Tap-to-Authenticate Payment Cards Report

A Tap Could Solve Banking Authentication Problems — With the Right Metal Payment Card

November 2024

As fraud becomes more sophisticated, financial institutions (FIs) face increasing pressure to secure customer transactions and data. With credential theft on the rise, physical passkeys are attracting more attention than ever. Tap-to-authenticate metal payment cards are turning heads; the new entrant into the security space could serve as a way to offer secure, streamlined and accessible physical authentication solutions.

Get Unlimited Access
Complete the form below for free, unlimited access to all our Data Studies, Trackers, and MonitorEdge reports.

Thank you for registering. Please confirm your email to view all our Trackers.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    Enhancing security while improving the customer experience is a difficult balance for any FI to strike. The two initiatives can conflict, and the U.S. financial services sector has no unified approach to authentication practices. However, many FIs view alternatives like tap-to-authenticate metal payment cards as potential overarching solutions for improving customer experience while reducing fraudulent activity.1

    Tap-to-authenticate cards are physical debit or credit cards issued by an FI with embedded chips that can authenticate a user. The user can then authenticate themselves, typically by tapping the metal or plastic card on the back of a smartphone. This tapping action is similar to how customers may tap their card to pay for purchases, but for these authentications, the consumer is tapping their card to their mobile device. This procedure enables authentication without entering login credentials such as a password across multiple services, apps or devices.

    In doing so, these cards can alleviate two issues at once by enabling a customer experience with less friction and higher security. What’s more, PYMNTS Intelligence’s data shows that 76% of FIs think tap-to-authenticate metal payment cards would increase their profits if offered.



    What’s at Stake

    Stolen or falsified credentials now account for 41% of fraud cases measured — a very high share given the variety of tactics fraudsters use. That’s nearly twice as prevalent as the next most common type, fraudulent transactions, which account for 24%. Additionally, approximately seven in eight FIs report increased credential-based fraud instances.

    Given this atmosphere, it is likely no coincidence that FIs exhibit urgency to adopt innovative solutions like tap-to-authenticate metal payment cards. In offering passwordless authentication, these physical passkeys reduce fraud while enhancing the customer experience. This dual benefit has garnered widespread appeal. For example, 69% of FIs with more than $100 billion in assets express significant interest in the offering. For FIs of this size that are somewhat interested in offering tap-to-authenticate metal payment cards, this share rises to 92%. Most large FIs are open to implementing these cards if they see an adequate return on investment (ROI).

    The right ROI may be crucial in adopting tap-to-authenticate metal payment cards. However, larger FIs already willing to invest in metal payment cards in general are more likely to expect improved security and significantly enhanced user satisfaction with the addition of tap-to-authenticate technology. Altogether, two in three FIs anticipate an obvious return on the investment if they were to offer tap-to-authenticate metal payment cards.

    These are just some of the findings detailed in “How Tap-to-Authenticate Metal Payment Cards Can Improve FI Security and Customer Experience,” a PYMNTS Intelligence and Arculus by CompoSecure collaboration. This edition examines the current state of authentication practices in financial services. It draws on insights from a survey of 200 complete responses from heads of fraud and heads of product from United States FIs with asset sizes exceeding $1 billion. The survey was conducted from June 16 to July 2.

    Key Findings

    Rapidly rising rates of fraud, particularly from stolen credentials, demand stronger authentication measures to protect customer accounts.

    FIs are confronting a significant rise in fraudulent activity, reporting an increase over the last year in two types of fraud among the four we measured, on average. Among these activities, stolen or falsified credentials have become responsible for two in every five fraud cases we recorded. This, by far, leads all other types we measured and highlights how FIs must rethink current authentication methods.

    Consumers find current security measures cumbersome, and legacy account verification techniques are showing their age against sophisticated threats. Data shows 87% of FIs report a rise in credential-based fraud from last year, suggesting today’s authentication measures are insufficient. This situation could explain why FIs seek solutions that can effectively mitigate these risks and safeguard customer accounts.

    FIs report other types of fraud are on the rise as well. Hacks and scams leading to account takeovers and data breaches have also increased. Data reveals that 59% of FIs reported an increase in account takeovers, and 66% reported the same for data breaches.

    These forms of fraud have contributed to the overall growth in credential-related incidents last year. In doing so, they point to the central role that accurate authentication plays in securing customer accounts. Tap-to-authenticate payment cards can add a more robust layer of precision to authentication measures that remain user-friendly. In most cases, a user simply enters a PIN and touches their tap-to-authenticate card to their phone to log in or authenticate their credentials. Many FIs are starting to see this technology as a viable alternative to current authentication methods.

