This paper is related to the introduction of Payment Services Directive 2 (PSD2) and associated with it Strong Customer Authentication (SCA) and dynamic linking mechanisms. As a consequence of these regulations, some of the transaction authorization methods (aka TANs) must be withdrawn - for instance regular hardware tokens or printed one-time passwords cards. We propose easy to implement adjustment for well-known hardware-based tokens, which make them PSD2 compliant. As a proof-of-concept for our solution, we incorporated our designed protocol based on TOTP (Time-based One Time Password) algorithm and prepared a working prototype in a form of full-operating system example. During our investigation we showed that users do not have to rely on One Time Password (OTP) mechanisms based on Short Message Service (SMS) codes or smartphone applications for generating TANs, which are forced by financial institutions and raises doubts regarding the level of security or availability. In our approach, we divide communications channels between bank and user into three independent parts [web-service (two-ways, main channel), text message/e-mail (one way, notification channel), hardware token (one way, OTP generating channel)]. Corrupting one of the channels is not enough to take over the control of the user bank account. We designed our solution with respect to client privacy and even possession of cellphone is not mandatory to use it.