Assuming that someone managed to not only walk off with the device from a retailer but were also able to gain access to the device itself. What kind of data could be harvested from the device?
First things first; the card data is encrypted on read and the device will soon be PCI certified. So none of the card data will be accessible to anyone on the device.
The transaction data (amounts, items, transaction statuses, etc) is managed by the PoyntOS (owned by Poynt). That data has the necessary authentication and authorization around it to prevent just anyone with the device from having access to it. Only a merchant user logged into the app and with the appropriate level of privilege will be able to access the data.
Finally, 3rd party applications will go through a strict vetting process and will be signed. Therefore, it will not be possible for some fake app to work on the device. Also, PCI requires us to constantly monitor the installed application for any kind of tamper.
The transaction data (amounts, items, transaction statuses, etc) is managed by the PoyntOS (owned by Poynt). That data has the necessary authentication and authorization around it to prevent just anyone with the device from having access to it. Only a merchant user logged into the app and with the appropriate level of privilege will be able to access the data.
Finally, 3rd party applications will go through a strict vetting process and will be signed. Therefore, it will not be possible for some fake app to work on the device. Also, PCI requires us to constantly monitor the installed application for any kind of tamper.