Better bank security could have prevented $2.75bn in losses from the fraudulent use of ATM and debit cards, analyst firm Gartner has alleged in a newly published study.

The losses are the result of personal data obtained by criminals through phishing scams and keystroke logging software. The scammers use the stolen information to create cloned cards to withdraw money, or to raid online bank accounts.

Gartner estimated that about three million US consumers fell victim to phishing scams in a recent 12-month period, resulting in an average loss of $916 per incident. In most cases banks or financial institutions covered the losses.

The cloned ATM cards contain only the user's bank account number and Pin. The card is also supposed to carry security codes from the bank that issued the card which provide an additional layer of security.

Because the customer is unaware of the codes, criminals cannot obtain them through online attacks. But about half of ATM operators do not check the security codes when a withdrawal is made, according to Gartner research director Avivah Litan.

"Most of these institutions are unaware that they, or the outsourced ATM transactions processor they rely on, should be doing so," he said.

Gartner based its phishing damage projection on a survey of 5,000 adults in May.