The percentage of U.S. consumers who experienced credit card fraud in the past five years leaped from 41% in 2014 to 47% in 2016, according to the “2016 Global Consumer Card Fraud: Where Card Fraud Is Coming From” report released Tuesday by Aite Group LLC. The report surveyed more than 6,000 consumers in 20 nations.


Only Mexico, at 56%, and Brazil, at 49%, surpassed the United States in the latest study.


As for debit card fraud, the U.S. rate held fairly steady at 21%, up from 20% in 2014. Mexico, at 34%, Brazil, 25%, India, 23%, and France, 22%, had higher debit card fraud rates than the United States.


The growth in the number of consumers who experienced card fraud in the United States is tied to the massive EMV migration, says Ben Knieff, Aite senior analyst. But consumers’ own habits, including leaving phones unlocked and chucking statements with account numbers and other information on them, is also fueling U.S. card fraud, the Aite research found.


“In general, the U.S. is quite a bit behind, especially with respect to EMV,” Knieff says via an email. “While the U.S. is migrating to EMV, the chip-and-signature implementation is less than ideal. We expect to see increases in card-not-present fraud as well as application fraud throughout the EMV migration.”


Most U.S. chip credit card issuers have opted for chip-and-signature instead of chip-and-PIN authentication, arguing PINs would be disruptive to the checkout process. Some retailers, like Wal-Mart Stores Inc., argue that Visa Inc. wants consumers to use signatures for EMV debit transactions, too.


The disruptive nature of the EMV migration is a factor, Knieff says. “While the U.S. does not have the highest rate of fraud, it is still quite significant. This is likely due to U.S. consumers being relatively high-value targets, and the U.S. card payments infrastructure is in transition.”


Another factor affecting card-fraud rates is consumer behavior. Globally, 54% of consumers engaged in at least one risky behavior, such as writing down a PIN or leaving a smart phone unlocked.


Indeed, the study indicates the most common risky behavior among U.S. consumers is leaving a smart phone unlocked, committed by 20% of respondents. Next is throwing documents containing account numbers in the trash, 18%; using online banking or shopping sites without security software or on a public computer, 14%; writing a PIN on a piece of paper, 9%; and responding to calls or emails asking for banking information, 8%.


“The level of consumer risky behaviors is certainly a bit of a surprise,” Knieff says. “The number of respondents that wrote down their ATM PIN, left their phone unlocked, and used insecure computers for banking is very high and puts many consumers at risk.”


Payments companies do aid efforts to counter overall card fraud, Knieff says.


“Education is critical, but that generally comes down to the issuers,” he says. “Payments firms, specifically online payments firms, do have an opportunity to educate customers and build trust. Different firms have different opportunities to provide protection to customer or offer fraud-management services to institutions. This could range from fraud analytics to loss insurance.”