[eksith]

I once worked for a retailer which was connected via Megapath (they outsourced to whatever local ISP is available at the store location). The internet setup was so abysmal in security, in some cases the stores used wifi to connect to the front registers with the password being (not kidding) [storename:storenumber]. That's it.

These fools are getting caught doing elaborate plants. That's not how real criminals key log (btw, this is not a skimmer, but is a 'keylogger' as joenathan points out). Real criminals sit in the comfort of their car or nearby coffee shop and scan for open connections and insecure use of credentials.