According to the J.D. Power 2025 U.S. Financial Protection Satisfaction Study, 23% of bank customers and 29% of credit card customers have not taken any security measures, such as reviewing their accounts, updating passwords or adding multi-factor authentication to their accounts in the past 90 days. In most cases, these customers don’t recall their providers prompting them to take action on security measures.
“Financial institutions are spending billions on cybersecurity to address the constant threat of fraud, but there’s only so much they can do on their own. Customers really need to do their part by making use of the various tools provided to protect their accounts, but many are still not aware of the resources that are out there to help them,” said Jennifer White, senior director for banking and payments intelligence at J.D. Power. “Perhaps the biggest concern is that 50% of bank customers and 55% of credit card customers do not recall recently being prompted by their providers to take action on security measures. Customer awareness is key to a strong fraud defence, and bank and credit card providers seem to be missing the mark on ensuring their customers are aware of their options.”
Following are some key findings of the 2025 study:
- Bank and credit card fraud disproportionately affects Gen Z: 29% of bank customers and 24% of credit card customers have experienced some form of financial fraud on their accounts in the past 12 months, with many experiencing more than one instance of fraud in that period. Fraud is most prevalent among members of Gen Z, in which 43% have experienced some form of checking, savings or debit fraud, and 41% have experienced credit card fraud in the past 12 months. This is likely the result of this younger generation’s increased use of debit cards and digital person-to-person payment (P2P) apps.
- Many customers take no action to protect accounts: 23% of bank customers and 29% of credit card customers have taken no proactive security measures to protect their accounts in the past 90 days. The most common protective measures include reviewing recent transactions, updating mobile apps and passwords and setting up account alerts.
- Account security prompts missing the mark: 50% of bank customers and 55% of credit card customers have not been prompted by their providers to act on security measures in the past 90 days. The most common prompts are reminders to set up multi-factor authentication and to update passwords.
- No such thing as too much protection: Overall satisfaction scores are largely consistent in two metrics, one when customers perceive the level of security offered by their bank or credit card provider as just right and another when they perceive it as burdensome. Those satisfaction scores fall sharply, however, when security is perceived as lacking.