Should I expect new botnets from online checkout?

As is known in Russia, entrepreneurs in connection with the FZ-54 hastily display their cash registers online and connect to fiscal data operators via the Internet.

Some of these entrepreneurs are small enterprises and service points that do not have the technical staff of IT specialists or their own IT knowledge.

Obliged? So connect.

One acquaintance asked out of the corner of his eye to see what problems were happening with a recently connected online checkout. The technique slowed down and hung.

To fulfill the requirements of FZ-54, he purchased a POS terminal to which a fiscal registrar is connected. Data output went, as usual, to the fiscal data operator via the Internet.

The settings were made, as it turned out, by the equipment supplier via the same Internet, using the wonderful TeamViewer remote support utility.

They tucked the cord extended by the provider. Everything worked, everyone is happy.
But something went wrong.

As it turned out, windows xp embedded is hidden inside the equipment, which began to shine with standard windows ports directly on the Internet. Immediately on the terminal, a variety of viral animals began to breed. It was fruitful until the computing power sank and freezes began.

As a result, an additional firewall was purchased and a special antivirus that could work on this version of XP was hired once by a person who made the necessary settings, a private problem of a small entrepreneur was solved.

And now the question is? Why is that? Who should provide protection? Manufacturer or entrepreneur? Or maybe the fiscal data operator? Attempts to find requirements for the protection of client infrastructure during the transfer of tax reporting, ala PCI DSS, have failed.