ulrikrasmussen parent
Also, online banking has been a thing for so long on PCs which never had that kind of remote attestation. I also do not believe the security argument, but I believe that the banks believe it.
I suspect the banks want to do checkbox-based compliance with regulators and insurers without any deep understanding of the underlying issues.
Online banking doesn't need remote attestation. Some additional locked down hardware with its own minimal display is enough. My banks force me to use devices like those made by Kobil or ReinerSCT.
I didn't know about these, but I think they look great. I am not against locking down hardware if that hardware has a very specific and tailor-made purpose for security, and this seems like a really good and fairly cheap solution. I wish my government offered them as an alternative.
You could also imagine having them integrated directly into the phone, but with a physically separated button or fingerprint reader to authenticate. The TAN generator could even have the ability to override the display to replicate the UX of authenticator apps.