Kaay Display-TAN
German

Display-TAN - 2-Factor Mobile Banking - secure and mobile

Display-TAN is a TAN-generator integrated into the bank card, including display and Bluetooth

Display-TAN is a Mobile Banking method which is secure and mobile at the same time:

• Display-TAN is secure because the TAN (Transaction Authentication Number) is generated on the bank card - not on the smartphone!

• Display-TAN is mobile in the sense that for Mobile Banking the customer doesn't need more than what he carries anyway: smartphone and bank card.

Moreover, Display-TAN is convenient because Display-TAN requires no typing - just clicking!

Motivation/Background: Why Display-TAN?

Nowadays many financial transactions are executed from the user's smartphone only. But the user's smartphone may be infected by malware. The malware may manipulate transactions because it is able to spy (or abuse) every single one of the user's credentials: password, SMS, secret key, fingerprint, etc.

So the basic idea of Display-TAN is the following: Move out the secret key and the generation of the TAN to the bank card! This way, malware on the smartphone will not be able to manipulate transactions.

And why display and Bluetooth?

Base Information

Hardware. The main element of the Display-TAN method is a bank card which has a display and a Bluetooth module - and nevertheless is thin, flexible, robust and durable like a usual bank card.

Security. The security of Display-TAN comes from the fact that everything security-critical takes place on the secure card (not on a potentially insecure end device like PC, Laptop, Tablet, Smartphone): (1) The storage of the secret key, (2) the tamper-proof re-visualization of the payment data, and (3) the generation of the TAN. The Bluetooth connection is fully encrypted.

Usability. The bank customer does not need an extra TAN-generator device. This is especially useful in the case of Mobile Banking because the customer does not need anything more than what he carries anyway: smartphone and bank card. Moreover, the bank customer does not need to type anything - just checking and clicking is enough. Even long account numbers like IBAN can be confirmed conveniently with a few clicks.

Online Payment. With the rise of Sofort, Trustly, etc., more and more Internet payments are nowadays executed as money transfers. This way, Display-TAN automatically becomes an Internet Payment method. Display-TAN is much more secure than PayPal or credit cards but nevertheless is of nearly comparable usability (no extra device, no typing besides username/password).

No Pairing. There is no pairing with the smartphone. This is possible because all the security is done completely on the card, not on the smartphone. This way, the customer is not bound to a specific mobile device, i.e. he is able to use several mobile devices alternatingly for Mobile Banking, and may add a new one at any time.

Base Information about the Card

Form. Thin and flexible like a usual bank card (ISO/IEC 7810).

Lifetime. 5 years and 2000 money transfers.

Durability. The card producer has for its display cards a proven ≤ 1% failure rate over the whole card lifetime.

Availability. Technically ready (Bluetooth certification is pending).

How does it work?

Mobile Banking. The new method is shown in the video above, and is in the image below shown from a user's perspective for Mobile Banking - for which is Display-TAN is suited especially well.

DisplayTAN

Note that the bank customer does not have to type anything during TAN generation - just checking and clicking is enough.

For more workflows like Online Banking and Payment see the Workflow page.

Uniqueness of Display-TAN

Display-TAN is the first and only Mobile Banking method which is trojan-secure and mobile!

For the same reasons, Display-TAN is the only Mobile Banking method which is at the same time mobile and secure against friendly fraud.

DisplayTAN
IBAN (Netherlands)

IBAN

The new European IBAN destination bank account numbers can conveniently be confirmed with 3 or 4 clicks by the bank customer, line per line, see example to the right and the IBAN page.

More Information

For more details concerning the Display-TAN method see the More Information page, covering topics like Security, Usability, Integration of Display-TAN into the bank card, Buttons on the Card, Display-TAN as a successor of NFC-TAN, TAN-generating algorithm.

For a comparison of Display-TAN with Smartphone-TAN (= App-TAN) in terms of security/usability/costs see this extra page.

Requirement for the User Device: Bluetooth Smart (BLE)

Basically, all smartphone and tablet models since 2013 do have the necessary Bluetooth version Bluetooth Smart also called Bluetooth Low Energy BLE: iPhone 4s or higher, iPad 3 or higher, Android 4.3 or higher. Many PC's and most Laptops have BLE ability, so they may contact the Display-TAN card directly.

Why Bluetooth and not NFC?

iPhone/iPads. The main reason to prefer Bluetooth (BLE) over NFC is that this way also iPhones and iPads are reached.

