[PeterisP]

I may be mistaken, but I thought that the PCI/DSS forbids using such devices (unencrypted transmission from the keypad), and if a merchant uses them then they're automatically liable in full for all such fraud; i.e., banks just refund all cardholders for their losses and bill that+card replacements to that merchant.

You save some $$ in hardware but take on risk.

[dangrossman]

There's no such rule. Virtually every internet gateway and mobile payment app lets you key in card numbers to make a charge. There is no encryption in your computer's keyboard. The first versions of the headphone jack swipers for phones (i.e. Square) didn't have any kind of encryption either.