Consumers have long resisted security hardware such as one-time password tokens, as these devices typically slow down the payment process. But shoppers may finally be willing to give up a little convenience for some peace of mind.
Many consumers have misguided perceptions about how well-protected their financial data is, so they may not trust security methods that they can't see.
"For consumers, it's really about managing the perception of security," said Rick Oglesby, a senior analyst and consultant at Double Diamond Payments Research.
As a result of 2013 and 2014's many high-profile data breaches, consumers are especially concerned about whether their payment data is going to be safe. The shift to EMV-chip cards, which are designed to deter counterfeiting, may go a long way toward easing those fears despite not fully protecting all consumer payments.
"EMV would not have prevented the recent high profile merchant breaches at Target, Michaels, etc.," Oglesby said. "However EMV already has been and increasingly will be marketed to consumers as the solution to that problem as retailers try to manage the perceptions of security versus insecurity."
EMV technology doesn't affect e-commerce, and many predict fraudsters will shift their attention to the Web as security improves at the point of sale. This, in turn, could spark fresh demand for security hardware that can protect card-not-present transactions.
"There was some momentum in the industry to have an EMV attachment that you plug into your PC device," said Bob Lowe, vice president of business development at Shift4, a payment gateway that does a lot of business in Canada. But "if I had to have a hardware device for all my devices I'd find that limiting," he said.
In Europe, consumers are given a USB device that plugs into a personal computer and reads the chip on an EMV card when the consumer makes a purchase. U.S. card executives will not deploy these devices, as there's a perception that U.S. consumers will not tolerate this level of friction, said Julie Conroy, a senior analyst at the Aite Group.
However, hardware devices have been a popular security mechanism for Bitcoin.
But hardware-based security hasn't worked for every Bitcoin company. RoboCoin, a Bitcoin ATM provider, launched its bidirectional machines with Fujitsu's palm vein scanners, but is eliminating the need for biometric authentication because the process caused unnecessary friction.
Biometrics is slowly creeping into the payment process, particularly in the example of Apple's
Companies like
However, biometric technology is at odds with the U.S. consumer habit of sharing payment accounts with family members, such as the parents who give their son or daughter their debit card to go grocery shopping, said Lowe.
"The question is, how do you manage the [payment] process in a way that doesn't restrict the commerce flow?" said Lowe. The financial services industry is still trying to figure out the right mix of technologies to balance security and convenience, he said.
