Embedded card reader security

What is claimed is: 1. A device, comprising: one or more processors; and non-transitory computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: configuring a personal account number (PAN) application installed on the device to utilize an embedded card reader (ECR) of the device, wherein the PAN application is configured within a trusted execution environment (TEE) of the device, and wherein components within the TEE are isolated from components outside the TEE; receiving, at the PAN application and based at least in part on an interaction between the ECR and the device, a PAN for a transaction; sending, utilizing the PAN application, the PAN to a payment processing service; in response to determining that the PAN has been received at the payment processing service, causing a personal identification number (PIN) application residing on the device to render a PIN user interface, wherein the PIN application is configured outside the TEE of the device, preventing communication between the PIN application and the PAN application; receiving, at the PIN application and utilizing the PIN user interface, a PIN; sending, utilizing the PIN application, the PIN to the payment processing service; and completing the transaction based at least in part on an indication from the payment processing service that the PAN and the PIN have been accepted. 2. The device of claim 1 , the operations further comprising removing the PAN from the device in response to sending the PAN to the payment processing service. 3. The device of claim 1 , the operations further comprising: receiving, from the payment processing service, a request for the PIN; and removing the PAN from the device in response to receiving the request for the PIN. 4. The device of claim 1 , the operations further comprising removing the PAN from the device, wherein requesting the PIN is in response to removing the PAN from the device. 5. The device of claim 1 , the operations further comprising: causing, after receiving the PAN, a trust routine to be performed in association with the device, the trust routine configured to determine whether the device has been tampered with; determining that the trust routine indicates the device has not been tampered with; and wherein requesting the PIN is in response to the trust routine indicating the device has not been tampered with. 6. The device of claim 1 , the operations further comprising: in response to requesting the PIN, receiving an indication that user input is received that corresponds to the PIN; and wherein completing the transaction is based at least in part on the user input corresponding to the PIN. 7. The device of claim 1 , wherein: receiving the PAN comprises receiving encrypted first data representing the PAN from the ECR at the PAN application; and receiving the PIN comprises receiving encrypted second data representing the PIN at the PIN application. 8. The device of claim 1 , wherein receiving the PIN comprises receiving encrypted data representing the PIN at the PIN application, and the operations further comprise: sending the encrypted data to the payment processing service; receiving, from the payment processing service, an indication that the PIN, as decrypted by the payment processing service, is authorized in association with the PAN; and wherein completing the transaction is based at least in part on the PIN being authorized in association with the PAN. 9. The device of claim 1 , the operations further comprising removing, by the PAN application, the PAN from the device before requesting the PIN. 10. The device of claim 1 , wherein sending the PAN to the payment processing service further comprises sending a default PIN associated with the payment processing service. 11. A method, comprising: configuring a personal account number (PAN) application installed on a device to utilize an embedded card reader (ECR) of the device, wherein the PAN application is configured within a trusted execution environment (TEE) of the device, and wherein components within the TEE are isolated from components outside the TEE; receiving, at the PAN application and based at least in part on an interaction between the ECR and the device, a PAN for a transaction; sending, utilizing the PAN application, the PAN to a payment processing service; in response to determining that the PAN has been received at the payment processing service, causing a personal identification number (PIN) application residing on the device to render a PIN user interface, wherein the PIN application is configured outside the TEE of the device, preventing communication between the PIN application and the PAN application; receiving, at the PIN application and utilizing the PIN user interface, a PIN; sending, utilizing the PIN application, the PIN to the payment processing service; and completing the transaction based at least in part on an indication from the payment processing service that the PAN and the PIN have been accepted. 12. The method of claim 11 , further comprising removing the PAN from the device in response to sending the PAN to the payment processing service. 13. The method of claim 11 , further comprising: receiving, from the payment processing service, a request for the PIN; and removing the PAN from the device in response to receiving the request for the PIN. 14. The method of claim 11 , further comprising removing the PAN from the device, wherein requesting the PIN is in response to removing the PAN from the device. 15. The method of claim 11 , further comprising: causing, after receiving the PAN, a trust routine to be performed in association with the device, the trust routine configured to determine whether the device has been tampered with; determining that the trust routine indicates the device has not been tampered with; and wherein requesting the PIN is in response to the trust routine indicating the device has not been tampered with. 16. The method of claim 11 , further comprising: in response to requesting the PIN, receiving an indication that user input is received that corresponds to the PIN; and wherein completing the transaction is based at least in part on the user input corresponding to the PIN. 17. The method of claim 11 , wherein: receiving the PAN comprises receiving encrypted first data representing the PAN from the ECR at the PAN application; and receiving the PIN comprises receiving encrypted second data representing the PIN at the PIN application. 18. The method of claim 11 , wherein receiving the PIN comprises receiving encrypted data representing the PIN at the PIN application, and the method further comprises: sending the encrypted data to the payment processing service; receiving, from the payment processing service, an indication that the PIN, as decrypted by the payment processing service, is authorized in association with the PAN; and wherein completing the transaction is based at least in part on the PIN being authorized in association with the PAN. 19. The method of claim 11 , further comprising removing, by the PAN application, the PAN from the device before requesting the PIN. 20. The method of claim 11 , wherein sending the PAN to the payment processing further comprises sending a default PIN associated with the payment processing service.