[Bigbluedot]

Even if physical token is used, it also can be copied and posted by the thief.  

.

can,  but will be much more difficult to do than digital token.

[Bigbluedot]

If any account holder sets limitation of withdrawal, any request to increase the withdrawal amount
Say from $1k to $100 K there is system to ask the account holder to call bank staff for assistance. No auto pilot 
Any better idea?

any options that go thru human interactions (no auto pilot) will be safer but slower and involve staff costs on the bank side.

it is a trade off that the parties concerned need to make.

i think the banks need to make the decision as customers normally follow the banks instructions.
for example, banks say use digital  token, customers lan lan follow.

so if something wrong with the system, bank cannot simply say you 'die your business'.

[A2Z]

This is the digital version of distraction of those Gypsies thieves tapping your left shoulder while pulling your wallet from your right pocket to steal. Busy mum left pocket sms phishing right pocket.

[FangFang]

All banks now,,, Wow,, like virus attracking.

[RiseofAsia]

You forget minibond saga….