[gruez]

>Of all these solutions, the numbers card gives me the most peace of mind: even if my machine is fully compromised and all my passwords and certificates stolen, the attacker would likely need very long-term access (or access to the bank's server) to get all 35 numbers from the card

I think you're overestimating how much security this provides and missing a very simple workaround: the attacker can simply wait until you preform a transfer, and then replace the intended recipient detail with theirs. For instance, if alice was sending funds to bob, and the attacker controls the machine, they can simply replace the recipient to malory, while still displaying bob to the user.

[ravel-bar-foo]

You're right. The machine remains a big single vulnerability. However, there is a process to catch this: one (used to?) have the option to get a text by SMS following the transfer. This (used to) list the recipient. For whatever reason I haven't gotten a text like this in a few years. Probably my bank disabled it to push people to their mobile app.