grue, do you understand that the entire point of a smart card is that the private key never leaves the card?
Basically, the POS terminal just sends the balance due to your card, which displays it for you. You then press the button to verify, and the card creates the transaction and signs it. No need to trust anything.
This is what I have proposed. If you'd like to discuss any flaws you see in what I have proposed, I'd love to hear them.
This is exactly right. The card must sign the transaction itself, and it must do so only after showing the transaction to the user and getting confirmation.
But the details are tricky.