> Perhaps more importantly, you can't really authenticate the individual transaction,
> also include the destination account and sum of money to be transferred in the TAN calculation
Which banks have it implemented? You are giving them too much credit. In most cases their 2FA is simply code consisting of digits or tapping multiple "confirm" without any context inside of their losy apps. In my personal anecdotal experience only SMS 2FA contain some additional information what exactly are you confirming.
In Germany all banks here (https://www.kontofinder.de/ratgeber/tan-verfahren-ueberblick...) that are listed as supporting chipTAN [1], plus probably most of those that are listed as supporting photoTAN [2] allow using a hardware photoTAN generator instead of an app, too (though sadly some banks like Ing-Diba require their own proprietary photoTAN generator instead of a standard photoTAN-device as supported by some other banks).
[1] That one is using your debit card as a smartcard for the shared secret.
[2] That one requires the shared secret to be transmitted to you in some form (probably a QR-code or something similar in a letter) and set up in the photoTAN generator app/hardware device on first use.
> also include the destination account and sum of money to be transferred in the TAN calculation
Which banks have it implemented? You are giving them too much credit. In most cases their 2FA is simply code consisting of digits or tapping multiple "confirm" without any context inside of their losy apps. In my personal anecdotal experience only SMS 2FA contain some additional information what exactly are you confirming.