Stability. Bluetooth is much more convenient and stable concerning the card handling than NFC: With NFC the card has to be hold adjacent to the smartphone, while with Bluetooth the distance may be up to a meter, and moving the card or the smartphone is no problem.

Security. All data sent via Bluetooth to the card are encrypted by the bank server with the individual secret key of the card, i.e. sniffing or manipulating is not possible.


Press

30. August 2017. Netknights/Koelbel: Securing Bank Transactions

1. Juni 2017. Fraunhofer SIT, Darmstadt, Workshop Mobile und Embedded Security, Vortragsfolien: Die Sicherheit von Smartphones als IoT Fernsteuerungsgeräte

1. Dez. 2016, Stuttgarter Zeitung: Fintech-Event - Abschnitt über Display-TAN

Older Press

Related News

19. 9. 2017, Noris Bank: Online Banking Nutzung

12. 9. 2017, Süddeutsche: Staatstrojaner-Behörde Zitis nimmt Betrieb auf

7. 9. 2017, Payments and Cards: Mobile Wallet Security

24. 8. 2017, Trustonic: Trusted Execution Environment TAP

23. 8. 2017, IT-Finanzmagazin/HID: PSD2 SCA

23. 8. 2017, Assecco/Erste: Kontaktloser Geldautomat

23. 8. 2017, IT-Finanzmagazin: Mobile Banking Apps als Bankfiliale

17. 8. 2017, NZZ: P!=NP und Veschlüsselung/Online Banking

16. 8. 2017, Postbank: Studie zum Bargeld

2. 8. 2017, Sueddeutsche: Wie der Staatstrojaner eine Demokratie aushöhlt

2. 8. 2017, Focus (mit Video): So schützen Sie sich vor dem mobilen Banking-Trojaner Svpeng

28. 7. 2017, Embedded Security News: What is a Fingerprint Card?

10. 7. 2017, Vasco-Blog/Mennes: Simplifying the Debate on PSD2 RTS

4. 7. 2017, IT-Finanzmagazin: Smartphone-only Konto

26. 6. 2017, Video Cyberpeace statt Cyberwar

26. 6. 2017, IT-Finanzmagazin: 1822mobile

26. 6. 2017, NTTData Video: PSD2 X2A

23. 6. 2017: Cashkurs Video: Bundestrojaner technisch möglich?

9. 6. 2017, Vasco-Blog/Mennes: EU Commission Amendments to Final Draft RTS

8. 6. 2017, Linsenbarth: Apple öffnet die NFC-Schnittstelle - ein bisschen.

1. 6. 2017, IT-Finanzmagazin: ING-Diba Studie Mobile Banking, ING-Diba Studie: Deutschen Bankkunden: vertrauen Bank, aber misstrauen Mobile Banking

24. 5. 2017, EU Commission: Revised RTS with the Commission's suggested changes

19. 5. 2017, BBC News: BBC fools HSBC voice recognition security system

9. 5. 2017, IT-Finanzmagazin: Kritik an PSD2-RTS wg. Direct Access

4. 5. 2017, Verbraucherzentrale: Wenn möglich, nutzen Sie einen TAN-Generator!

Older News

New Subpages Display-TAN

26. Juni 2017: Windows App

26. Mai 2017: Display-TAN/soft

23. Mai 2017: IoT Applications

19. Mai 2017: Checklist PSD2-Compliance

17. Mai 2017: Friendly Fraud

Display-TAN Apps

Apps. Demo Apps for Display-TAN are available for

SDK. Libraries/SDKs for the core functionality of Display-TAN are available for Android, iOS, and Windows.

Display-TAN Project

Display-TAN is a joint project of

The hardware including its firmware is made by SmartDisplayer Inc., while Borchert IT-Sicherheit UG takes care of the overall architecture and the software.

Coming Events

More Information

Flyer, transparencies, articles, etc.:


More InformationDemo AppsAPIMore FunctionalitiesLinksContact
Workflows
IBAN
Compar. App-TAN
More Information
Friendly Fraud
PSD2-Compliance
Business Partners
Android App
iOS App
Windows App
API Version 1
API Version 2
SDK/Library
Display-TAN/soft
Seed Perso
Display-PIN
Online Banking Demo
IoT Applications
nfc-tan.com
smartdisplayer.com
borchert-it-sicherheit.com
YouTube Playlist ''Technology Cards''
About
Contact
Imprint
Privacy Policy