Consumers have long resisted security hardware such as one-time password tokens, as these devices typically slow down the payment process. But shoppers may finally be willing to give up a little convenience for some peace of mind.
Many consumers have misguided perceptions about how well-protected their financial data is, so they may not trust security methods that they can't see.
"For consumers, it's really about managing the perception of security," said Rick Oglesby, a senior analyst and consultant at Double Diamond Payments Research.
As a result of 2013 and 2014's many high-profile data breaches, consumers are especially concerned about whether their payment data is going to be safe. The shift to EMV-chip cards, which are designed to deter counterfeiting, may go a long way toward easing those fears despite not fully protecting all consumer payments.
"EMV would not have prevented the recent high profile merchant breaches at Target, Michaels, etc.," Oglesby said. "However EMV already has been and increasingly will be marketed to consumers as the solution to that problem as retailers try to manage the perceptions of security versus insecurity."
EMV technology doesn't affect e-commerce, and many predict fraudsters will shift their attention to the Web as security improves at the point of sale. This, in turn, could spark fresh demand for security hardware that can protect card-not-present transactions.
"There was some momentum in the industry to have an EMV attachment that you plug into your PC device," said Bob Lowe, vice president of business development at Shift4, a payment gateway that does a lot of business in Canada. But "if I had to have a hardware device for all my devices I'd find that limiting," he said.
In Europe, consumers are given a USB device that plugs into a personal computer and reads the chip on an EMV card when the consumer makes a purchase. U.S. card executives will not deploy these devices, as there's a perception that U.S. consumers will not tolerate this level of friction, said Julie Conroy, a senior analyst at the Aite Group.
However, hardware devices have been a popular security mechanism for Bitcoin. Trezor, PRISMicide and Armory Technologies are building small, add-on hardware for Bitcoin storage and protection. Many companies that create these products say they are marketing to tech-savvy consumers that have a large amount of Bitcoin and transact on a regular basis.
But hardware-based security hasn't worked for every Bitcoin company. RoboCoin, a Bitcoin ATM provider, launched its bidirectional machines with Fujitsu's palm vein scanners, but is eliminating the need for biometric authentication because the process caused unnecessary friction. New RoboCoin machines will not be built with palm-scanning hardware.
Biometrics is slowly creeping into the payment process, particularly in the example of Apple's Touch ID fingerprint authentication for Apple Pay. While the biometric layer may be redundant and easy to fool, fingerprint authentication gives consumers that tangible sense of security, and other handset makers, such as Samsung, are adding fingerprint readers to their own devices.
MasterCard partnered with Zwipe in October to build high-tech cards with fingerprint authentication right on the front. The card network is also working with Royal Bank of Canada to test Bionym's Nymi wristband, which uses a built-in heartbeat sensor for authentication.
Companies like BioCatch and NuData analyze the way consumers interact online, from mouse movements to keystrokes. When these systems detect deviations they alert their merchant or bank partner of suspicion.
However, biometric technology is at odds with the U.S. consumer habit of sharing payment accounts with family members, such as the parents who give their son or daughter their debit card to go grocery shopping, said Lowe.
"The question is, how do you manage the [payment] process in a way that doesn't restrict the commerce flow?" said Lowe. The financial services industry is still trying to figure out the right mix of technologies to balance security and convenience, he said.