Currently, phishing e-mails regarding the restriction of SMS-TAN coax the recipient to click on a link and subsequently disclose confidential data. These messages were not sent by Bank Austria. Keep in mind: Bank Austria will never ask you to disclose confidential data via an e-mail link. We always inform you about current phishing attempts on our security portal.
Information on MobileTAN via SMS
In your interest we are constantly enhancing the security of the 24You Online banking system. The user environment of MobileTAN via SMS has unfortunately changed since its inception more than 15 years ago. Techniques to intercept, read or redirect SMS notifications could now be available to potential aggressors to an extent whereby we can no longer, under all circumstances, guarantee the necessary confidentiality.
In light of this objective security risk we have decided to take the two risk-minimisation measures outlined below. As user of CardTAN or MobileTAN Push via the MobileBanking app you are already using a very safe TAN procedure. The following measures will therefore not affect you.
In order to prevent fraudulent actions, as of 16 November 2022 only payments of up to 100 euros daily can be authorised with MobileTAN via SMS. Internal transfers between a user’s Bank Austria accounts and securities purchases are exempted from this limit.
We have also decided to discontinue the transmission of MobileTAN via SMS in the course of 2023. We will inform you in a timely manner of the date when the MobileTAN SMS procedure will be finally terminated.
After the discontinuation of the MobileTAN SMS procedure you will no longer receive your MobileTAN via SMS. You can instead use either the MobileTAN Push procedure or the CardTAN procedure. Both of these alternative TAN procedures are very safe.
How does the MobileTAN Push procedure work?
Instead of an SMS we will send you a push notification with a MobileTAN to the MobileBanking app on a smartphone or tablet which you first have to register. You have to authenticate yourself with this MobileTAN if you
- log into Online banking,
- make declarations of intent in Online banking or
- issue instructions in Online banking.
In addition to the MobileTAN, the push notification, for control purposes, also contains further details for the activity for which you requested a MobileTAN – e.g. IBAN of the payee’s account and amount when making transfers.
How do you switch to MobileTAN via push notifications?
It’s quite simple:
- depending on your smartphone, you simply first download the Bank Austria MobileBanking app from Google Play®, the Apple App Store® or the Huawei App Gallery® and install the app,
- you enter your user code and your PIN for Online banking in the MobileBanking app and
- follow the directions of the app step-by-step.
- When all the steps have been successfully completed you will receive your TAN codes on this app via push notifications. The process is similar to an SMS: entirely automatic, without login – but safer.
Download the MobileBanking app now
As from 16 November only transfers up to a maximum daily amount of 100 Euro can be made with MobileTAN SMS. MobileTAN SMS will be discontinued altogether in the course of 2023. This means that you can then no longer use Bank Austria’s Online banking services with a MobileTAN SMS for logging in. Therefore please ensure that you switch to the convenient and safe MobileTAN Push procedure via the MobileBanking app or to the CardTAN procedure before it is too late.
As an alternative to the MobileTAN Push procedure via the MobileBanking app customers can also opt for the CardTAN procedure. In this case please contact your relationship manager or one of our branches.
The Bank Austria MobileBanking app needs to be installed on a smartphone for use of the MobileTAN Push procedure. You can of course continue to settle your banking transactions via the 24You Online banking service. The only difference is that the TAN code for authorising the issuance of instructions will not be delivered by SMS but by a push notification sent to the Bank Austria MobileBanking app on your smartphone.
Your account details are never automatically stored on your smartphone. The app serves as a secure channel for communication with the Bank Austria servers. Only after logging in with your secret PIN a connection is established, whereby your account data is retrieved and displayed in the app. For some documents (e.g. e-account statements or order confirmations in PDF format) you have the option of actively downloading them to your smartphone.
Please contact your relationship manager in one of our branches. He/she will provide you with the necessary assistance.
MobileTAN Push via the MobileBanking app is safer because the notification, unlike an SMS, is encrypted and can only be displayed by the MobileBanking app. It is therefore impossible for fraudsters to read the notification.
A MobileTAN SMS can therefore be compared to a postcard and a MobileTAN Push to a registered letter in cryptogram.
With MobileTAN Push you are already using a very safe TAN procedure and are not affected by the changes.
If you are only using CardTAN you are already using a very safe TAN procedure and are not affected by the changes.
If you have been using MobileTAN SMS in addition to CardTAN, the changes only apply to MobileTAN SMS. CardTAN is not affected by the changes and can continue to be used without restriction.
MobileTAN Push notifications are sent to your Bank Austria MobileBanking app for authorisation to issue instructions in 24You, i.e. in the Internet browser. Unlike MobileTAN SMS, MobileTAN Push notifications are linked to a specific device and not to a telephone number, and are transmitted via an active Internet connection (either via the mobile network or wifi).
You will find the MobileTAN Push notification in the MobileTAN Push inbox of the Bank Austria MobileBanking app on the device registered for this purpose.
- Reliability: Push notifications can be delivered independent of providers. This means that they can also be received without a SIM card. All that is needed is an active Internet connection (either via the mobile network or wifi).
- Confidentiality: The actual message, which may contain transaction data such as a payee’s account number, the amount and the matching TAN, is not transmitted in the push notification and can therefore not be read by a third party. Your smartphone retrieves the notification directly from Bank Austria’s servers.
- Secure: The retrieval of the notification requires an exchange of cryptographic keys which are deposited only on your smartphone/tablet and are “linked” to this device.
MobileTAN Push is safer, more convenient and faster than MobileTAN SMS. You are not dependent on your telecommunications provider even when you are on holiday – wifi is sufficient.
You need not have any security concerns if you lose your smartphone with the installed Bank Austria MobileBanking app. One can only log into the MobileBanking app with the PIN or biometric identification by means of a fingerprint or facial recognition.
When you get a new device, activate this as a new principal device. The old device is then automatically deleted and can no longer be used for login. In the MobileBanking app you can also see, under
“Settings / Security and Devices / Device Management” which devices are registered.
No, for MobileTAN Push the MobileBanking app has to be installed on a smartphone or tablet.
Yes, MobileTAN Push requires an active Internet connection when the TAN is sent, either via the mobile network or wifi.
Yes, an active Internet connection, e.g. via wifi, is sufficient.
No, the Bank Austria MobileBanking app comes free of charge.