Since it was a targeted attack (sorry) on the in store registers/scanners sounds like someone had access to a master controller server that updates all the stores registers. Push down a bit of code, install code, run code. Probably sent a copy of the card info to an offsite storage location as each transaction took place.
Of course I'm guessing since I'm not a talented security bod, but this doesn't strike me as the sort of casual scammer or anon attack vector. Until proven otherwise I'd say at the very least they were very familiar with the inner workings of the POS systems / software.
For once I guess being dirt poor and unable to obtain credit / bank accounts pays off.