[a3w]

When using a PC, isn't one supposed to use a hardware RFID reader[^1] with a physical numpad to enter the key? Then, the PC never gets a hold of the PIN. Ideally, the hardware reader has a display to show 1. which data is sent to 2. which site/authority that is asking for it.

So on a phone, with every layer of the communication in just software, not hardware, that is inheritly unsafe? (On e.g. Apple phones a security chip could work to increase security, but if a prompt is faked, the PIN can still be exfiltrated.)

[1]: Free RFID USB readers were given out at every local agency in germany, but those were the cheap models, without a numeric input.

[lxgr]

Yes, but realistically, nobody is going to get a hardware CCID reader with the required security level and connect it to their computer anymore (assuming they even have one – for more and more people, their smartphone is their main and sometimes only computing device they own).

What might work today is a Bluetooth-capable smartcard reader with a PIN pad and display for secure transaction confirmation ("enter your PIN to open a bank account with bank xyz" vs "enter your PIN to confirm that you own a valid driver's license for the purpose of renting a car" etc.), but even that is a stretch and will probably only ever see very low adoption.

It would be great to have it as an option supported by the official reader app, though!