NFC-TAN

DisplayTAN

NFC-TAN is Display-TAN without display, and with NFC instead of BLE.

The main adavantage of NFC-TAN as compared to Display-TAN and every other Online Banking method are the costs: nearly zero costs for the bank in case they have already NFC enabled bank cards.

The disadvantage of NFC-TAN as compared to Display-TAN: it is less secure and it does not work with iPhones.

DisplayTAN

DisplayTAN

Security

NFC-TAN Mobile Banking is less secure than Display-TAN because a Man-in-the-Middle attack by a trojan on the smartphone is possible. On the other hand, NFC-TAN Mobile Banking much more secure than SMS-TAN or App-TAN Mobile Banking, because the secret key cannot by accessed by a trojan, see this comparison (pdf slide).

PSD2-compliance

NFC-TAN is compliant to the recent EU Directive PSD2 (from Oct. 2015, to be complied to latest: 2018):

NFC-TAN profits from the fact that PSD2 - for whatever reason - does not require a secure re-visualization of the transaction data.

While NFC-TAN Mobile Banking does meet the PSD2 standards, Mobile Banking with SMS-TAN, App-TAN, biometrical solutions, SIM-card solutions, etc., will probably not, according to this interpretation: EBA discussion (revised German version). Call a Mobile Banking method mobile if for Mobile Banking the customer doesn't need more than what he carries anyway. Then we have the following:

In other words: If a bank wants to offer to their customers mobile and PSD2-compliant Mobile Banking, its only choices are Display-TAN and NFC-TAN! Customers will be demanding mobility, regulators will be demanding PSD2-compliance.

Press

March 2013, press announcement GFT: ''Smartphone meets debit card: NFC-TAN makes transactions secure and straightforward''

March 2013, Computerworld NL: ''Zo beveiligt NFC internetbankieren''

Implementations

Aug. 2013, UBS Bank (CH): UBS Mobile Banking (NFC only for login)

March 2015, NFC World: '' Korea shifts to NFC authentication for mobile banking''

July 2015, LLoyds Bank (GB): ''Lloyds trials tap to bank mobile banking service''

Unfortunately these implementations were done without us. The fact that others independendly have the same idea just shows: NFC-TAN is a natural and convincing principle.

Publications

Borchert (2009): Secure encryption for online accounts through a device with a camera, display and short-range radio as an intermediary between the computer and secret

Borchert, Günther (2013): Online Banking with NFC-enabled Bank Card and NFC-enabled Smartphone

LinksContact
display-tan.comContact
Imprint