> how developers get around these problems
You need to have a separate screen and a separate button on the device. The main fields of the payment document are displayed on the screen, and if the user agrees, he presses the button, thereby giving the command to create an EDS.
If this is a smart card, without a screen and without a button, then there is no protection. The pin code is just a protection if the smart card is lost.

1. Nothing. The smart card is accessed via an API provided by the driver. If the malware has intercepted the PIN, then it can just as well perform operations with the smart card via the API. Everything can be done in the background.
2. Nothing. The smart card does not know if the document is valid or not. She is given the hash of the document, she encrypts it with her private key, and gives the result back. If you transfer the hash of the left document, then the smart card will encrypt it without additional questions.
Conclusion: the only advantage of a smart card is that it is impossible to extract the private key from it (if everything is configured correctly) and that when it is not in the reader, then nothing is physically possible to sign. And if the working environment is compromised and the malware has a PIN and access to the API, then as they say: “There is no reception against scrap.”
All of the above applies to ordinary smart cards, for Java cards you can add an applet with tricky logic, then just the API may not be enough for signing. This is a protection option, but requires additional actions on the part of developers and client software.

pinpad.rutoken.ru/

But what about all sorts of certification centers, three-node authentication (or whatever they are called there) and all that?
Surely there must be a way.
For example, you can force a smart card to sign only those documents that are sent by the server. To do this, the document must be signed by the server (certifying authority) before signing with a smart card.

To solve such problems, Crypto-Pro has developed a "functional key carrier" technology . There is a mutual authentication of the hardware and software parts of the crypto provider.