The reason? Most ATM transaction data is not encrypted and can be more easily compromised when it is traversing an IP network compared to dedicated lines, according to a whitepaper from Redspin Inc., a security auditing company in Carpinteria, Calif.

"A number of bad scenarios can come out of this situation, the biggest being mass card theft," said John Abraham, president of Redspin, which released the white paper last month.

But ATM industry representatives said the issues raised by Redspin have been well understood for some time and that said several measures can be taken to mitigate the risks posed by the migration to IP networks.

According to Abraham, the situation is the result of a move by banks over the past few years to comply with regulations requiring them to convert electronic funds networks to the secure triple Data Encryption Standard (DES) from the older DES standard.

Many banks have used the opportunity to migrate ATMs from proprietary networks to open Transmission Control Protocol/Internet Protocol (TCP/IP) infrastructures, he said. For banks, such networks have proved to be easier to manage and less expensive than having a bunch of individual, dedicated point-to-point connections between an ATM machine and a processor, he said.