As retail data breaches become more common, nearly half of 985 U.S. cardholders polled by CreditCards.com say they’re likely this holiday season to avoid stores that have been hit.
Forty-five percent of respondents with credit or debit cards said they would definitely or probably avoid one of their regular stores over the holidays if that retailer had experienced a data breach. Sixteen percent said they definitely would not return to a retailer if the store had been hacked and 29 percent said they probably would not shop at such stores. Just one in eight said they are more likely to shop with credit cards this season.
The survey of a randomly selected 865 American adults who have debit or credit cards was conducted by landline and cellphone Oct. 2-5 for CreditCards.com by Princeton Survey Research Associates International. The survey has a margin of error of plus or minus 3.9 percentage points.
Major data breaches have been in the news regularly in the past year, as thieves have made off with sensitive data from millions of consumers. Big-name retailers whose data vaults have been plundered include Home Depot, Michaels and Target.
People initially react to a data breach with fear, then may become numb, says David Just, professor of applied economics management and director of graduate studies at Cornell University in Ithaca, New York. “I’m guessing a lot of people have the initial emotional reaction of, ‘Wow, I don’t want to shop there anymore if they’re going to be that loose with that data,'” Just says. “Your initial response is fear. You feel like you’ve been violated. You don’t know what’s going to happen to your credit.”
But consumers often realize later that they want or need to return to that particular store, Just says.
Whether shoppers avoid a particular store after a breach may depend on what other retail options are easily available, says Jeff Foresman, information security compliance lead at Rook Security in Indianapolis.
“It depends on the type of retailer,” Foresman said. “A retailer such as Target where consumers have other options for shopping might lead people to shop elsewhere. But if a building contractor has a business account at Home Depot, he won’t necessarily go elsewhere after a breach.”
Income, education matter
There’s some good news for retailers: The highest-earning cardholding households are least likely to punish hacked retailers by staying away after a data breach. Only 31 percent of those in households earning $75,000 or more annually said they’d definitely or probably avoid retailers who experienced a data breach, compared to 56 percent of those in households earning less than $30,000 a year.
“Wealthier consumers feel like they have some protections in place — possibly a service that is supposed to protect them,” Just says. “With the less wealthy, this wounds deeply.”
Similarly, respondents with higher levels of education are less likely to avoid stores that have been hacked. Thirty-three percent of college graduates said they probably or definitely wouldn’t shop at a store with a breach, compared to 55 percent of those with a high school education or less.
Some cardholders are vowing to avoid using plastic this holiday season, with 48 percent saying security breaches will make them more likely to pay with cash.
But the higher the income, the less likely cardholders were to switch to cash. Of those earning more than $75,000 a year, 42 percent said they were more likely to pay with cash because of the breaches, compared to 51 percent of those earning less than $30,000 a year.
Those with lower education levels are also more prone to use cash due to security concerns. Fifty-seven percent of those with some college and 50 percent of high school graduates said they’re more likely to pay with cash this holiday season. But only 37 percent of college graduates said they’re more likely to pay with cash.
Other survey highlights
The CreditCards.com survey found these other factors make a difference in whether cardholders are willing to shop at a store where a data breach has occurred:
• Gender. Women were more likely to give retailers with data breaches the benefit of the doubt. Among the women surveyed, 56 percent say they would definitely (10 percent) or probably (46 percent) shop at a store where a security breach had occurred, compared to 48 percent of men who say they would definitely (12 percent) or probably (36 percent) shop at such a store.
• Parenthood. Sixty percent of cardholders with children younger than 18 were willing to give breached retailers another chance compared to half of nonparents.
• Geography. Those living in the West and Midwest were the most forgiving. Fifty-nine percent of both Westerners and Midwesterners said they definitely or probably would shop at a retailer that had been hacked, compared to 52 percent of those living in the Northeast and 45 percent of Southerners.
• Age. Fifty-five percent of cardholders over 65 would avoid a store with a data breach, compared to 41 percent of those ages 30-49. “Older folks have less knowledge of how information technology works,” Just says. “To a lot of people, especially the elderly, it’s a black box and it can seem a little bit voodoo-like.”
• Race. Fifty-five percent of African-Americans would definitely or probably not shop at a breached store compared to 53 percent of Hispanics and 42 percent of whites.
See related: Data breach protection: 10 tips, Data breaches: Who’s to blame?, Data breaches turn spotlight on EMV cards