Agree with this. Either you'll get SMS OTP (which is free for the user, at least in the UK?) or they will send some 'calculator' or multi-colour-code-scanner device that generates OTPs. (Honestly this last one was the most impressive bank security system I'd seen yet; for every individual transaction, you'd have to scan the code and the scanner device would tell you what you were authorising, then you put the PIN in and get a OTP to put back in the bank)
that is just normal practice for business account transaction in my country????
business account can request such devices so if any malicious people cant withdraw funds without pressing a same combination in all devices (there are multiple devices) so there is no rogue employee