for single use. The financial institution maintains a database associating each TAN with a user.
TANs are commonly used in online transaction verifications. When an individual or business starts a transaction, they may receive the TAN in an email, SMS text message, or through another method. The delivery method is authenticated beforehand, such as a bank confirming a phone number linked to an account. During the transaction, the user receives a message with the TAN code and inputs it in a web-based form. If the code matches, the transaction is processed.
Transaction Authentication Numbers and Two-factor Authentication
As activities move online, the use of transaction authentication numbers has expanded beyond financial institutions. It is advised for email users to sign in using two-factor authentication, combining a password with a TAN. Users keep the TAN on a list of one-time codes or retrieve it via text message, email, or a telephone call.
