There are several risks related to POS systems:
- Setting up a fake store to collect card numbers, not selling anything or promising to ship and not shipping. While this is possible with Mobile POS it can be done at much larger scale online. So, while I know for a fact this is a problem (for the providers rather than the consumers, since the providers take the ultimate cost if the merchant bails), it’s similar for offline and online POS (and actually harder to pull off offline).
- Rogue employee at a store or just a random person scanning cards: they would have to take hold of your card. Again, doable but really the same risk as the cashier double-swiping your card at the restaurant. Does make it a bit easier.
- Skimming: altering the reader is some way to look normal but collect your details to a separate database, using a physical add-on on the reader. Pretty common with ATMs. I wouldn’t say this is unique to mobile POS.
- Intercepting the communication at the reader, the device itself or the medium between the device and the service. Regular POS systems and ATMs can be attacked in the same manner. It’s arguably easier to get a mobile POS and reverse engineer it, but I really think it’s a small risk.
All in all I’d say mobile POSs are exposed to reverse engineering, can facilitate manual duplication of cards because they are easy to get, pose higher vendor risk to the provider of the POS and are arguably weak(er) when the reader is not encrypted. Most of these risks are shared with other POSs and, in my impression, do not render mobile POSs less safe for the consumer (barring common sense. Don’t hand your card to a suspicious guy at a street corner).