From passwords that have not been changed in almost ten years, to default remote administration protocols that are not protected via poor cryptography, Byrne and Henderson showed how these vendors put everybody at risk of being a victim of card fraud.
Here are the slides. Proceed with caution, this is highly disturbing.