The Target data breach has sparked more awareness of card security issues, but nearly 90% of U.S. consumers responding to a Phoenix Marketing International survey don't know much about the EMV-chip cards Target and others are adopting to deter counterfeiting.
In addition, consumers don't trust contactless or mobile wallet payments through smartphones, preferring the security method of using a PIN with a plastic card, according to Phoenix Marketing's recent research on credit card security and the impact of chip-based cards.
Phoenix Marketing surveyed 3,009 U.S. consumers during the first quarter of 2014. Of those surveyed, 94% say they are aware of the Target breach, making it a "watershed event" in data security, says Greg Weed, director of card research for Rhineback, N.Y.-based Phoenix Marketing.
"With all of the high visibility [of security breaches], it has fazed consumers to a large extent, as about half are very concerned about the issue," Weed says.
Target announced this week it would offer chip-and-PIN MasterCards early next year, making it likely consumer awareness of chip-based cards will increase. While many U.S. consumers say they are not familiar with EMV cards, 64% rated the technology as "very important" after learning about it.
When Phoenix provided a description of EMV technology, it did not "over-promise" its security capabilities, Weed says. "Some people are saying it can completely wipe out fraud, but in us taking a very modest approach in describing what it can do, I was surprised that the chip card was perceived as important as it was."
EMV cards improve security primarily by making it harder to clone plastic cards. They do not provide additional security for card-not-present transactions, such as e-commerce sales. Although EMV cards are typically used with a PIN, in the U.S. many issuers are opting for a chip-and-signature approach, which is easier to deploy.
Chip-and-PIN transactions were "widely preferred" over other transaction authorization methods with 32% indicating they would choose that option for security and convenience. Twenty percent chose chip-and-signature, while mag-stripe and PIN had 10% support and mobile wallet and PIN was lowest at 3%. Some consumers, at 12%, felt none of the options were secure enough, while 25% said they were all about equal.
"I think it surprising when you look at their perceived security to every day transactions," Weed says. "There is a very big gap there, from top to bottom, and a lot of room for improvement."
Some indifference to card security is evident from those respondents who felt no methods were secure, or all were about the same, Weed says.
"It is noteworthy, however, that the perception of security for NFC (Near Field Communication) and mobile wallets is very low," Weed says. "That is really the least preferred way of doing a transaction."
Those in the payments industry pushing NFC technology for mobile and contactless payments will have to overcome this consumer resistance, Weed says.
In rating prevention measures, half of the respondents feel credit card companies are doing enough to prevent fraud, but only a third said merchants and the federal government do enough.
Data breaches have caused only 19% of respondents to change their primary payment card, the report says.
Because the survey focuses on consumer perception of card security, it is clear that
"high-profile breaches scare consumers," says Leon Majors, head of the payments practice at Phoenix.
If a consumer is offered at least a partial solution, such as a chip-based card, they will perceive it favorably, Majors says.
However, a company betting on mobile phones for security may have a tougher sell.
"When the consumer expects to lose their phone and they write their PIN on a piece of paper on the back of the phone, they know that's not secure," Majors says. "It's a marketing perception you are dealing with."
As the U.S. moves to EMV smart cards, it is generally understood that fraudsters will likely move their attacks to e-commerce.
Whether consumers understand that potential scenario or not, 23% say they feel making online purchases by entering a PIN after providing an EMV cards account number, expiration date and security code would provide the most convenience and security.