We use a system like this in Belgium. You slide your card into the device (which is not connected to the internet), then input a challenge and (sometimes) the account number to transfer to and the amount to transfer, followed by your pin. The device then shows a response which you input into the online banking to sign your transaction. The account number and amount only have to be input for large transactions or new account numbers. They used to not require that, but then a set of viruses went around which would show an error page to the user but use the response token to perform a large transaction in the back-end.
It's inconvenient, but relatively secure. All in all a worthwhile trade-off I would say. It was shocking to me how casually credit card transactions were done when I went to the US the past few years. I didn't even know the magnetic strip on my card even had a purpose until I had it scanned into a register. I've never known a store in europe use the magnetic strip and signature, they always use the chip and pin method.
It's inconvenient, but relatively secure. All in all a worthwhile trade-off I would say. It was shocking to me how casually credit card transactions were done when I went to the US the past few years. I didn't even know the magnetic strip on my card even had a purpose until I had it scanned into a register. I've never known a store in europe use the magnetic strip and signature, they always use the chip and pin method.