EDIT: Hmm, but one problem: If an attacker somehow acquires n. TAN, then he gains all of n-1. TAN to 1. TAN.
Actually I think a much simpler approach could be used.
Just send a new TAN hash along with your TAN in the AM (the AT data state is persistent).