[jdonnici]

In "Kingpin" by Kevin Poulsen [1], one of the key players made a lot of money by hacking into POS systems at "mom & pop" locations (restaurants, dry cleaners, etc).

Their surface area was "just enough" - they're online in order to run credit cards and early versions of the POS software kept the card details in local files. Once he was into their system, he had access to thousands of cards... when the cards were used fraudulently, it was very difficult to know how it'd been stolen because it was via lots of small breaches that never made the news.

Appropriately for this post... the POS software vendors eventually rushed to be compliant with new security standards (PCI?) and not store those details locally. But the store owners were reluctant to upgrade because the new software versions had an upgrade fee or, even when the upgrade was free, they'd have to pay thousands to their local consultant to actually perform the upgrade.

[1] - http://amzn.com/0307588696 ... Twitter-sized review: Pretty good book and it read like a technology novel at times. Will definitely get you re-thinking where/when your cards are used.