Once again, it's important to note that the individuals collecting user information and hijacking their credit cards aren't necessarily master criminals: they could be ordinary people you witness every day. This is part of why anyone using POS credit card processing owes it to themselves to obtain their system from a reputable vendor and constantly check it for exploitable mistakes or malware.
In one recent case reported by the New York Times, it appears that the main perpetrators responsible, a couple living in the Bronx, used their own privileged access to user information to start taking advantage of others' finances.
Clyde Forteau and Amanda Zieminski, have been charged with stealing hundreds of thousands of dollars from patients at the hospital where Zieminski worked. Although the crime seems to have been ongoing for years, only recently have authorities made the arrest, partially spurred on by the high level of documentation the couple made of their spending. This included a trip to Disneyworld and other instances of extravagance.
Their method of operating reportedly involved requesting credit and debit cards from banks using stolen data and then intercepting the replacement cards once they arrived. Three others were included in the charges, including Jerome Forteau, Clyde's brother.
Sophisticated criminal practices like this can go on for some time without anyone being the wiser. Any store employing point of sale credit card software can keep an eye out for potentially shifty customers and do their best to make sure all of their clients' most sensitive payment information remains secure and stable.