As Ayodintsov said, the answer cannot be generalized, but the choice of technology really depends on the bank. My guess is TOTP . But let me explain the reason for the choice.
TOTP eliminates the need for the client and server to remain in sync on the event counter, using the Unix timestamp instead. The algorithm allows the server to choose how far from the incoming timestamp, which it considers acceptable, to correct the clock drift.
When you receive OTP from a bank, it is usually said that you should use this OTP for a certain time after which it will expire. If banks use HOTP , OTP should not expire after a time interval, but expire only after you place another request, increasing the counter.
So, the next time you get an OTP that does not ask you to use it over time, make sure it is created using HOTP .