Transaction Authentication Number (TAN)

Transaction Authentication Number (TAN) — Meaning, Definition & Full Explanation

A Transaction Authentication Number (TAN) is a single-use code generated to verify and authorise online banking transactions, serving as a crucial component of two-factor authentication. This unique numeric or alphanumeric sequence adds an essential layer of security, ensuring that only the legitimate account holder can complete a financial operation. TANs are primarily designed to mitigate fraud risks by confirming the user's identity beyond just a password.

What is Transaction Authentication Number (TAN)?

The Transaction Authentication Number (TAN) is a security feature employed by financial institutions to authenticate online transactions. It is a unique, one-time code that users must enter to confirm a specific transaction, adding an extra layer of verification beyond the typical username and password. TANs are a form of two-factor authentication (2FA), where "something you know" (password) is combined with "something you have" (the device receiving the TAN) or "something you are" (biometrics, though less common for TANs specifically). The primary purpose of a TAN is to enhance the security of digital banking and payment systems, protecting customers from unauthorised access and fraudulent activities. By requiring this additional code, banks ensure that even if a user's password is compromised, an unauthorised party cannot complete transactions without also possessing the device linked to the TAN delivery. This significantly reduces the risk associated with online financial operations.

How Transaction Authentication Number (TAN) Works

The mechanism of a Transaction Authentication Number (TAN) typically involves several steps to secure an online transaction:

1. Initiation: A user logs into their online banking portal using their primary credentials (username and password/PIN) and initiates a financial transaction, such as a fund transfer or bill payment.
2. TAN Request: After the transaction details are entered and confirmed, the banking system prompts the user for a Transaction Authentication Number.
3. TAN Generation & Delivery: The bank's system generates a unique, single-use TAN specifically for that transaction. This TAN is then securely delivered to the user via a pre-registered channel, most commonly SMS to their registered mobile number, but sometimes via email or a dedicated authenticator app. Some older systems might even provide a physical list of TANs.
4. Verification: The user receives the TAN and enters it into the designated field on the banking portal.
5. Authorisation: The banking system verifies the entered TAN against the generated one. If they match, the transaction is authenticated and processed. If it doesn't match or the TAN is not entered within a specific timeframe, the transaction is declined. Each Transaction Authentication Number is valid for only one specific transaction and often expires after a short period or a single use, preventing replay attacks. This process ensures that only the legitimate account holder, possessing both the login credentials and the registered device, can authorise the transaction.

Transaction Authentication Number (TAN) in Indian Banking

In Indian banking, the concept of a Transaction Authentication Number (TAN) is widely implemented, primarily in the form of a One-Time Password (OTP), which serves the same security function. The Reserve Bank of India (RBI) mandates robust security measures for electronic banking transactions to protect customers from fraud. While the term "TAN" is less common in direct usage compared to "OTP" in India, the underlying principle of a single-use authentication code for transactions is fundamental. For instance, RBI's guidelines on "Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions" (July 2017) emphasize the need for strong authentication mechanisms. Major Indian banks like SBI, HDFC Bank, ICICI Bank, and Axis Bank extensively use OTPs (functioning as TANs) for various online transactions, including NEFT, RTGS, IMPS fund transfers, bill payments, and e-commerce purchases. These OTPs are typically sent to the customer's registered mobile number or email ID. For candidates appearing for banking exams like JAIIB/CAIIB, understanding two-factor authentication and the role of OTPs/TANs in securing digital transactions is crucial. NPCI's UPI platform, while using MPIN for authentication, also often integrates OTPs for initial registration or high-value transactions, further solidifying the use of a transaction authentication number in the Indian financial landscape.

Practical Example

Consider Ramesh, a salaried employee in Pune, who wants to transfer ₹50,000 from his HDFC Bank savings account to his sister's account in Bengaluru using online banking. Ramesh logs into his HDFC Bank net banking portal using his customer ID and password. He navigates to the fund transfer section, selects NEFT, enters his sister's account details, the amount (₹50,000), and a remark. After reviewing the details, he clicks "Confirm". At this point, HDFC Bank's system requires an additional security verification. A message pops up on his screen asking for a Transaction Authentication Number. Simultaneously, a unique 6-digit OTP (which functions as the TAN) is sent via SMS to Ramesh's mobile number, which is registered with the bank. Ramesh receives the SMS, notes down the OTP, and enters it into the designated field on the net banking portal within the stipulated time. Once he submits the OTP, the system verifies its authenticity. If correct, the ₹50,000 transfer is successfully processed, and he receives a confirmation message. This use of a TAN ensures that even if someone had Ramesh's login credentials, they couldn't complete the transaction without access to his registered mobile phone.

Transaction Authentication Number (TAN) vs One-Time Password (OTP)

While often used interchangeably, Transaction Authentication Number (TAN) and One-Time Password (OTP) refer to the same core concept of a single-use authentication code, but "OTP" is the more prevalent term globally and especially in India.

Feature	Transaction Authentication Number (TAN)	One-Time Password (OTP)
Purpose	Primarily for authorising specific financial transactions.	Broader use: login, registration