With around 10% of US fraud victims having their details used to make withdrawals at ATMs, banks need to beef up their machines' security, according to a report from Javelin Strategy & Research.
Of these victims, nearly a quarter dump their financial institution, says the research firm, which collected data from 3294 Americans online and 4874 by phone.
Javelin says criminals have long been skimming consumer PINs by stealing ATMs and installing card readers and fake machines but they are now also employing new techniques. These include manipulating ATM software, posing as consumers wanting to change their PIN and sending out false mobile text alerts with requests for personal information.
This has contributed to nearly one in five fraud victims having their credit card or debit card ATM PIN information stolen in 2009, a considerable increase over 2008.
In addition, Javelin warns that fraudsters may increase their attacks on US cash machines as neighbouring countries such as Canada and Mexico migrate to EMV chip cards.
The report also notes that consumers are not consistently protected on ATM PIN losses. Bank of America, Chase, Citibank and Wells Fargo are among the leaders covering debit ATM PIN losses but, in general, other institutions cover PIN transactions at the register or online, but may not necessarily do so at the ATM.
Robert Vamosi, analyst, risk, fraud and security, Javelin, says: "US financial institutions should consider this a cautionary tale and learn from it. They can reduce their own losses, build consumer trust and slow the exodus of defrauded customers by adopting progressive security technologies, covering ATM PIN losses and educating consumers."