There are many different implementation of 2FA/OOB. SFOR just owns the most secure (unless you can think of one better?).
1 = User Computer 2 = System 1 wants access to. (like a website) 3 = Security Server 4 = 2nd factor device. (cell phone)
1 and 2 can talk 2 and 3 can talk 3 and 4 can talk
1 and 3 CANNOT talk to each other 1 and 4 CANNOT talk to each other 2 and 4 CANNOT talk to each other
_____________________________________
SFOR (Full 2 Channel MF/OOB): 1 connects to 2 and enters username and password 2 contacts 3 and requests verification 3 sends request to 4 user responds on 4 4 sends confirmation to 3 3 tells 2 the user is ok 2 lets 1 into 2
Half 2 Channel MF/OOB: 1 connects to 2 and enters username and password 2 contacts 3 and requests verification 3 sends request to 4 1 responds to 2 with text from 4 2 lets 1 into 2
Full 1 Channel MF/OOB?: 1 connects to 2 and enters username and password 2 sends request to 4 1 responds to 2 with text from 4 2 lets 1 into 2
RSA Token (2 factor ONLY / No OOB): 1 connects to 2 and enters username and password 2 ask 1 for code from fob or software 1 enters code 2 lets 1 into 2
Market Data 
Markets 
AI
