[2ion]

There are two such methods left in Germany, chipTAN and photoTAN which (can) use seperate, external generator devices which you can buy. If you have multiple banks however, like I do, it's mixn'match. The last method left is smsTAN, which is insecure by default, and it's the first being phased out right now.

The move towards more elaborate TAN setups is due to PSD2 EU regulations; banks usually choose the way their lawyers deem watertight and product management considers acceptable in terms of cost, although especially on the lawyer side, interpretations of current law still differ. Which results in different PIN/TAN flows even between the major players at the moment.