American shoppers say they are very concerned about the safety of their personal information following a massive security breach at Target, but many aren't taking steps to ensure their data is more secure, says a new Associated Press--GfK Poll.
The poll finds a striking contradiction: Americans say they fear becoming victims of theft after the breach that compromised 40 million credit and debit cards and personal information of up to 70 million customers. Yet they are apathetic to try to protect their data.
In the survey, nearly half of Americans say they are extremely concerned about their personal data when shopping in stores since the breach. Sixty-one percent say they have deep worries when spending online, while 62 percent are very concerned when they buy on their mobile phones.
But just 37 percent have tried to use cash for purchases rather than pay with plastic in response to data thefts like the one at Target, while only 41 percent have checked their credit reports. And even fewer have changed their online passwords at retailers' websites, requested new credit or debit card numbers from their bank or signed up for a credit monitoring service.
The poll offers insight into the effects big data breaches can have on consumer behavior. There have been worries that shoppers would dramatically change their habits since December, when Target announced the breach that could wind up being the largest in U.S. history. Weeks later, those concerns were elevated when luxury retailer Neiman Marcus disclosed that it too was the victim of a breach that may have compromised 1.1 million debit and credit cards.
But security experts say the results show that Americans have come to expect that security theft is a possibility when they use their creditor debit cards or provide retailers with phone numbers, emails and other personal information.
"They ... just chalk it up to ... 'It's part of life,'" says Cameron Camp, security researcher at global security firm ESET who believes people don't think they will be liable for fraudulent charges.
Experts also say the results show another expectation Americans have: While nearly 4 out of 10 say they have been victimized by personal data theft, most expect credit card companies, banks or retailers to take responsibility when that happens.
About 38 percent report that they think they have either had someone make unauthorized purchases using their credit or debit cards without it having been physically stolen or that someone had used their personal information to apply for a fraudulent line of credit, the poll says. And just over a third of Americans think their personal information was compromised in the breach at Target.
But the survey shows that just 37 percent say consumers bear most of the responsibility for keeping their data safe, while 88 percent place the burden on the retailers who are collecting it. Six in 10 say the banks that provide credit or debit cards or the credit bureaus should bear most of the responsibility.
Andrea Davis doesn't believe she was affected by the Target breach, but she recently found unauthorized charges on her American Express credit card. Still, she hasn't taken steps to make her data more secure because she says she feels protected when she uses her Amex card. In fact, American Express immediately took off the charges after she notified the company.
The sentiment was different among Americans who've been victims of personal data theft. In that group, 52 percent have checked theircredit report, while 41 percent have tried to use more cash. Twenty-eight percent have signed up for a credit monitoring service.
Eve Sims signed up for a credit card monitoring service for a monthly fee of $14 about five years ago after she found fraudulent charges from Nigeria on her credit card. "It's worth it," she says.
The AP-GfK Poll was conducted Jan. 17 through Tuesday and involved interviews with 1,060 adults. The survey has a margin of sampling error of plus or minus 3.9 percentage points.
The poll used KnowledgePanel, GfK's probability-based online panel that is designed to be representative of the U.S. population. Respondents were first selected randomly using phone or mail survey methods, and later, completed this survey online. People selected for KnowledgePanel who didn't otherwise have Internet access were provided with access at no cost to them.