I have never ever seen an online payment processor that was capable of using a card reader to perform a transaction from a webpage (on a non-specialized device). I don't think there is even any established standard for using a smartcard from a website. WebUSB/WebNFC may work (although browsers have blacklists of vendor IDs to disallow access to e.g. Yubikeys, so at least some smartcards may not be accessible this way), but that's all experimental and questionable stuff.
It might've been possible someone had something like that in ol' good '00s with ActiveX, but that must've been surely an exception (and a security nightmare).
A card reader is a stand-alone device and has nothing to do with any web tech.
You put your ATM card in the device, enter your PIN code, and then the device has a tiny camera that scans the QR code on the web page. Next, you can see the transaction details on the device and confirm. It will then output a signing code which you enter on the web page.
It is what was commonly used in some EU countries before we switched to mobile banking apps. Most banks still supply them for when you do very large online transactions.
No it's much simpler than that. You either confirm the transaction on your phone with pin or FaceID, without the card involved. Or if the amount is too high (50k+ at my bank) or you don't have your phone, you use a small device provided by the bank.
The device reads your card, asks for the pin and then spits out a 2FA code to enter on the website or app. The old ones only did this code thing (usually with SMS as a backup way to get the code, but most banks have moved away from sms now). Some more advanced ones have a digital signing capability by taking a photo from a QR-like code on the computer screen and then displaying the signing code for you to enter.
These advanced ones are a bit out of use now that everyone uses the mobile app, except for business accounts and larger amounts like my bank's 50k limit on mobile app confirmation. But I don't regularly transfer more than 50k in one transaction anyway.
They're less common in the UK now mobile apps have taken over, but in the early 2000s banks would issue a standalone device to every customer. When making payments via online banking you'd put your card in the device, hit a button, and give it a code that the online banking page provided. The device then did some magic via the chip on your card to provide a code that you'd give back to the online banking site to validate that you were in possession of your card.
Some banks may have used this for 3D Secure during online card payments as well, but I've never encountered one. Validation for that in my case evolved from setting a password on my account, which they'd ask for some characters from, to tokens sent via SMS to my registered phone number, to a push notification from my bank followed by FaceID to authorise payment.
In person Chip & PIN, and more recently contactless, is ubiquitous. Magstripe payments are so rare I have to explicitly enable them in my bank's app for the card, and it'll turn itself off again 7 days later. I never encountered chip & signature until going to the US, where everyone in the group I was with looked at it like some sort of joke (and indeed it is, because there's no signature recorded against my card for validation).
Not everyone and it's not necessarily connected to the PC. Some card readers are, some aren't.
And there are two things that are not to be confused: electronic ID card readers (used for stuff like VAT tax filings, income tax filings, etc.) and debit/credit card readers (which may or may not be connected to the PC) used as 2FA (with a challenge/response). The ones that aren't connected to the PC generate a number which you then enter to confirm you login/order.
Many banks in the EU enforce at least one type of 2FA. The shittiest, most pathetic ones, still do it by SMS (but it's still 2FA and still better than nothing). Others use a card reader (in which you literally plug your bank card, which signs orders / challenge/response style and never leak the card's secret). Other give a physical RSA-like token with codes changing every x second. Others allow the use of an app on a smartphone to confirm transactions.
When I log to at least one of my bank I've got a list asking me which type of 2FA I'll use to log in and confirm payments. Card readers (two different types) are on the list.
I use that to log in, confirm wire transfer and buy stocks too.
