Thanks in large part to the adoption of EMV technology, card fraud has been on the decline in the European Union but it still pulls in around EUR1.5 billion a year for criminal gangs, says Europol.
The figure comes from a report published to coincide with the opening of a new European cybercrime centre under Europol's jurisdiction, which will be the EU's focal point in fighting online crime carried out by organised gangs.
The report shows that despite rising numbers of credit and debit cards - now standing at more than 726 million - in the EU, domestic card-present fraud has been gradually falling since 2008 thanks to widespread adoption of Chip and PIN.
However progress is being undermined by a sharp increase in the level of illegal transactions overseas as crooks target cash machines and payment terminals in EMV-less places such as the Dominican Republic, Colombia, Russia, Brazil, Mexico, and, crucially, the US.
Consequently, in 2011, almost all fraudulent face-to-face transactions with EU cards took place overseas. The problem of illegal transactions in the US has been reported to Europol by all 27 EU member states.
The ultimate answer to this problem would be the implementation of the EMV standard on a global level, including making US merchants compliant, says Europol, adding that "specific discussions on that are currently ongoing, however it is difficult to predict if, and when, the final stage of compliance might be reached".
In the meantime, the report backs 'geoblocking' - deactivating the mag-stripe and making cards chip-only. Having become the first country to introduce this, Belgium has seen skimming losses fall to nearly zero, says Europol.
The organisation admits though that geoblocking has its drawbacks, with users required to get their cards activated every time they visit a non-EMV compliant country.
Meanwhile, card-not-present fraud is on an upward trend, accounting for around EUR900 million of the EUR1.5 billion. Credit card information and bank account credentials are some of the most actively traded 'goods' on the Internet's underground economy and this stolen data is used to create cloned cards which are used to make online purchases with EU suppliers, says Europol.
Most of the credit card numbers misused in the EU come from data breaches in the US and while investments by EU industry in the 3D secure protocol have helped, not all transactions are protected with it on an EU or worldwide level.
To help it tackle the increasingly global nature of fraud, Europol is asking for new rules to enable it to work with non-EU police forces and a special mandate to dismantle criminal rings around the world. Common European legal systems for the security of online retail payments, as well as the mandatory reporting of financial data breaches, should also be considered, it recommends.