[Sami_Lehtinen]

It seems that many people are really confused about this stuff. Because if PA-DSS standards are followed, the PC doesn't ever get any actualy credit card data. Yes, it's possible to backdoor / modify / infect / re-firmware or what ever the actua POS terminal, but it has nothing to do with the POS PC. POS terminals are independent systems with their own ram, keyboard, networking, processors, firmware, operating system, and software. I just made credit card transaction, here's all data what the PC get's from the credit card terminal. B2A8AAA4-6585-4D97-8AF7-C2DE0A617E3B for 40€ is successful. So? Feel free to abuse that information, if you find way to do so. So when ever writing stuff like this, it would be very smart to mention if the attack is targeting the PC or the actual POS terminal.