    Most FIs use several authentication measures across use cases, over-complicating the consumer experience.

    Hardware-based authentication methods remain underutilized in the consumer sphere. Data suggests, however, that alternatives to current authentication practices are needed. To start, processes are inconsistent, varying from FI to FI as well as from use case to use case. For instance, 76% of FIs require two authentication steps for monetary transactions. More critical actions, like changing personal information, often demand more stringent measures, with 43% of FIs requiring at least three.

    Logging in only requires one authentication step at more than one-third of FIs. As a result, consumers must navigate different authentication processes for various common tasks. It is clear that FIs should provide a more cohesive approach to safeguarding customer data across all interactions.

    FIs primarily rely on usernames and passwords as the most common authentication methods to secure customer accounts. Biometrics and emailed or texted one-time passwords (OTPs) are the next most common. However, authentication approaches vary significantly across different interactions. For example, mobile logins may require biometrics and a verification code, whereas logins online via a desktop computer might require a username/password and an email OTP.

    Moreover, regular transactions often require significantly different measures than irregular ones, such as failed login attempts or prolonged account inactivity. For sensitive actions like changing personal information, half of FIs use identification documents. FIs also regularly use personal knowledge questions to authenticate irregular transactions. These discrepancies indicate that FIs have yet to establish a consistent and effective authentication strategy across all use cases.

    Notably, physical passkeys are rarely used, but are far more secure than most account verification methods. This approach accounts for less than 1% of regular tasks and 3% of irregular ones, mainly for logins and personal information changes. All in all, today’s system of inconsistencies — with variances by FI and use case that may confuse consumers — demonstrate a need for more standardized and effective authentication solutions.

    Top five authentication methods across all bank interactions

    Source: PYMNTS Intelligence
    How Tap-to-Authenticate Metal Payment Cards Can Improve Bank Security and Customer Experience, November 2024
    N = 200: Complete responses, June 16, 2024 – July 2, 2024

     

    Login difficulties, especially remembering credentials and multi-step processes, highlight the need for simpler, more consistent authentication solutions like physical passkeys.

    Difficulty remembering login credentials has emerged as a top friction for FIs. Data shows that 71% of heads of fraud identify it as a significant pain point for customers. Fifty-eight percent of heads of product agree that this is a top friction for consumers. Slightly fewer, 55%, cite the inconvenience of logging in across multiple devices. These issues highlight the complexities consumers face with current authentication methods. Multi-step authentication processes and long completion times worsen these problems, leading to a fragmented and frustrating user experience that can also increase call center volume. The inverse may also prove true, with streamlined processes ultimately reducing the strain on FIs’ call centers.

    There is clear momentum toward solutions that solve these login issues. Fifty-five percent of heads of fraud plan to implement passwordless authentication through physical passkeys within the next three years to combat rising fraud. Additionally, 36% of heads of product see passwordless innovations as essential for enhancing the customer experience.

    Overall, 69% of FIs have prioritized improvements to their current authentication solutions. Adopting new technologies has been a significant focus. In particular, 77% of FIs are considering tap-to-authenticate metal payment cards. FIs’ interest in physical passkeys through tap-to-authenticate metal payment cards suggests they could soon become a mainstream solution. Though physical passkeys currently account for less than 1% of usage in regular transactions, this new card form factor could unlock adoption, whether in metal or plastic card technology.

    FIs using metal payment cards see clear benefits of tap-to-authenticate technology, including customer experience and security gains that make tap-to-authenticate upgrades likely worth the additional investment.

    Some FIs may have initial hesitance about the cost of introducing tap-to-authenticate metal payment cards. However, FIs that already offer metal payment cards see the benefits. Data shows that these FIs demonstrate enthusiasm about the potential benefits of adding tap-to-authenticate technology. Ninety-six percent of FIs issuing metal payment cards believe they would see improved customer experience and loyalty by adding tap-to-authenticate technology. Similarly, 84% would expect increased profits and enhanced security by offering tap-to-authenticate metal payment cards.

    AMONG FIs ALREADY OFFERING METAL PAYMENT CARDS, 84% WOULD EXPECT TO SEE INCREASED PROFITS AND ENHANCED SECURITY BY ADDING TAP-TO-AUTHENTICATE TECHNOLOGY.

