Transaction Authentication Number (TAN)

What is a Transaction Authentication Number (TAN)

A transaction authentication number is a one-time code used in the processing of online transactions. A transaction authorization number (TAN) represents an additional layer of security beyond a password to securely log into an account or conduct a transaction.

BREAKING DOWN Transaction Authentication Number (TAN)

Transaction authentication numbers (TANs) provide extra security. Merchants and payment card companies have an incentive to improve transaction security, as better security reduces the possibility that fraud may occur. Organizations such as the Payment Card Industry Security Standards Council create standards that payment card acquirers and processing companies are expected to follow in order to encrypt card information at the point-of-interaction (POI) and later decrypt and process the transaction.

Transaction authorization numbers are one way that financial institutions can reduce the possibility of fraud. They are single-use numbers and provide a two-factor authentication of a transaction. The first level of authentication may include a personal identification number (PIN) or password to access an account, while the second level of authentication may be the TAN.

Financial institutions typically provide a list of passwords or passphrases that can be used to authenticate a transaction, with each TAN only being valid for a single use. The financial institution providing the list of TANs maintains a database in which it associates each TAN to a particular user. 

TANs are most commonly used in online transaction verifications. When an individual or business starts the transaction it may be provided with the TAN in an email, in an SMS text message, or through another method. The delivery method has typically been authenticated beforehand through a previous interaction, such as a bank sending a text message confirming that a particular phone number is linked to an account. When a transaction is being conducted, the user will receive a message with the TAN code, and will be required to input that code in a field on a web-based form. If the code is correctly matched, the transaction will be processed.

Transaction Authentication Numbers and Two-factor Authentication

As Americans have moved more of their activities online, the use of transaction authentication numbers has spread from financial institutions to many other areas of life. It is advised, for instance, that email users sign in to their email accounts using two-factor authentication, whereby one must put one’s password in along with a transaction authentication number. These are usually kept by the user on a list of one-time codes, or the number is retrieved via text message, email, or a telephone call.

Article Sources

Investopedia requires writers to use primary sources to support their work. These include white papers, government data, original reporting, and interviews with industry experts. We also reference original research from other reputable publishers where appropriate. You can learn more about the standards we follow in producing accurate, unbiased content in our editorial policy.
  1. PCI Security Standards Council. "PCI Security." Accessed Feb. 11, 2021.