Sorry to blow our horm, but the problem *is* solved..
Could I humbly suggest you look at www.axsionics.ch, a Swiss startup? I'm working on the docs so if you want decent details mention it (once I have this I will send El Reg a token to play with, give me a couple of weeks).
In short, it's a trusted display (graphical OLED), combining more or less all of your above comments. To address question one upfront: no, the use of biometrics does not mean that a "disconnected" finger is of use (or its friendlier equivalent, the copied fingerprint a la Chaos Computer Club). The reader is quite good at rejecting fakes, and you have to "name" your fingers - only you know which finger "g" is, for instance, if you used the word "frog" to name them.
A message for the token is AES128 symmetric dual cert encrypted, so it has to (a) come from a defined source (the token accepts 128 different origin certs) and (b) has to be encoded for that token or it won't be able to decode it. It picks that encrypted message up via a screen animation, and after taking a valid fingerprint it will show it, together with a password if an answer is required. So, "To: BT, A/C Household, Val. GBP 125,23, PIN ABC45F" is quite possible (or "Please call us on +44 1234 4568") - and that PIN is also meaningless to anyone but you and the sending server because it's a One Time Password, generated on the card.
This means that a Man in The Middle Attack won't work, and -VERY- important, that you do NOT need a secure terminal. There is no reason why you can't use one of the card's channels as a payment method, which ends the need for secure terminals altogether. Instead, you just pop up an iframe in the POS display (or an external one), supply the required finger sweep, read the message and enter the PIN (numeric or alphanumeric) if required. Ditto at home - regardless whether your system is virus infested or not.
To give you an idea where I'm coming from, I was consulting private Swiss banks on next generation eBanking, and the basic premise there too is that we have to assume the client PC *is* infected. Yet, you still need to supply secure eBanking.
Expect to hear more from us soon :-).