The key to it is that point-of-sale terminals developed by SAP and Oracle have no encryption or authorization procedures to prevent the price database being modified from within the store’s own network. The attack does require physical access to the …