How safe is online banking?
Waiting in line at the bank is a thing of the past – today everyone can manage their finances online. But what measures ensure that our money is safe?
Online banking can save you a trip to the nearest bank branch. In order for you to be able to manage your finances completely from home or on the road there are, of course, certain security measures. To use online banking, you always need a secret code (PIN). There are also one-time transaction numbers (TAN) with which one can approve an order.
TAN procedure - overview
In order to be able to execute a transaction in online banking such as money transfers, so-called TAN codes (usually a six decimal digits) are created to verify the legitimacy of this action. Various procedures for the creation of the codes exist.
- The chipTAN procedure is the most frequently used method. You are asked to enter your transfer data into a mobile app or a computer. Then the chipTAN generator creates a TAN code. The generator is a small machine consisting of a display, keyboard, and a slot for the customer card.
- In the pushTAN procedure, you only need one device. You access two different apps with different passwords. One app serves to create the order, the other to generate the TAN.
- In the smsTAN procedure, a transfer is created on a PC or laptop. A few second later an SMS with the TAN is sent to the smartphone. It is important that in each case, two devices are needed. This means that you cannot have the smsTAN sent to your smartphone if you are currently using it for online banking.1
- Then there are the photoTAN and QR-TAN procedures. In these, the transaction must be entered on a PC or laptop, followed shortly afterwards by a photo or QR code, that is scanned with the phone. The TAN that is then generated approves the transfer order.2
So far, so good, but which is the safest method? The chipTAN procedure is clearly ahead of the others. Then come the QR, photo, push, and smsTan procedures which offer medium security.3
Why are alternatives to the chipTAN procedure needed?
Credit institutes believe that chipTAN procedures are too inconvenient for most customers. If you always have to have a generator with you, you are not really flexible in executing banking business. If providers fail to offer apps, they run the risk of losing customers.
Why are smartphone apps so much less secure?
All app-based TAN procedures give fraudsters a target, independent of the institute. This is not due to the apps themselves. They are largely very solidly programmed. It is rather the operating systems of smartphones that have security gaps. They are not updated frequently enough.4 However, for new smartphones, Stiftung Warentest has allayed fears: as long as the most recent OS is installed on the smartphone, it is comparable with the safety level of the chipTAN procedure. They recommend not using smartphones the OS of which is no longer updated.5
Online banking and Germany... a good fit?
While bank branches continue to close in Germany and many institutions charge customers who prefer traditional banking ever higher fees, only every second German (56%) uses the digital variant.6 The trend, however, is moving towards digitalization. In the age group of 18 to 49, 70% already use online banking.7
The Danes are the masters of online banking
While Germany is merely in the middle field within the European Union (14th place with 56%), the Danes are the most digitalized: 90% of them manage their current account online. User numbers in Belgium (67%), France (62%), Czech Republic (57%), and Austria (57%) are similar to Germany. Behind these lie Spain (46%), Poland (40%), and Italy (31%). Romania and Bulgaria make up the end of the list. There it is less than 10%. However, Europe has seen an increase in online banking numbers for years. While in 2007, only 25% of EU citizens managed their money electronically, the share first crept over 50% in 2017 with 51%.8 So the European trend is clearly towards digital banking.