European card data might also be stolen and sent abroad for fraud.
The wide availability of point-of-sales (PoS) malware kits is likely to make this year’s Christmas shopping a dangerous prospect for Americans, according to the security company Symantec.
Retailers are being warned that they are easy targets for hackers, with PoS malware now one of the biggest sources of stolen payment card data for hackers.
Symantec said: "While some retailers have enhanced security by implementing encryption on their POS terminals, others have not and retailers will continue to be a low-hanging fruit for some time.
"While the introduction of new technologies will help stem the flow of attacks, it will not eliminate fraud completely and attackers have a track record of adapting their methods."
PoS breaches have been an increasing trend in cybercrime this year in the US, with an estimated 100 million payment cards having been compromised during the large breaches against retailers Target and Home Depot, among others.
While the EMV technology adopted in Europe is thought capable of ending the era of large breaches, Symantec is still warning customers that their details might be stolen through card-skimming or online shopping hacks and used abroad in countries that have inferior payment security.
"Some retailers are rolling out encryption on their point-of-sale networks to prevent memory scanning, which is encouraging," Symantec added. "However, attackers have a tendency to adapt and evolve, and will no doubt look to circumvent these additional countermeasures."