I believe modern card readers for at least MC/Visa use some form of encryption, but for backwards compatibility the central offices also work unencrypted. In the hotel I used to work in, the card reader certainly didn't encrypt.
My fiance regularly configures remote EFTPOS (Electronic Financial Transcation at Point Of Sale) terminals from her job in the 24 hour answer centre of a major bank in this state, and when she is doing so she reads a "public key" off the screen to for the vendor to key into the unit. Sounds very much like some sort of assymetric session key exchange to me, and I'd lay money on the symmetric cipher behind that being DES. Apparently there is also an Australian Standard for the ecryptographic exchange of pin numbers, and I know that DES is also sanctified in an AS (and recommended by DSD, who even now still consider DES "appropriate" for the banking industry). Ian.