Sure, one option means paying for each SMS (actually they had to abandon that one), another option is getting a paid banking card just to use a hardware device. From my experience they try to make sure that you will get a certified phone . I just got one because for some reason my Redmi Note 10 despite passing all play integrity checks after hacks like Tricky store+Key box triggered some checks in my banking apps. I needed to use an aftermarket ROM, because my device would not receive any updates from Xiaomi (also I don't know why a device packed with Chinese bloat ware is certified as secure in the first place). And guess what I bought: a Google Pixel. Smart Google, huh.

Agree with this. Either you'll get SMS OTP (which is free for the user, at least in the UK?) or they will send some 'calculator' or multi-colour-code-scanner device that generates OTPs. (Honestly this last one was the most impressive bank security system I'd seen yet; for every individual transaction, you'd have to scan the code and the scanner device would tell you what you were authorising, then you put the PIN in and get a OTP to put back in the bank)

I switched banks when they required authentication with biometric and when i said i didn't want to do that the answer was

sorry, we can't do anything for you then