ENISA published this paper (plus corrections to some of the reported annual loss figures) last September, describing the many ways that crime is being committed using ATM (Automatic Teller Machines - hole-in-the-wall cash machines to you and me). Techniques for stealing credentials range from hi-tech approaches using card skimmers and false-front ATMs (even completely bogus ATMs have been used) to lo-tech shoulder surfing and distraction robbery. If nothing else, print off their "golden rules to reduce ATM crime" (pages 24 & 25 of the report) and speak to your friends and family members about the simple recommendations to reduce your personal risks. I've just looked up my bank's emergency/lost-or-stolen card numbers and popped them into my mobile phone, for instance.
Brian Krebs recently blogged about ATM skimmers. I find various readers' comments on Brian's blog somewhat perplexing: some claim that chip-n-PIN is "too expensive" for the US, not least because chip-n-PIN is flawed. As long as this kind of bizarre head-in-the-sand denial persists, card crime will surely continue to increase from an estimated US$350,000 per day in the US alone (the US Secret Service's 2008 estimate). That's US$128m per year!