Mobile TAN - FAQ
How will the login work with activated Mobile TAN?
First you activate the function in your customer area. Then download the App referred there and scan the displayed QR code. With activated Mobile TAN, you will be asked for a security code with each login, which is displayed in the App on your smartphone.
Is the TAN required with each login?
In the first step we protect the entire account. Later, every customer should be able to specify which individual actions like deletion etc. should be protected.
Given that each customer has their own ideas of which functions should be protected by Mobile TAN and which not, a comprehensive frontend for configuring the necessary rights is needed. We are already working on that. Until then, customers who already wants the additional protection can secure the whole account.
Will Mobile TAN be mandatory in the future?
The use of Mobile TAN is not mandatory and can be optionally enabled and disabled.
Can I define several mobile phones for validation?
You can use the key displayed for activation on multiple devices. For security reasons, you should destroy/delete it after you have performed the activation.
You are using the Google Authenticator App. Does Google now knows about my logins?
No data will be transmitted to Google. The computation is performed locally on the device.
What happens when I use a mobile phone without a camera?
For the use of Mobile TAN a recent smartphone with camera is recommended. In the respective app, you can also manually enter the shared secret, which is displayed below the QR code when activating Mobile TAN.
Why don't you send a text message with the confirmation code?
An extension for TANs via text message is intended, but will be introduced at a later time. As for sending SMS, extra fees incurred for any validation, this extension will be provided for an additional charge.
Will the API still work when I activated Mobile-TAN?
After the optional activation of Mobile TAN, adapting the API client is required.
First, the newest PHP class is needed (not support for other programming languages yet). With the login function, a third parameter with the shared secret needs to be set, which is displayed when activating Mobile TAN below the QR code.
If you do not activate Mobile TAN, the API can be used as before.
Do I have to re-authenticate with every API access?
As long as the session is active, no further TAN is needed. Only after the normal session timeout, a new TAN is needed again.
What if I lose the device that I use for Mobile TAN?
In that case, please send an email to our support and prove your identity. Then we disable Mobile TAN for your account. You can then log in with your password and if necessary activate a new device for Mobile TAN.
Proof of identity is possible as follows:
Individuals / sole traders:
- Copy of your passport or both sides of your ID card
- Copy of passport or ID card of the director listed in the company register
- Copy of the company registration certificate