What we need to know about Germany’s new online banking system

4 min read

Many bank business in Germany will shortly have to contend goodbye to an aged habit.

When they do online banking from their home computers, they will no longer be means to finish their transfers by entering a six-digit method of digits they have perceived – mostly by post – on a paper list.

Such lists with numbered transaction numbers (TANs) will be abolished as partial of a vital EU-wide banking makeover. Banks will not be authorised to offer this supposed iTAN procession for transfers starting on Sep 14th.

As of Sep 14th, such paper tan lists – in that one series during a time can be used once – will turn obsolete. Photo: DPA

READ ALSO: Everything that changes in Sep 2019 in Germany

Why will a paper lists be abolished?

The change is partial of a supposed European Payment Services Directive (with a Star Wars-esque sounding acronym of PSD2). Through it, Brussels aims to make remuneration exchange in a EU some-more available and secure for consumers.

Among other things, a gauge stipulates that a transaction numbers compulsory for online banking contingency be “generated dynamically” in future, that is not probable by a method of numbers that has already been printed on paper.

So what does this meant for bank customers?

For online banking and selling on a Internet, a authorised requirement of “strong patron authentication” will request in future.

This means that any patron contingency infer his or temperament in dual of a following ways: “knowledge” (a tip series or PIN), “possession” (for instance by  smartphone or a strange remuneration card) or “being” (biometric facilities such as a fingerprint). 

In sequence to recover a bank send online, for example, we initial need a PIN, and can afterwards have a TAN sent to your mobile phone by SMS.

What else will change for customers?

The “PSD2” also breaks a banks’ corner on entrance to comment data. In future, financial institutions will also have to concede third-party providers such as financial start-ups (fintechs) to entrance their customers’ data. 

For example, there are companies that review overnight income rates from opposite banks and offer income transfers there. Others assistance consumers save by automatically putting tiny amounts aside. 

German banks are not accurately dancing with fun about a new regulation. Anyone who knows how most income business have in their comment and what they spend it on can simply offer them other services – such as construction financing, loans or insurance.

What about payments by credit card?

Privacy-sensitive Germans can take a whine of service here. In future, consumers will also have to brand with dual factors when creation label payments on a Internet. 

The mandate for regulating credit cards are quite strict, since a series and check series of these cards can be tracked comparatively simply – for example, when they are used in a restaurant. Therefore, only carrying possession of a label is not enough. 

READ ALSO: Germany orders online bank N26 to take new stairs opposite income laundering

According to a new rules, consumers need dual additional confidence factors for credit label payments when selling online: a cue and a TAN, for example. 

Because a complement switch is a problem for retailers, a financial supervisory management Bafin is temporarily permitting a prior (and simpler) confidence regulations to apply.

How do we get a TAN for commendatory online payments in a future?

Bank business need a specifically combined TAN for any order. The patron can, for example, have this TAN sent to him or her by SMS to a mobile phone series formerly deposited with a bank (“mobileTAN”/”mTAN”). A special TAN generator can also be used. 

In multiple with a bank card, this tiny device generates a TAN for online banking (“chipTAN procedure”). Some institutes offer a “PhotoTAN” procedure: A barcode appears in a customer’s online banking complement and is photographed with a mobile phone. A TAN is afterwards generated and a engagement is processed after a patron approves it.

How is a stream complement insecure?

Criminals continue perplexing to convince bank business to exhibit PINs and TANs, for instance by environment adult feign websites or luring consumers onto a wrong webpage by email or SMS. If a printed iTAN lists sent by post tumble into a wrong hands, criminals can pillage a account.

 “If we hoop a TAN list delicately and secure your mechanism according to stream standards, a TAN list offers sufficient protection. However, if your TAN list falls into a hands of third parties, no confidence can be guaranteed,” writes Postbank.

The new complement aims to keep criminals divided from your money. Photo: DPA

OK, though there’s got to be a approach criminals can prevent a new procedure, right?

So-called energetic authentication procedures have a advantage that a TAN – distinct a printed iTAN list – is combined anew any time. These numbers are afterwards related to a particular sequence and are current for a singular duration of time. 

However, there are also concerns. 

“Although a ‘mTan’ procession is unsentimental and user-friendly, it also carries some risks,” warns Germany’s Federal Office for Information Security. “Under certain circumstances, criminals can prevent or route a SMS messages sent for authentication. There is a risk that a TAN contained in a SMS will be misused.”


To send – überweisen

Generated boldly – dynamisch generiert

Secret series – (die) Geheimnummer

Tracked – ausgespäht

Check series – (die) Prüfziffer

We’re aiming to assistance the readers urge their German by translating wording from some of the news stories. Did we find this essay useful? Do we have any suggestions? Let us know.

Leave your vote

0 points
Upvote Downvote



Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.