Wouldn't the concern being redirecting the money to a different merchant account? Of course that would mean you are easily tracked down when found out but I'm sure you can find a way that some schmuck who doesn't actually know anything about you ends up with that role.
Then again, changing the merchant account is usually only protected by a numerical PIN so you wouldn't need root access. Maybe it would be to send the original requested amount to the expected merchant account but also do a separate smaller transaction to your own account?
The configuration of the settlement bank account happens at the processor. If you want to change it, you need to talk to customer service and fill out a PDF form, with signatures and other human verification processes.
If it were possible to change the settlement account via an online portal or similar, then you'd need the user login credentials for that portal. In which case, compromising the card reader has no additional value.
Then again, changing the merchant account is usually only protected by a numerical PIN so you wouldn't need root access. Maybe it would be to send the original requested amount to the expected merchant account but also do a separate smaller transaction to your own account?