[ElectricalUnion]

In a more safe world, the CC HSM would have it's own display and pin entry, to avoid this exact issue. You really can't validate if the terminal is honest.

Because as you rightly pointed out, who said the evil merchant or MitM thief are either MitM'ing the display system, or even have total control of the display system?

[kbolino]

Importantly, though, the credit card system is based around more than just the cryptography involved. By removing the ability to obtain portable payment credentials, the scammer is forced to perform the transaction right then and there. This allows the network to pinpoint the source of the compromise.

A scummy merchant can be banned, a hacked terminal can be removed and examined, etc. And, unlike say a blockchain, a fraudulent transaction can be reversed.