But many machines in countries in countries that don't use chip-and-PIN won't check for the chip and rely solely on the magnetic stripe and PIN to authorize the transaction.

While banks have taken measures to make their ATMs more resistant to skimming and educate consumers on how to notice tampered machines, there are variety of other weaknesses in ATM systems, ENISA said.

"ATMs often now use publicly available operating systems and off-the-shelf hardware, and as a result are susceptible to being infected with viruses and other malicious software," ENISA said.

Many machines run on Microsoft's Windows operating system. Patches have to be tested and licensed by the manufacturer of the ATM, making an additional obstacle in keeping the machines up to date. It increases the chance that ATMs -- which often have unencrypted links with banks' back-end systems -- are more vulnerable to worms and malware. For example, some Diebold ATMs became infected with the Slammer worm in 2003, ENISA said.

Earlier in the year, some sophisticated malware was discovered on ATMs in Eastern Europe. It recorded the magnetic stripe information on the back of a card as well as the PIN (Personal Identification Number). The collected card data, which was then encrypted, could be printed out by the ATM's receipt printer. That printout could be obtained through a hidden software control panel displayed after the thief inserted a special card into the machine.