    These FIs also highlight smoother authentication processes and reduced customer service costs as key benefits of tap-to-authenticate metal payment cards. While FIs offering standard metal payment cards are most enthusiastic about these cards’ benefits, those yet to offer metal payment cards still expect to see substantial benefits. Overall, firsthand experience with metal payment cards of any type and their advanced security features drives up the perceived value — and the ROI.

    Why top concerns fade among FIs that issue metal payment cards

    Data reveals that the most common impediments to adopting this technology are based on perception rather than reality. The perceived cost of issuing tap-to-authenticate metal payment cards remains the most ubiquitous barrier for FIs considering this technology, for example, with 62% of FIs not yet issuing any metal payment cards noting concern.

    FIs already in the market with standard metal payment cards have notably positive outlooks. These FIs see tap-to-authenticate technology’s value strongly: They are 55% less likely than other FIs to view cost as an obstacle to these cards. Additionally, offering standard metal payment cards increases expectations of positive ROI for tap-to-authenticate versions. Ninety-two percent of FIs that already offer standard metal payment cards perceive ROI potential in implementing tap-to-authenticate metal payment cards.

    Future iterations of this technology on plastic rather than metal could also provide the same user-friendliness while lowering upfront costs. Overall, while the perceived cost does represent an initial concern for many about issuing tap-to-authenticate metal payment cards, the perceived ROI is expected to be substantial enough that these concerns fade.

    It is also important to remember that tap-to-authenticate cards are poised to improve a currently substandard customer experience, which should drive demand and adoption as the cards enter the market.

    Data Focus

    More than four in five FIs believe tap-to-authenticate metal payment cards can cut fraud and boost the customer experience.

    Overall, 87% of heads of fraud believe tap-to-authenticate metal payment cards will reduce fraud and false positives, and 81% of heads of product anticipate a reduction in customer authentication frictions. The potential of these cards to reduce fraud and improve the customer experience is gaining recognition.

    Confidence is higher for more than two in five of these FI department heads. Data reveals that 45% of heads of fraud believe these cards will significantly reduce fraud, and 42% of heads of product believe the cards will strongly reduce customer authentication frictions. Analysis of asset size reveals that this sentiment is even stronger at larger FIs. Sixty-seven percent of heads of fraud at FIs with more than $100 billion in assets agree these cards will significantly reduce fraud.

    FIs face increasing customer concerns over fraud risks. Tap-to-authenticate payment metal payment cards represent not just a security enhancement but also a pivotal tool for maintaining customer trust and loyalty.

    Conclusion

    Eighty-seven percent of FIs report an increase in stolen credentials, accounting for 41% of fraud cases. Traditional authentication methods are thus proving inadequate. Authentication is the first line of defense, but its current inconsistency across situations presents a problem. This lack of consistency can harm the consumer experience and create security gaps. Consumers also frequently face issues like forgotten credentials that worsen the authentication experience.

    FIs are beginning to recognize that tap-to-authenticate metal payment cards offer a simplified, more secure alternative. The data shows that FIs expect these cards to streamline the authentication experience and reduce fraud. Moreover, 85% of FIs also expect this payment technology to improve customer loyalty in addition to the aforementioned benefits. Taken together, it is no surprise that two in three FIs see an obvious ROI for offering tap-to-authenticate metal payment cards.

    Although the adoption of tap-to-authenticate metal payment cards is still nascent, the benefits for both FIs and their customers are evident. Although future iterations of the technology based on plastic could provide a similar range of benefits, data suggests the premium nature of these cards justifies their cost by delivering a high-quality experience while offering enhanced security and customer satisfaction. As consumer interest in secure, frictionless authentication grows, FIs can exceed expectations with tap-to-authenticate payment cards.

    Methodology

    How Tap-to-Authenticate Metal Payment Cards Can Improve Bank Security and Customer Experience,” is a PYMNTS Intelligence and Arculus by CompoSecure collaboration. This report examines the current state of authentication practices in financial services. The report draws on insights from a survey of 200 complete responses divided equally between heads of fraud and heads of product at U.S.-based FIs with assets over $1 billion, conducted from June 16 to July 2. The sample comprised a diverse range of institutions: 45% from regional banks, 21% from local or community banks, and 14% from large national banks.

    Additionally, 17% of respondents represented credit unions and 4% came from neobanks or digital-only FIs. The asset sizes of the FIs also varied, with 40% holding assets between $5 billion and $25 billion, 18% with assets between $1 billion and $5 billion, 9.5% with assets between $50 billion and $100 billion, and 4% with assets exceeding $100 billion.


