In response to public security breaches many retailers have begun efforts to minimize or completely prevent the transmission of unencrypted credit card data through their store networks and point of sale systems. While this is definitely a great improvement over the previous state of affairs; it places the security of transactions squarely in the hands of credit card terminals purchased from third party vendors. These terminals have a security posture that is often not well understood by the retail chains purchasing them. To better understand if the trust placed in these devices is warranted, the attack surface and hardening of a commonly deployed credit card terminal series is reviewed and a discussion of reverse engineered security APIs is presented. Despite the reduced attack surface of the terminals and hardened configuration, attacks that allow recovery of magstripe track data and PIN codes are demonstrated to be possible.