The fact that the gang's members were able to capture credit card transaction data suggests that the affected companies did not use end-to-end encryption in order to protect the data while in transit from their payment terminals to their payment processors.