This came up recently as I signed up for a visa debit with BNZ for Apply Pay.
Their internet banking requires you to use a "NetGuard" card which is credit card sized and has a matrix on it (a1 = X, a2 = Y, etc..). Personally I think this is a relic and needs to go away.
But it got me thinking, what are other banks doing in NZ?
I know Kiwibank use security questions (arguably not 'true' 2FA) and Rabobank I think use a RSA Token (or similar).... What else is out there??
I contacted BNZ about it and they said they didn't have any plans to implement a soft-token, which to me in a bit short sighted.