There are probably many different ways to approach an internet cafe.  AV on the client systems is a must.  Then again if you are using non-Microsoft based systems, you can alter your plan.  A system being down is money not being made I would gather.  So to ensure up-time, why not Wyse Terminals that talk back to vmware Virtual Desktop Infrastructure?  or hell something that boots into live USB/CD things.  Nothing is persistent and all you need is a shell of a system to run them.  Again, all depends on what you are looking to serve out of the cafe. 

If you go with full bore MS Windows, keep a clean image of the client so you can quickly bring up a system in the event of corruption.  Use a managed anti-virus solution such as Symantec Endpoint Protection.  Create a minimal Firewall and IPS policy for the clients to prevent spread of malware from a compromised system.  All of this depending on your budget.  There are more budget friendly products out there.  I believe Trend Micro's enterprise AV is fairly cheaper than Symantec.  There also may be small business level products that support 50 or less systems at a much better cost ratio. 

If you want to see what is going on in the network, putting in an Open Source Security solution could be an option.  Remember you are serving the internet as a service.  So you don't want to hamper that service too much.  You definitely want to lock down the POS system you will be using, so you might want to check around the globe to see what products are out there and how they may be configured.  What better way to capture CCs than at the source of their use?