Can you guess what this woman is doing?
Answer: She is just opening the door of her appartment in Berlin 2000 miles away, for her sister who called her and now stands in front of the appartment door.
What is she doing with the smartcard in her hand?
It is her customer card of the Smart Home supplier. In order to open the appartment door the card is necessary: The card will ask her on a display ''Open Door?'' and
she needs to agree by pressing an OK button on the card.
Why this extra confirmation?
A trojan may have infiltrated the Smartphone and may spy the credentials like password, fingerprint, secret key, etc. With the credentials the smartphone trojan is able to open the door on his own, i.e. without any involvment of the customer, at any time, for example in order to let a thief in. With the extra confirmation on the card this is impossible - the trojan has no access to the card.
The example shows that not only financial transactions should not - because of the danger of trojans - be initiated from the smartphone alone: there are other relevant actions which can be initiated
on the smartphone but which are quite dangerous.
Actions intiated on the smartphone and further secured by Display-TAN may be virtual (payment) or physical (door), they may be of privat background (home door), or they may be of professional background (Intranet access, company building access).
Company ID cards may be added with Display-TAN, in order to let employees and managers initiate relevant actions (virtual or physical) safely on their smartphones, even on their private smartphones.
Of course, Display-TAN only prevents the dangers related to the intiating smartphone, not the many other dangers of the respective overall IoT system.