This is really ugly. If criminals have managed to use the manufacturer's maintenance access to remotely install card-skimming software into point of sale terminals worldwide, then nothing is safe.
All the more reason to use a merchant's chip reader or Apple Pay wherever possible. These technologies work with device-specific account numbers, one-time pads and encryption to make it difficult (if not impossible) for a captured transaction to be used to create a fake card or initiate new transactions. (I am aware that there are many more virtual-card technologies in use but I don't know enough about them to have an opinion about their security.)