Banking Exchange Magazine Logo

Shoppers remain lax about passwords

Many blame retailers while failing to take basic actions themselves

Shoppers remain lax about passwords

While two-thirds of U.S. consumers were predicted to shop online this holiday season, the majority of those shoppers (63%) are either unsure or not confident in the security of the personal and payment information that they use to complete a transaction, according to a KPMG survey.

In fact, the survey finds that consumers may be too passive. They are not taking the proper steps to ensure the security of their personal information.

Shoppers habitually expose data

According to the survey, 47% of online shoppers identified that they store some or all of their credit card information on retailer websites for quick and easy access to their accounts, and yet 40% of online shoppers stated that they have not changed their password in the past year.

“Passwords are an important line of protection in the fight against identity theft,” says Tony Buffomante, partner and retail cyber security leader for KPMG. “However, cyber security is a joint venture between the retailer and the consumer.”

Both parties need to fortify each end of the transaction, Buffomante continues, not assuming that one end is more secure than the other.

“From the consumer side, that means installing challenging passwords, changing them regularly, and monitoring their accounts,” Buffomante says. “For the retailers, they need to implement policies, procedures, and controls to mitigate cyber security threats and constantly monitor for potential breaches of customer information.”

Yet security very much matters to consumers

Security breaches have an immediate and potentially lasting impact on the retailer’s reputation, with more than a third of consumers (38%) stating that there is a negative impact on how they perceive a company once it has experienced a security breach.

Not only does a cyber-data breach impact a company’s reputation, it also affects the company’s sales figures. According to the survey, 27% of consumers will only shop at a store that previously experienced a cyber-attack if they cannot find the product elsewhere. And 8% refuse to shop at these stores, period.

Of the consumers who stated that they change their online passwords regularly, 41% said their decision was influenced by recent news of an information security breach at a retail company. Twelve percent of consumers who regularly change their passwords do it because they once were victims of identity theft and know the importance of maintaining proper password protection. Of those who do not change their online passwords regularly, 38% feel their passwords are secure enough and 36% state that changing their passwords is too much of an inconvenience.

However, with 22% of consumers reporting they would be shopping more online this holiday season than they were last year, online shopping has never been so popular. When asked why they prefer to shop online than in-store, consumers identified convenience, product availability, and cost as more important factors than security.

“The holiday shopping season continues to experience a bit of an evolution as more and more consumers turn to online shopping for the ease and convenience of not having to leave their house and fight with a hoard of other shoppers or get to a store and find out the product that they want may not be available,” says Mark Larson, KPMG’s U.S. and global retail leader. “Retailers are looking to adapt to this changing landscape and are therefore continuing to invest in days such as Cyber Monday and Green Monday as another way to increase their annual sales.”

When shopping online, an overwhelming majority of consumers (83%) prefer to use their personal computers rather than mobile devices (30%) or tablets (20%).

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected]

back to top


About Us

Connect With Us


Webinar: From KYC to IDV

How three leading banks are utilizing cutting-edge
digital tools to onboard, win, and wow customers

Time/Date: June 23, 2021 11:00 a.m. ET

Digital adoption, already moving at warp speed, accelerated seven years into the future during the COVID-19 pandemic. As the number of bank branches continues to fall, with at least one study predicting all branches will disappear by 2034 (Fox Business) and foot traffic declining (Vox), today’s most innovative banks are charting a new, digital-first path to win over customers while increasing security, meeting KYC compliance requirements, and winning customers to drive revenue.

In this webinar, you’ll hear from John Baird, Founder & CEO of Vouched, Tyler Crawford, COO of Bankers Healthcare Group, Anand Sathiyamurthy, CPO of Flagstar Bank and Daniel Sheehan, Chairman & CEO of Professional Bank as they describe their vision for digital transformation and how customer expectations are changing to digital first. They’ll also explore how fostering an innovation mindset creates new ways to tackle complex KYC problems and allows them to quickly compete in new markets and win customers.


This webinar is brought to you by:
Vouched Logo