I thought that a separate little computer - such as a bankcard terminal - could be connected via serial port and could use its own keypad and display to get transaction confirmation from user. Connected by serial (RS232) this is a low bandwidth connection that would isolate it from attacks on the network.

A bankcard terminal is merely a form factor for a small computer. A desktop appliance with minimal display and often printing ability. Many devices would fit this purpose at a low cost.