Embedded card reader security

What is claimed is: 1. A method implemented by a point of sale (POS) application installed on a mobile device, the method comprising: determining, at the POS application, that a payment is to be received by a near-field communication (NFC) hardware component associated with an embedded card reader (ECR) of the mobile device; sending, from the POS application to the NFC hardware component associated with the ECR, a request to initiate the payment; receiving, at the POS application and from the NFC hardware component associated with the ECR, a personal account number (PAN) associated with a payment instrument; determining, at the POS application and based at least in part on the PAN being received from the NFC hardware component associated with the ECR, that a default code is to be utilized for sending with the PAN to a payment processing service instead of an account code associated with the payment instrument; generating, by a secure card reader code component, first data representing the default code; sending, from the POS application and to the payment processing service, first encrypted data including: the PAN; the default code; and an identifier of a transaction associated with the payment; removing, by the POS application, the PAN from the mobile device (i) after sending the PAN to the payment processing service and (ii) before requesting the account code; causing display of an input field requesting the account code associated with the payment instrument in response to determining that the PAN has been successfully removed from the mobile device; receiving the account code using a touch screen input received at the input field of the mobile device; generating a communication configured to be sent to the payment processing service, the communication including second encrypted data representing the account code and the identifier of the transaction without the PAN; sending the communication including the second encrypted data to the payment processing service; and completing the payment based at least in part on receiving an indication that the account code is accepted. 2. The method as claim 1 recites, wherein: sending the request to initiate the payment from the POS application to the NFC hardware component associated with the ECR comprises sending the request from the POS application to an intermediary application configured to communicate with the POS application and the NFC hardware component associated with the ECR; and receiving the PAN from the NFC hardware component associated with the ECR and at the POS application comprises receiving the PAN, at the POS application, from the intermediary application. 3. The method as claim 1 recites, wherein the POS application includes a payment card kernel, and the method further comprises: receiving, at the POS application and from the NFC hardware component associated with the ECR, payment card data associated with the payment instrument, the payment card data being unencrypted by the NFC hardware component of the ECR; and determining, by the POS application, the PAN utilizing the payment card data. 4. The method as claim 1 recites, wherein the POS application includes a payment card kernel, and the method further comprises: receiving, at the POS application and from the NFC hardware component associated with the ECR, payment card data associated with the payment instrument, the payment card data being encrypted by the NFC hardware component associated with the ECR; decrypting, by the POS application, the payment card data such that decrypted payment card data is generated; and determining, by the POS application, the PAN utilizing the decrypted payment card data. 5. A device comprising: a near-field communication (NFC) hardware component associated with an embedded card reader (ECR); one or more processors; and non-transitory computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: receiving, at a POS application and from the NFC hardware component associated with the ECR, a personal account number (PAN) associated with a payment instrument; determining, at the POS application and based at least in part on the PAN being received from the NFC hardware component associated with the ECR, that a default code is to be utilized for sending with the PAN to a payment processing service instead of an account code associated with the payment instrument; generating first data representing the default code; sending, to the payment processing service, first encrypted data including: the PAN; and the default code; removing, by the POS application, the PAN from the device before requesting the account code; causing display of an input field requesting the account code associated with the payment instrument in response to determining that the PAN has been successfully removed from the mobile device; receiving the account code using a touch screen input received at the input field; generating a communication configured to be sent to the payment processing service, the communication including second encrypted data representing the account code without the PAN; sending the communication including the second encrypted data to the payment processing service; and completing the payment based at least in part on an indication that the account code is accepted. 6. The device as claim 5 recites, wherein: the PAN, when received at the POS application, is encrypted as payment card data; sending the PAN to the payment processing service comprises sending the payment card data to the payment processing service; and completing the payment is based at least in part on the PAN, as decrypted at the payment processing service, and the account code being accepted. 7. The device as claim 5 recites, wherein: the PAN is encrypted as payment card data configured to be decrypted by an original equipment manufacturer (OEM) associated with the device; sending the PAN comprises sending the payment card data to the OEM with a request to decrypt the payment card data and provide the PAN to the payment processing service; and completing the payment is based at least in part on the PAN, as decrypted as the OEM, and the default code being accepted. 8. The device as claim 5 recites, further comprising a trusted execution environment (TEE), and the operations further comprising: receiving, at the TEE, payment card data including an encrypted version of the PAN; decrypting, at the TEE, the payment card data such that the PAN is identified; and wherein completing the payment comprises completing the payment utilizing the PAN as decrypted in the TEE. 9. The device as claim 5 recites, the operations further comprising: causing, prior to receiving the PAN, a trust routine to be performed in association with the device, the trust routine configured to determine whether the device has been tampered with in a manner indicating the device is unsecure for completing the payment; determining that the trust routine indicates the device has not been tampered with; and requesting, by the POS application, the PAN in response to the trust routine indicating the device has not been tampered with. 10. The device as claim 5 recites, the operations further comprising sending a request to initiate the payment from the POS application to an intermediary application configured to communicate with the POS application and the NFC hardware component associated with the ECR, and wherein receiving the PAN from the NFC hardware component associated with the ECR and at the POS application comprises receiving the PAN, at the POS application, from the interm