A lot of POS systems are entirely online based these days (even hip ones like Square https://squareup.com/sell-in-store). I haven't read anywhere that Target's POS were online, this was a forum where the author was demonstrating how his software worked and Target was not part of it. There haven't been a lot of details released, but from what's known now is that an online facing server was compromised and that was used as a hopping off point to get to the POS.
The days of phoning in with a 1200-baud modem or collecting embossed card impressions are long gone.
A typical small-shop retail arrangement is to have the POS terminals behind a NAT router which is behind another NAT router that also serves up the customer-convenience WiFi AP.
When a terminal wants to put through a charge, it simply makes an HTTPS request to the payment processor. One or two seconds later, the request comes back, declined or accepted and here's the approval code. At that point, the POS sanitizes away the credit card details and applies the credit tender. Enjoy your latte, ma'am!
To hack such a system, you need to get onto the POS LAN. E.g., maybe there's a store server on the with an SSH login, which you've uncovered after breaking into the corporate above-store network. Or maybe a disgruntled employee installs malware from a USB stick.
Then you exfiltrate the captured swipes, hopefully without leaving enough tracks to get caught. E.g., the malware periodically uploads the intercepts to some FTP site to which you can get access. Or, in the case of the disgruntled employee, it could simply involve dragging the files to the USB stick.
Between the store and the payment processor, we should be safe, given we're using HTTPS. However, payment processors have themselves been hacked. E.g., Heartland†.
