Nonsense. I can physically give you an ATM machine, but that won't enable you to access the accounts of the bank's customers.
Same goes for a POS terminal. You can buy one on eBay right now, but that won't give you access to the data that you want on someone else's network, even though you clearly have full physical access to it.
In short, claiming that physical access defeats security is just baby-talk for admitting that **your** own security is child's play.
Same goes for spouting off about needing big, long, complex passwords. POS terminals (and ATMs for that matter) only require a 4 digit password, yet the posters on this thread clearly can't get through that level of security due to the **architecture** involved.
So here's a tip: if you can't guarantee the physical secuirty of a PC, POS terminal, or ATM, then you simply don't place valuable data onto said "vulnerable" machines.
Store such data somewhere else. Somewhere safe.
That's how banks do it today. Steal an old ATM, drill through its armour, boot up the ancient AT&T 3B2 inside with any startup disk that you want, it still won't give you access to all of the customer accounts of any bank, even though said machine has its physical access compromised and even though said machine only asks for a simple numeric 4 digit password.
It ain't the tactics, people; it's the architecture.