Definition
Mobile TAN
A mobile TAN is a one-time password sent via SMS to the phone number registered to the user’s account. The user enters the received code to authenticate or confirm a transaction.
Knowledge of the one-time password proves possession of the SIM card.
Registration
Phone Number Binding
The phone number is provided during account creation. It can be changed only after proving possession of the previous phone number or by contacting technical support.
Security
SIM Swap Attack
An attacker who gains control of the user’s phone number (for example, through a SIM swap attack) can intercept mobile TANs and bypass the second factor.
SMS Interception
SMS messages are not encrypted end-to-end and can be intercepted at multiple points in the network.