Embedded card reader security

What is claimed is: 1. A method, comprising: configuring a point of sale (POS) application installed on a mobile device to utilize an embedded card reader (ECR) of the mobile device; configuring the POS application to utilize a touchscreen display of the mobile device; configuring the POS application to: receive, based at least in part on an interaction between the ECR and the mobile device, a personal account number (PAN) from the ECR; send the PAN to a payment processing service that is remote from the mobile device; and receive an personal identification number (PIN) from the touchscreen display; receiving, at the POS application and based at least in part on the interaction between the ECR and the mobile device, the PAN for a transaction; sending the PAN to the payment processing service along with a default PIN associated with the payment processing service; removing, by the POS application and based at least in part on sending the PAN and default PIN to the payment processing service, the PAN from the mobile device before requesting the PIN; rendering, based at least in part on the PAN being removed from the mobile device, a PIN user interface; receiving, at the POS application and utilizing the PIN user interface, the PIN; and completing the transaction based at least in part on receiving the PAN and the PIN. 2. The method as claim 1 recites, further comprising: receiving, from a payment processing service, a request for the PIN; and wherein removing the PAN from the mobile device is in response to receiving the request for the PIN. 3. The method as claim 1 recites, further comprising: causing, after receiving the PAN, a trust routine to be performed in association with the mobile device, the trust routine configured to determine whether the mobile device has been tampered with; determining that the trust routine indicates the mobile device has not been tampered with; and wherein requesting the PIN is in response to the trust routine indicating the mobile device has not been tampered with. 4. The method as claim 1 recites, wherein: receiving the PAN comprises receiving the PAN at a trusted execution environment (TEE) of the mobile device; and the PIN is received outside the TEE of the mobile device. 5. The method as claim 1 recites, further comprising: receiving an indication that user input is received that corresponds to the PIN; and wherein completing the transaction is based at least in part on the indication. 6. The method as claim 1 recites, wherein receiving the PAN comprises receiving encrypted first data representing the PAN from the ECR, and the method further comprises: sending the encrypted first data to the payment processing service; receiving encrypted second data representing the PIN; and sending the encrypted second data to the payment processing service. 7. The method as claim 1 recites, further comprising: receiving encrypted data representing the PIN; sending the encrypted data to the payment processing system; receiving, from the payment processing system, an indication that the PIN, as decrypted by the payment processing system, is authorized in association with the PAN; and wherein completing the transaction is based at least in part on the PIN being authorized in association with the PAN. 8. The method as claim 1 recites, wherein the POS application comprises a first application, and the method further comprises: receiving the PIN at a second application configured to prevent communication between the second application and the first application; and sending the PIN from the second application to the payment processing service. 9. The method as claim 1 recites, wherein removing the PAN from the mobile device comprises: identifying data representing the PAN as stored in relation to the POS application; and causing the POS application to delete the data representing the PAN. 10. The method as claim 1 recites, further comprising: determining the default PIN associated with the payment processing system based at least in part on the payment processing system being integrated with the POS application to conduct transactions; and generating the default PIN. 11. A device, comprising: one or more processors; and non-transitory computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: configuring a point of sale (POS) application installed on the device to utilize an embedded card reader (ECR) of the device; configuring the POS application to utilize a touchscreen display of the mobile device; receiving, at the POS application and based at least in part on an interaction between the ECR and the device, the PAN for a transaction; sending the PAN to a payment processing service along with a default PIN associated with the payment processing service; removing, by the POS application and based at least in part on sending the PAN and default PIN to the payment processing service, the PAN from the mobile device before requesting the PIN; rendering, based at least in part on the PAN being removed from the mobile device, a PIN user interface; receiving, at the POS application and utilizing the PIN user interface, the PIN; and completing the transaction based at least in part on receiving the PAN and the PIN. 12. The device as claim 11 recites, the operations further comprising: receiving, from a payment processing service, a request for the PIN; and wherein removing the PAN from the device is in response to receiving the request for the PIN. 13. The device as claim 11 recites, the operations further comprising: causing, after receiving the PAN, a trust routine to be performed in association with the device, the trust routine configured to determine whether the device has been tampered with; determining that the trust routine indicates the device has not been tampered with; and wherein requesting the PIN is in response to the trust routine indicating the device has not been tampered with. 14. The device as claim 11 recites, wherein: receiving the PAN comprises receiving the PAN at a trusted execution environment (TEE) of the device; and the PIN is received outside the TEE of the device. 15. The device as claim 11 recites, the operations further comprising: receiving an indication that user input is received that corresponds to the PIN; and wherein completing the transaction is based at least in part on the indication. 16. The device as claim 11 recites, wherein receiving the PAN comprises receiving encrypted first data representing the PAN from the ECR, and the operations further comprise: sending the encrypted first data to the payment processing service; receiving encrypted second data representing the PIN; and sending the encrypted second data to the payment processing service. 17. The device as claim 11 recites, the operations further comprising: receiving encrypted data representing the PIN; sending the encrypted data to the payment processing system; receiving, from the payment processing system, an indication that the PIN, as decrypted by the payment processing system, is authorized in association with the PAN; and wherein completing the transaction is based at least in part on the PIN being authorized in association with the PAN. 18. The device as claim 11 recites, wherein the POS application comprises a first application, and the operations further comprise: receiving the PIN at a second application config