Is there a standard for OTPs tied to transaction details (that has been implemented in apps/devices)?
There are standards for Time-based (TOTP) and Counter-based (HOTP) One Time Password schemes.
Generated OTPs are independent of the transactions they are used for, such as authorizing a login or a money transfer.
These are widely supported by smartphone apps (e.g. Google Authenticator) and hardware tokens (e.g. Yubikeys), and used by many online services.
On the other hand, many financial institutions (particularly within the EU due to the recently adopted PSD2's Dynamic Linking requirement) are implementing schemes that tie the OTP generation to specific transaction data (such as amount and recipient in a money transfer) - to be verified by the user on their generator device/app.
Apart from SMS and push notification options, many institutions offer some kind of visual screen-to-device transfer method, such as flickering bar codes, or (sometimes proprietary) 2D matrix/QR codes.
Public documentation on banking mechanisms is notoriously scarce, so I have not been able to find any details on these presumably proprietary schemes.
I have so far found one documented way to use such a scheme for my own purposes, which is the TxOTP feature of the Authy app.
But this is a commercial service involving a remote API (Authy) that is hardly necessary from a technical standpoint.
Is there any public standard that defines such a Transactional OTP scheme with a visual transfer?
Preferrably one that has been implemented in smartphone apps similarly to TOTP and HOTP.
