Not as easily. As I understand it, with Mobile BankID, the attacker goes to the bank web site and then asks the victim to authenticate with their BankID app.

With the real BankID, the computer accessing the bank web site needs access to the smart card. Exploitation is still possible of course, but the bar seems higher.

Understood, you can only login at the actual computer, not from anywhere. Should be mandatory for the elderly that are the most targeted victims.