Kaay Display-TAN
German

Display-TAN - Mobile Banking as it is supposed to be: Secure and Mobile

Display-TAN is a TAN-generator integrated into the bank card, including display and Bluetooth.

Display-TAN is the only Mobile Banking method which is secure and mobile at the same time:

• Display-TAN is secure because the TAN is generated on the bank card - not on the smartphone!

• Display-TAN is mobile in the sense that for Mobile Banking the customer doesn't need more than what he carries anyway: smartphone and bank card.

Moreover, Display-TAN is convenient because Display-TAN requires no typing - just clicking!


Base Information

Video Mobile Banking

Hardware. The main element of the Display-TAN method is a bank card which has a display and a Bluetooth module - and nevertheless is thin, flexible, robust and durable like a usual bank card.

Security. The security of Display-TAN comes from the fact that everything security-critical takes place on the secure card (not on an insecure end device like PC, Laptop, Tablet, Smartphone): (1) The storage of the secret key, (2) the tamper-proof re-visualization of the payment data, and (3) the generation of the TAN. The Bluetooth connection is fully encrypted.

Usability. The bank customer does not need an extra TAN-generator device. This is especially useful in the case of Mobile Banking because the customer does not need anything more than what he carries anyway: smartphone and bank card. Moreover, the bank customer does not need to type anything - just checking and clicking is enough. Even long account numbers like IBAN can be confirmed conveniently with a few clicks.

Online Payment. With the rise of Sofort, Trustly, etc., more and more Internet payments are nowadays executed as money transfers. This way, Display-TAN automatically becomes an Internet Payment method. Display-TAN is much more secure than PayPal or credit cards but nevertheless is of nearly comparable usability (no extra device, no typing besides username/password).

No Pairing. There is no pairing with the smartphone. This is possible because all the security is done completely on the card, not on the smartphone. This way, the customer is not bound to a specific mobile device, i.e. he is able to use several mobile devices alternatingly for Mobile Banking, and may add a new one at any time.

Uniqueness of Display-TAN

Call a Mobile Banking method mobile if for Mobile Banking the customer doesn't need more than what he carries anyway. Call a Mobile Banking method trojan-secure if a smartphone trojan alone cannot execute a fraudulent money transfer, but a fraudulent money transfer money can only be executed if the bank customer is not attentive or if he is led to do something wrong. With these definitions, Display-TAN is the first and only Mobile Banking method which is trojan-secure and mobile: Every other Mobile Banking method which is trojan-secure (TAN-Generator, Flickering code method, ...), is not mobile because the customer has to carry an extra device, And every other Mobile Banking method which is mobile (SMS-TAN, App-generated TAN, NFC-TAN, biometric methods, SIM-card based methods), is not trojan-secure because a smartphone trojan which has infiltrated the Operating System of the smartphone is able to execute a fraudulent money transfer without the customer or the bank noticing it, see for example this contribution for a description of the respective attacks. Therefore, if a bank wants to offer their customers a trojan-secure and mobile Mobile Banking method, its only choice is Display-TAN!

Base Information about the Card

Durability: 5 years and 1800 money transfers.

Availability: Now.

How does it work?

Mobile Banking. The new method is shown from a user's perspective for Mobile Banking - for which is Display-TAN is suited especially well.

DisplayTAN

Note that the bank customer does not have to type anything during TAN generation - just checking and clicking is enough.

DisplayTAN
IBAN (Netherlands)

More Workflows

For more workflows like Online Banking and Payment see the Workflow page.

IBAN

The new European IBAN destination bank account numbers can conveniently be confirmed with 3 or 4 clicks by the bank customer, line per line, see example to the right and the IBAN page.

More Information

For more details concerning the Display-TAN method see the More Information page:

Comparison of Display-TAN with Smartphone-TAN (= App-TAN)

Most banks in Europe are offering nowadays a Smartphone-TAN (= App-TAN) method to their customers, or have it in their pipeline. Smartphone-TAN addresses like Display-TAN the topic Mobile Banking without extra device. In other words, Display-TAN positions itself as a competitor to Smartphone-TAN, so it needs to be compared in terms of security/usability/costs: see this extra page.

