With my bank that requires me to use a device they sent me (a hardware token), my bank card, my pin and a secondary authorization where I use the hardware token to process a challenge and then type in the response.
Unfortunately, that depends on the implementation of security the bank adopted. I assume you are mentioning a detail in the PSD2 directive. The banks, especially after national legislation following the directive, may adapt but not overlap it.
Take as an example the rule in the directive, that NFC based payments should require PIN based confirmation every five transactions: not all banks implemented this.
Pretty good now; the legislation mandates multi-factor authentication by the issuing bank. So customer has to prove presence directly with their bank to authorise the payment.
There is also dynamic linking (ie you are shown the amount but also a unique code that the payment requestor also showed you) so you are confident it is the same transaction.