I had a couple of such TOTP clients from different banks. For approving an operation, both of them required me to sign the amount of money transferred by that operation (i.e. they generated a one-time code that depended on a hash of the amount of money), so no confusions were possible.
