×

Banks fighting back against card fraud

It seems like there's a cyber-hack story in the headlines every other day. But while merchants—and even the Internal Revenue Service—crack down on digital breaches, thieves are targeting another source of power: automatic teller machines.

That is spurring a broad movement to more secure methods of payment.

Crooks are stealing credit and debit card data from U.S. ATMs at the highest rate in 20 years, according to recent data from credit scoring firm FICO, and they don't seem to be slowing down.

Year over year, card skimming, in which thieves swipe user data, at bank-owned ATMs is up a dramatic 174 percent. At non-bank ATMs, compromises are up 317 percent. These numbers represent successful incidents.

Thieves who end up gaining cardholder information then create counterfeit plastic, with the potential to steal every penny out of a victim's bank account.

Fighting back with EMV

ATM banking
Juanmonino | Getty Images

The stakes are high because U.S. consumers make billions of dollars in ATM withdrawals every year. All that money is at risk—coming out of the pocket of major banks, and temporarily out of consumers' wallets.

Read MoreSmaller merchants prepare for fraud-proof cards

Not only is revenue being wasted away, but consumer loyalty also is on the line.

Unisys Security Insights released a 2014 study that found 59 percent of Americans fear bank card fraud, which was more than fear terrorism. The two top concerns on the list were payment card fraud and identity theft.

Fighting back against losing customers and money, banks and organizations are facing the frailty in the ATM process head on.

JPMorgan Chase and Bank of America are beginning to install more advanced machines. In August, FICO introduced Consumer Fraud Control, which enables banks to allow their cardholders to configure card usage controls and transactional alerts via the bank's mobile app. (FICO tracks incidents via the service it uses for financial institutions. These firms represent more than 65 percent of all U.S. debit cards.)

Read MoreWhy more American families don't want to use cash

As banks are encouraged to invest in skimming-detection software and services, the migration from magnetic-stripe payment cards to EMV-compliant cards is in full swing. EMV refers to Europay, MasterCard and Visa, the computer chip standard created by the three companies that replaces the magnetic stripe found on traditional credit and debit cards.

The traditional magnetic stripes contained unchanging data, making the card sensitive and vulnerable. EMV chip technology helps to reduce card fraud and enables transactions across contact and contactless channels.

Unlike magnetic stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that can't be used again.

Read MoreSmarter credit cards befuddle small businesses

The debate over EMV card issuance began in May 2010. According to BankInfoSecurity, a changeover comes with a price tag of about $8.6 billion in point-of-sale terminal replacements, EMV card issuance and ATM upgrades.

By 2014, 120 million EMV-compliant chip cards had been issued in the US, with JPMorgan, Citigroup and U.S. Bancorp, banks that provide debit cards for government benefits, becoming leaders in the EMV migration. Separately, Apple launched its pay service, which boasts easy use and secure transactions.

Read MoreApple, and the war over your wallet

Megan Shamas, speaking on behalf of the EMV Connection, believes the U.S. is indeed ready for a shift-away from magnetic stripes.

"The payments industry is showing a real commitment to issuing and accepting chip cards. The Forum believes that half of cards will be chip-enabled by year end and retailer acceptance will continue to expand as well," Shamas said.

Shamas pointed to the latest example of retailers embracing the new technology—–Target. The retailer announced that all of its stores are ready to accept chip card payments.

Meanwhile, the clock is ticking on merchants to make the transition to more secure technology.

The liability date for fraud that results because of non-EMV compliant cards of point-of-sale terminals is October, meaning that retailers have until then to begin using card readers, or be liable for fraudulent charges.

After that point, fraudulent charges will be the responsibility of either the merchant or the bank, whichever institution has the least advanced technology.