Flicker

This page is a collection of information about FinTS Flicker Code. The more official term is optical ChipTAN, another name is Sm@rtTAN.

Intro

Requests

Since version 4.3 Gnucash supports the chipTAN optic mode, which is also known as flicker graphics. The animated graphic is displayed in the "TAN input" dialogue and can be read there with the TAN generator.

Fallback

It is possible to use the chipTAN mode without Flicker in Gnucash.

If your bank account is configured for chipTan you get a dialog with the information of the transaction and a <start code>. And you get the information how to input these informations into the TAN generator. then you generate the TAN to put into the field in the dialog.

Official Specs

http://www.hbci-zka.de/dokumente/spezifikation_deutsch/hhd/Belegungsrichtlinien%20TANve1.5%20FV%20vom%202018-04-16.pdf

http://www.hbci-zka.de/dokumente/spezifikation_deutsch/hhd/Belegungsrichtlinien%20TANve1.4%20-%20GV-VK-Mapping-Tabellen%202013-07-18%20final%20version.pdf

Other Details

https://wiki.ccc-ffm.de/projekte:tangenerator:start has useful links like

• flicker.sh
• JS Flickercode generator with Checksum calculation: http://6xq.net/blog/2010/flickercodes/flickercode.html

Videos

Initialization: https://www.youtube.com/watch?v=mCmQFEGf-_k

Transaction: https://www.youtube.com/watch?v=U7PnC1S-j4I

Implementations by others

Programs

Olaf Willuhn's GPL2ed Java based Hibiscus has also a nice german wiki and other links.

A incomplete list of FOSS banking software

Modules

An MIT-licensed javascript implementation is available at https://github.com/my-flow/fintex/blob/master/lib/tan/flicker_code.ex

Security

Already in 2009 was shown that it is not totally secure against man in the middle attacks: https://www.redteam-pentesting.de/en/publications/MitM-chipTAN-comfort/-man-in-the-middle-attacks-against-the-chiptan-comfort-online-banking-system