March 2025
Tap-to-Authenticate Payment Cards Report

Consumers Struggle with Passwords and Fraud Prevention — Metal Payment Cards Offer a Smarter Alternative

Traditional authentication methods have become confusing and ineffective as banks report that the top authentication-related fraud threat stems from stolen or falsified credentials.

Get Unlimited Access
Complete the form below for free, unlimited access to all our Data Studies, Trackers, and MonitorEdge reports.

Thank you for registering. Please confirm your email to view all our Trackers.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    Fraud involving stolen login credentials points to the issues with traditional password-based security. However, consumers have password fatigue and hate cumbersome multi-step logins. These security “improvements” often lead to frustration or even abandoned transactions. Financial institutions (FIs) recognize these pain points, but many existing solutions — such as one-time passcodes — add complexity without solving the issue.

    Tap-to-authenticate metal payment cards present a simpler, more secure alternative by combining the durability of physical passkeys with digital authentication. However, consumer awareness of this new approach remains limited. Strong interest from financial institutions and consumers alike means that this could all be about to change.

    Consumers Struggle with Passwords and Fraud — Metal Payment Cards Offer a Smarter Alternative” is a PYMNTS Intelligence and Arculus by CompoSecure collaboration. This edition examines how financial institutions address rising fraud rates and adapt authentication methods to improve security and customer trust. It draws on insights from a survey of 200 respondents, consisting of heads of fraud and product leaders from FIs with assets of more than $1 billion, conducted from June 16, 2024, to July 2, 2024.

    Consumers Face Growing Authentication Challenges

    Authentication gaps expose consumers to rising fraud risks.

    Fraud driven by stolen or falsified credentials remains the top authentication-related threat, accounting for 41% of cases. Vulnerability on this level spotlights the limitations of password-based security. Such traditional methods expose consumers to account takeovers, fraudulent transactions and data breaches.

    Banks report that 65% of consumers struggle to remember passwords. Because of this, many consumers engage in weak security practices such as reusing credentials or choosing simple, easily guessed passwords. These behaviors make it easier for cybercriminals to exploit stolen login details, further increasing fraud risks. Frequent password resets also contribute to authentication fatigue, frustrating users and making some more likely to ignore the latest offerings in security best practices.

    Adding to these risks, multi-step authentication measures can introduce unnecessary complexity. Extra security steps — such as SMS passcodes or email verification codes, neither entirely secure — slow transactions and increase customer frustration. These processes may also depend on internet access in spotty coverage areas to complete. When authentication processes become too cumbersome, users often bypass them entirely. This paints a problematic picture of security and trust in digital banking.

    These frictions vary by institution type and size. Local banks and CUs report the highest average authentication time at 3.2 minutes, suggesting that smaller institutions may rely more on manual verification processes. Regional and large national banks report shorter authentication times, at 2.9 and 2.8 minutes, respectively.

    Bank size also influences authentication efficiency. The smallest institutions — those with $1 billion to $5 billion in assets — report the longest authentication times, at 3.5 minutes. Data suggests that mid-sized banks may struggle to balance security with ease of use. In contrast, the largest banks — those with more than $100 billion in assets — report the shortest authentication times, at 2.7 minutes. This performance reflects the technological edge of larger institutions, albeit one of seconds.

    Metal Payment Cards Offer a Simpler and More Secure Solution

    Consumers see tap-to-authenticate metal payment cards as a better solution to current authentication practices.

    Banks increasingly view tap-to-authenticate metal payment cards as a frictionless, high-security alternative to passwords and traditional multi-factor authentication. On average, financial institutions in our study identified five distinct advantages of metal authentication cards over conventional security tools. In contrast, large FIs are even more confident in the technology. These FIs cited six key benefits on average.

    The overall results confirm that most banks believe consumers prefer tap-to-authenticate metal authentication cards. These include:

    • Frictionless authentication (58%): Faster and more intuitive than passwords or one-time passcodes.
    • Premium benefits and perks (57%): Rewards, exclusivity and high-end aesthetics enhance the card’s appeal.
    • Enhanced security (54%): Consumers perceive metal authentication cards as a safer alternative to traditional credentials.

    Beyond these top advantages, banks recognize additional benefits:

    • Durability and sustainability (53%): The long-lasting materials and eco-friendliness of the cards appeal to consumers.
    • Multi-functionality (50%): A single card can secure payments, authentication and loyalty programs.
    • Brand trust (46%): The card’s elegant, high-end design strengthens consumer trust.

    Awareness and Education Are Key to Adoption

    Overcoming awareness gaps can drive consumer adoption of metal payment cards.

    Despite clear benefits, the lack of consumer awareness remains a significant barrier to adopting tap-to-authenticate metal cards. Nearly 2 in 3 (62%) banks identify general awareness issues as a key factor slowing adoption, as this is a new technology. Without stronger education efforts, many consumers may not fully understand the security and convenience benefits of these tap-to-authenticate metal payment cards.

    FIs can take several steps to drive broader adoption, including:

    • Framing tap-to-authenticate metal cards as a premium, user-friendly security solution. Positioning the cards as a secure yet easy-to-use authentication tool could boost interest.
    • Prioritizing early rollouts to validate education and awareness messaging. Pilot programs can showcase real-world benefits and help FIs refine messaging.
    • Targeting tech-savvy early adopters and premium cardholders. These consumers can serve as advocates, influencing broader market adoption.

    Momentum for tap-to-authenticate metal cards is building among banks, with 77% of FIs considering solutions like tap-to-authenticate technology as a powerful new layer of security.

