POS malware is stealing the required card data.

One more reason outsourcing software dev to overseas entities is a really bad idea. How does any company even know what actually gets put into POS devices sold all over the world. Card info-stealing code could be lurking in most POS devices by now for all we know.