    1. [The sample for this research is nearly all banks but includes 17% credit unions. Since this research focuses on banking actions, we have opted to default to the term “FIs” throughout to describe the whole sample. For more details, see the methodology section at the end of the report.]

    About

    Arculus® by CompoSecure offers technology that elevates the digital security experience for your customers by seamlessly integrating secure authentication and payment capabilities into their everyday wallets. For over 20 years, CompoSecure has been the global leader in innovative payment card technology, working with FinTechs and leading financial institutions. Their premium products and solutions transform the customer experience, offering the highest level of security. Their Arculus technology reduces fraud, reinforces your brand, increases customer acquisition and drives top of wallet success. One tap of your branded premium metal card provides total security for your customers — Powered by Arculus.

    PYMNTS INTELLIGENCE

    PYMNTS Intelligence is a leading global data and analytics platform that uses proprietary data and methods to provide actionable insights on what’s now and what’s next in payments, commerce and the digital economy. Its team of data scientists include leading economists, econometricians, survey experts, financial analysts and marketing scientists with deep experience in the application of data to the issues that define the future of the digital transformation of the global economy. This multilingual team has conducted original data collection and analysis in more than three dozen global markets for some of the world’s leading publicly traded and privately held firms.

    The PYMNTS Intelligence team that produced this report:
    Scott Murray: SVP and Head of Analytics
    Story Edison, PhD: Senior Analyst
    Adam Putz, PhD: Senior Writer
    Matt Vuchichevich: Head of Reports and Senior Content Editor


    We are interested in your feedback on this report. If you have questions or comments, or if you would like to subscribe to this report, please email us at feedback@pymnts.com.

    Disclaimer

    The Tap-to-Authenticate Payment Cards Report Series may be updated periodically. While reasonable efforts are made to keep the content accurate and up to date, PYMNTS MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE CORRECTNESS, ACCURACY, COMPLETENESS, ADEQUACY, OR RELIABILITY OF OR THE USE OF OR RESULTS THAT MAY BE GENERATED FROM THE USE OF THE INFORMATION OR THAT THE CONTENT WILL SATISFY YOUR REQUIREMENTS OR EXPECTATIONS. THE CONTENT IS PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. YOU EXPRESSLY AGREE THAT YOUR USE OF THE CONTENT IS AT YOUR SOLE RISK. PYMNTS SHALL HAVE NO LIABILITY FOR ANY INTERRUPTIONS IN THE CONTENT THAT IS PROVIDED AND DISCLAIMS ALL WARRANTIES WITH REGARD TO THE CONTENT, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT AND TITLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES, AND, IN SUCH CASES, THE STATED EXCLUSIONS DO NOT APPLY. PYMNTS RESERVES THE RIGHT AND SHOULD NOT BE LIABLE SHOULD IT EXERCISE ITS RIGHT TO MODIFY, INTERRUPT, OR DISCONTINUE THE AVAILABILITY OF THE CONTENT OR ANY COMPONENT OF IT WITH OR WITHOUT NOTICE.
    PYMNTS SHALL NOT BE LIABLE FOR ANY DAMAGES WHATSOEVER, AND, IN PARTICULAR, SHALL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, OR DAMAGES FOR LOST PROFITS, LOSS OF REVENUE, OR LOSS OF USE, ARISING OUT OF OR RELATED TO THE CONTENT, WHETHER SUCH DAMAGES ARISE IN CONTRACT, NEGLIGENCE, TORT, UNDER STATUTE, IN EQUITY, AT LAW, OR OTHERWISE, EVEN IF PYMNTS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    SOME JURISDICTIONS DO NOT ALLOW FOR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, AND IN SUCH CASES SOME OF THE ABOVE LIMITATIONS DO NOT APPLY. THE ABOVE DISCLAIMERS AND LIMITATIONS ARE PROVIDED BY PYMNTS AND ITS PARENTS, AFFILIATED AND RELATED COMPANIES, CONTRACTORS, AND SPONSORS, AND EACH OF ITS RESPECTIVE DIRECTORS, OFFICERS, MEMBERS, EMPLOYEES, AGENTS, CONTENT COMPONENT PROVIDERS, LICENSORS, AND ADVISERS.
    Components of the content original to and the compilation produced by PYMNTS is the property of PYMNTS and cannot be reproduced without its prior written permission.