    Banks and other FIs can position tap-to-authenticate metal cards as accessible next-generation security solutions. With most banks already expressing strong interest, FIs can use targeted awareness and other strategic rollouts to address consumer awareness gaps. Clear communication around benefits like the improved security of tap-to-authenticate metal cards and their ease of use and durability can help FIs expand adoption. Addressing these awareness gaps through clear education and strategic positioning will be critical to driving deeper mainstream adoption.

    Read More

    PYMNTS Intelligence is the leading provider of information on the trends driving innovations in authentication practices. To stay up to date, subscribe to our newsletters and read our in-depth reports.

    Methodology

    Consumers Struggle with Passwords and Fraud — Metal Payment Cards Offer a Smarter Alternative” is based on a survey from June 16, 2024, to July 2, 2024. The report examines how FIs address rising fraud rates and adapt their authentication methods to improve security and customer trust. The survey included 200 heads of fraud and product leaders from FIs with assets of more than $1 billion. The sample provided insights into authentication challenges, customer friction and the adoption of advanced solutions such as tap-to-authenticate metal cards and passwordless authentication. Responses were analyzed to identify trends and preferences across banks of varying sizes and fraud exposure levels.

    About

    Arculus® by CompoSecure offers technology that elevates the digital security experience for your customers by seamlessly integrating secure authentication and payment capabilities into their everyday wallets. For over 25 years, CompoSecure has been the global leader in innovative payment card technology, working with FinTechs and leading financial institutions. Their premium products and solutions transform the customer experience, offering the highest level of security. Their Arculus technology reduces fraud, reinforces your brand, increases customer acquisition and drives top-of-wallet success. One tap of your branded premium metal card provides total security for your customers — Powered by Arculus.

    PYMNTS INTELLIGENCE

    PYMNTS Intelligence is a leading global data and analytics platform that uses proprietary data and methods to provide actionable insights on what’s now and what’s next in payments, commerce and the digital economy. Its team of data scientists include leading economists, econometricians, survey experts, financial analysts and marketing scientists with deep experience in the application of data to the issues that define the future of the digital transformation of the global economy. This multilingual team has conducted original data collection and analysis in more than three dozen global markets for some of the world’s leading publicly traded and privately held firms.

    The PYMNTS Intelligence team that produced this report:
    John Gaffney: Chief Content Officer
    Yvonni Maraki, PhD: SVP/Data Products and Senior Analyst
    Adam Putz, PhD: Senior Writer

    We are interested in your feedback on this report. If you have questions or comments, or if you would like to subscribe to this report, please email us at feedback@pymnts.com.

    Disclaimer

    The Tap-to-Authenticate Payment Cards Report Series may be updated periodically. While reasonable efforts are made to keep the content accurate and up to date, PYMNTS MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE CORRECTNESS, ACCURACY, COMPLETENESS, ADEQUACY, OR RELIABILITY OF OR THE USE OF OR RESULTS THAT MAY BE GENERATED FROM THE USE OF THE INFORMATION OR THAT THE CONTENT WILL SATISFY YOUR REQUIREMENTS OR EXPECTATIONS. THE CONTENT IS PROVIDED “AS IS” AND ON AN “AS AVAILABLE” BASIS. YOU EXPRESSLY AGREE THAT YOUR USE OF THE CONTENT IS AT YOUR SOLE RISK. PYMNTS SHALL HAVE NO LIABILITY FOR ANY INTERRUPTIONS IN THE CONTENT THAT IS PROVIDED AND DISCLAIMS ALL WARRANTIES WITH REGARD TO THE CONTENT, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT AND TITLE. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES, AND, IN SUCH CASES, THE STATED EXCLUSIONS DO NOT APPLY. PYMNTS RESERVES THE RIGHT AND SHOULD NOT BE LIABLE SHOULD IT EXERCISE ITS RIGHT TO MODIFY, INTERRUPT, OR DISCONTINUE THE AVAILABILITY OF THE CONTENT OR ANY COMPONENT OF IT WITH OR WITHOUT NOTICE.
    PYMNTS SHALL NOT BE LIABLE FOR ANY DAMAGES WHATSOEVER, AND, IN PARTICULAR, SHALL NOT BE LIABLE FOR ANY SPECIAL, INDIRECT, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, OR DAMAGES FOR LOST PROFITS, LOSS OF REVENUE, OR LOSS OF USE, ARISING OUT OF OR RELATED TO THE CONTENT, WHETHER SUCH DAMAGES ARISE IN CONTRACT, NEGLIGENCE, TORT, UNDER STATUTE, IN EQUITY, AT LAW, OR OTHERWISE, EVEN IF PYMNTS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    SOME JURISDICTIONS DO NOT ALLOW FOR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, AND IN SUCH CASES SOME OF THE ABOVE LIMITATIONS DO NOT APPLY. THE ABOVE DISCLAIMERS AND LIMITATIONS ARE PROVIDED BY PYMNTS AND ITS PARENTS, AFFILIATED AND RELATED COMPANIES, CONTRACTORS, AND SPONSORS, AND EACH OF ITS RESPECTIVE DIRECTORS, OFFICERS, MEMBERS, EMPLOYEES, AGENTS, CONTENT COMPONENT PROVIDERS, LICENSORS, AND ADVISERS.
    Components of the content original to and the compilation produced by PYMNTS is the property of PYMNTS and cannot be reproduced without its prior written permission.