Re: (part of) the solution
Most Card Payment software is certified to PCI/DSS standards. Even if the Operating System is not up date with patches- though this is recommended- as long as you put ‘adequate compensating controls’ around this you are fine.
Point to Poiint Encryption -P2P between PED (Chip and Pin device) and Bank Acquirer is the norm these days, with tokenised card details, little in logs securing it. No Mag Swipes on tills with leaky data anymore on tills - built into chip terminals or just bit at all anymore..
Unfortunately older software - opted in North America.is not quite their yet hence the repeated problems there. I can’t think of any UK retailer with POS Tills that has had any Card Payment breaxh in recent memory.