By now, it would seem every American who touches a keyboard hasbeen scared silly by reports of online fraud and the risks of doingbusiness over the internet, but an even more insidious electronicthreat has made its way onto the national landscape – ATMskimming.

Yes, never mind the murky world of viruses and trojans andhijacked web browsers. Many of today's cyber crooks arecompromising consumers by way of the ATM, and while industryestimates vary, some put total card skimming losses at $8 billion ayear.

There is a solution in the offing known as the “chip card,” andeven as the developing world has widely deployed this technology,the U.S. lags behind as ATM fraudsters step up their game.

Skimming involves tampering with the ATMs by attachingcounterfeit card readers and pinhole cameras in order to pilfercredentials. The alterations are so convincing the ATM usershave no idea they are literally giving away the keys to theiraccount. Once the stripe data is captured and the PINdisclosed, the criminal merely cuts cards of his own and, aftercollecting numerous accounts, withdraws funds or makes multipledebit purchases, often in a single, sustained campaign ofwithdrawals known as a cash out.

Not only is there an underground trade in skimming devices, butcriminals can now fashion their own readers, thanks to the adventof 3D printing. This new technology literally putsmanufacturing in the hands of hobbyists, who often target the samemake and model of ATM in order to reuse their parts.

A recent report by FICO, a financial analytics service, claimsthat ATM fraud increased in 20 U.S. states last year, withCalifornia and Florida hit particularly hard. One reason,notes FICO, is the low cost of skimming devices and theiravailability to the amateur market. Of course, “amateur” is arelative term in the card fraud game, where international skimminggangs are often involved, notably from Romania and other formerSoviet countries.

The bank card industry, seeking to put a stop to these risinglosses, is moving aggressively to deploy an embedded smart chiptechnology that will replace the iconic magnetic strip in use sincethe 1960s. Known as EMV (Europay, MasterCard and Visa), thecard relies on an encrypted, dynamic verification value thatchanges with each transaction, thus depriving the skimmer ofcredentials that can be used in multiple machines.

Nearly half the world's payment cards are chip enabled, andwhile even the best security technology can be circumvented bymotivated criminals, the EMV chip has demonstrated promisingresults. In Europe, where its use is most prevalent, EMVtechnology has led to a 63% decline in ATM thefts.

This does not imply that the chip card thwarts every known cardexploit, such as online purchasing fraud, but smash and grabcredential theft has decidedly decreased in geographies where thetechnology is used.

The EMV chip has been slow to catch on in the U.S. Someindustry analysts suspect it is because retailers have not beenmotivated by a compelling business case in terms of fraud costsversus implementation costs.

Assuming there are some 400,000 ATMs deployed nationwide, eachwith an upgrade cost of roughly $2,000, the price of retrofit alonewill come in at just under a billion dollars, and replacing over abillion debit and credit cards could be anywhere between $2 and $10a copy.

If the costs have stymied any serious national resolve towardEMV implementation, there are numerous other implementationproblems that involve configuration and testing of the verificationnetworks. The most difficult technical hurdle deals with theApplication Identifier, the piece of code that determines whichpath the transaction will follow. This is a problem unique tothe U.S., where the law requires the consumer to have the choice oftwo unaffiliated payment networks for ATM transactions.

In trying to force something of a tipping point toward EMVadoption, Visa and MasterCard have published compliance mandates toATM owners and point of sale retailers that their technology mustbe compliant or they will be liable for the cost of thefraud. In as little as three years, EMV will be less of achoice and more of a business imperative if the liability mandatescome to pass.

The prevailing worry among analysts and authorities is that thefurther behind the U.S. lags in EMV deployment, global skimminggangs will direct more of their effort and attention toward thiscomparatively vulnerable market.

Whether or not the U.S. becomes the global epicenter for cardfraud remains to be seen. Either way, there are forces inplay that may soon make the magnetic stripe a museum piece and giveATM consumers a fighting chance against a low-tech attack that hasfound an unfortunate foothold in this country.

Wes Andrues isa risk manager for DellSecureWorks in Atlanta.