Re: Don't get your hopes up
Many retail establishments are 'Mom and Pop' operations or small scale chains.
Whilst security is likely to be a matter of luck in smaller operations, these places aren't generally targets as such. Any competent criminal would focus on larger retailers because the exploits can be scaled up easily and quickly, and central data repositories exist to be worth raiding, with established markets for dirty data on the dark web. What they're after is data to sell on, so the more records they can seize, the more they make (and unless told, most people who's records are taken don't know until months after the event, if ever). So a few big, corporate targets are far more valuable than many tens of thousands of small retailers.
Absent a customer database, at the Mom & Pop (corner shop) scale, you'd have to steal individual payment card details perhaps through a physically hacked card reader, and I doubt that is worth the effort. The fraud will be detected more quickly by the victims, the payments processors will trace the store quickly and fix the breach. And if you're into this low rent area of crime, you'll probably (a) not be very good at it, and (b) be less capable of covert sale of the pilfered data, and so you're creating a track from your buyer back to you, the would be cyber crim.
Biting the hand that feeds IT