The result of the comparison: Display-TAN is significantly more secure and even slightly more convenient, but significantly more expensive than Smartphone-TAN.

Smartphones/Tablets for Display-TAN

Basically, all smartphone models since 2013 do have the necessary Bluetooth version Bluetooth Smart, formerly called ''Bluetooth Low Energy BLE''.

Some PCs and Laptops also may have BLE ability, so they may contact the Display-TAN card directly.

Press

1. Dez. 2016, Stuttgarter Zeitung: Fintech-Event - Abschnitt über Display-TAN

30. Mai 2016, IT-Finanzmagazin, B.Borchert: PSD2 und die Sicherheit von Mobile Banking

1. Mai 2016, Cards Karten Cards, B.Borchert: Display-TAN: Die Bankkarte als TAN-Generator

12. Mar. 2016, BankingNews/Banking Club: Display-TAN: Die Zukunft des Online- und Mobilebanking?

Older Press

Related News

20. 4. 2017, engadget: Mastercard mit Fingerprint

4. 4. 2017, mobilebranche.de: Deutsche Bank/Mastercard Mobile Payment (Interview Deutsche Bank)

4. 4. 2017, Finanzmagazin: Azimo - intern. P2P Mobile Payment

27. 3. 2017, PPI: App-basierte Sicherheitsverfahren

20. 3. 2017, Trustonic: Secure IoT (Video)

7. 3. 2017, Wikileaks: CIA malware targets iPhone, Android, smart TVs

27. 2. 2017, Banken und Partner: Mobile Bankanwendungen sind hochgefährdet

23. 2. 2017, EBA: Final RTS on PSD2 (Comment Vasco)

22. 2. 2017, Reeh: Geld Abheben per Smartphone

22. 2. 2017, Linsenbarth: Apple: Streit um Zugriff auf NFC und Secure Element

21. 2. 2017, Linkedin/Engman: Bluetooth proximity payment readers

14. 2. 2017, Securitywatch: NFC or BLE?

13. 2. 2017, Bargeldlosblog: Neuer EBA-Draft zur PSD2

10. 2. 2017, SZ: EU-Bankenaufsicht blockiert strengere Regeln bei Online-Zahlungen

30. 1. 2017, Vasco Blog: PSD2: Is this the End of SMS-based Authentication?

10. 1. 2017, Haupert/Linsenbarth: Mobile Banking muss sicherer werden

27. 12. 2016, Spiegel: Online Banking Sicherheit - eine bedenkliche Abwärtsspirale (Heise, Video CCC)

14. 12. 2016, BR: NFC-Kredtikarten - abhörbar?

14. 12. 2016, udongo.de: Uebersicht TAN-Verfahren

12. 12. 2016, IT-Finanzmagazin: PSD2 und die starke Authentifizierung: Auch am Smartphone realisierbar?

Older News

Why Bluetooth and not NFC?

iPhone/iPads.The main reason to prefer Bluetooth (BLE) over NFC is that this way also iPhones and iPads are reached.

Display-TAN Apps

Apps. The Display-TAN Android app and the Display-TAN iOS app are available on Google Play and on Apple App Store, resp. - search for 'display tan'.

SDK. Libraries/SDKs for the core functionality of Display-TAN are in preparation for Android und iOS.

Display-TAN Project

Display-TAN is a joint project of SmartDisplayer Inc., Taiwan, and Borchert IT-Sicherheit UG, a spin-off of Tübingen University, Germany. The cards are offered by SmartDisplayer Inc., while Borchert IT-Sicherheit UG takes care of the software, especially the smartphone software.

More Information

Flyer Display-TAN

More InformationDisplay-TAN AppsMore FunctionalitiesLinksContact
Workflows
IBAN
Comparison with App-TAN
More Information
Business Partners
Android App
iOS App
OCRA/Interface
Seed perso
Display-PIN
Online Banking Demo
nfc-tan.com
smartdisplayer.com
borchert-it-sicherheit.com
YouTube Playlist ''Technology Cards''
About
Contact
Imprint