I thought that a separate little computer - such as a bankcard terminal - could be connected via serial port and could use its own keypad and display to get transaction confirmation from user. Connected by serial (RS232) this is a low bandwidth connection that would isolate it from attacks on the network.
A bankcard terminal is merely a form factor for a small computer. A desktop appliance with minimal display and often printing ability. Many devices would fit this purpose at a low cost.
Actually...that's an interesting idea.
I've been working with a STM8S-DISCOVERY board to run
GNUK on the STM32 part. I still have some bugs to work out on the GnuPG implementation, but it may be interesting to try to hack up some code to make a smartcard-like application that can do transaction signing on said hardware. There is a bit of work that would need to be done on hardware as well as getting a client to be able to read the wallet from the hardware.
May be an interesting proof of concept.
The only problem I see is if a virus / hacker / whatever could spoof the response from the terminal. I think the best advice I've seen is to keep a seperate wallet which stores the bulk of your funds and just deposit to it but keep a smaller daily use wallet. If you treat it like cash it's not so bad,people freak out and say things like "what if someone breaks in to my house and steals my wallet" well what if someone breaks in to your house and steals your physical wallet filled with USD? Keep it secure. The obvious advantage is you can back it up as much as you want / encrypt it where as you can't take those $20's down to kinkos.