When surveyed, consumers will say security is far more important than convenience when making a payment — until they reach the checkout. Then convenience feels pretty good.
While nearly half of consumers express a concern about payment fraud, as many or more enjoy technology that makes shopping seamless.
The clash between security and convenience in the minds of consumers is most clearly illustrated through the use of one-click e-commerce payments such as Pay with Amazon checkout and PayPal One Touch, according to an Auriemma Consulting Group report on consumer perceptions.
Forty percent of respondents have used Pay with Amazon, while 20% said they have used PayPal One Touch. In rating convenience vs. security, 64% said one-click payments make the shopping process more enjoyable, while 63% said they make the online shopping experience more vulnerable to fraud.
Those numbers illustrate that security is important in the minds of consumers, but "while they think one-click payments may not be the safest, it is too convenient not to utilize it," said Jaclyn Holmes, senior manager of payments insights for Auriemma Consulting Group.
"When one-click payments first came out, I was concerned that the consumer would put in a password one time, and not have to change it for at least six months," Holmes said. "It's the same for someone who steals that card and uses one-click payments; they don't have to worry about a password change for six months."
Auriemma surveyed 500 debit cardholders in the U.S. in May of 2016 to complete the report, with 361 of those cardholders also carrying a credit card.
Any contradiction in how consumers feel about security and convenience in payments causes many issuers, e-commerce merchants and security vendors to question how to position security without frustrating paying customers.
Much of that dates back to the original 3D Secure technology and its tedious questions and pop-ups that slowed down the online purchase process, and carries through to the current EMV chip cards at the point of sale and the perception that EMV payments take too long.
Forty-two percent of consumers say EMV chip cards are the most secure payment type available. That is significantly more than the number who believe that about mobile payments, at 12%, and mag-stripe cards at 6%, according to the report. At the same time, 43% of consumers believe all electronic devices are equally vulnerable to fraud.
But EMV cards protect primarily against counterfeiting, while mobile payments include security measures such as tokenization and biometric authentication, providing security in a wider range of use cases.
"I'm not sure consumers think about the EMV chip card in too much detail," Holmes said. "They tend to think the chip card is the most secure and think it is a very complicated technology, so it [safety] resonates more with a chip card than a mobile payment."
Many consumers are aware that a chip card somehow keeps the merchant from seeing the actual card number, but they likely don't know much more about various other layers of security, Holmes said.
The major card brands sparked the migration to EMV chip cards in the U.S. through an October 2015 liability shift as a measure to stop counterfeit card fraud at the point of sale. The shift has changed the way consumers handle payments in person, but does not address e-commerce and mobile payments, which do not require a physical card.
Oddly enough, only 32% of cardholders believe chip cards have decreased fraud, while 58% said it has had no impact.
Mobile wallet providers like Apple, which uses tokenization and stores credentials in the iPhone's secure element, have emphasized security in their sales pitch (despite Apple Pay being announced shortly after a major incident involving Apple's iCloud system).
At the same time, the Fast Identity Online Alliance has pushed for nearly three years to drop static passwords for device authorization and move to biometrics or various security layers, thus making a mobile device even more secure and assuring any payment through that device was coming from its actual owner.
"People who use mobile payments are twice as likely to understand that mobile is more secure," Holmes said. "It is the mobile non-users who have this real fear of the unknown."
While the amount of a purchase has no bearing on a fraudster who is looking to steal card credentials after a transaction, consumers sense a difference. But it was not enough to say they are not concerned at all about security during low-value transactions.
For a purchase of $5 with a credit card, 70% say that security is more important than a faster checkout, while 30% prefer speed over added security steps. For a credit purchase of $100, 85% want more security, while only 15% prefer speed.
For a debit card transaction of $5, 71% cited better security, while 29% said a faster transaction was more important. For a $100 debit purchase, 87% wanted more security steps and 13% chose speed.
Most consumers, at 70%, say they are willing to utilize two-step authentication if it is offered through their primary bank. Of those options, 30% preferred extra security questions, 26% would opt for biometrics, and 21% wanted unique text codes sent to their phones.
At the same time, consumers still fall into the bad habits of using the same password for multiple accounts, in many cases a weak password, Holmes said.
"And the majority, at 69%, save passwords for some of their accounts on their mobile devices," she added.