When the order from the merchant’s payment gateway is received, the banking app is activated with an out-of-band call.
The bank controls the authentication methods supported for this transaction, the user selects the method he wants to use (here PIN code).
The user proceeds to authorize the transaction.