(Credit: Zooey Liao/PCMAG/Adobe Stock)
The next time you're standing in the grocery checkout line, imagine the clerk asking, “Would you like me to save your credit card for next time?” That would feel strange—maybe even alarming. Yet we accept the digital version of that question every day when our browser offers to store our card details or a shopping site asks to remember them. Here's some easy advice: Don't say yes. Scattering your payment information across the internet is how many bad stories begin—and none of them end well. I'm here to walk you through the dangers of storing your credit card online and show you the steps you can take to protect yourself.
The Problem With Letting Your Browser Handle Money
By default, popular browsers include some password management features. When you log in to a website in Chrome, Edge, Firefox, or Opera (among others), the browser offers to remember the login credentials for you. Next time you visit the site, it will offer to fill in those saved credentials. Convenient, right? However, we advise against using this kind of partial password management and instead suggest installing a dedicated third-party password manager. A dedicated app keeps your passwords safer than any browser, and it works across multiple browsers and multiple devices, including your phone or tablet.
Likewise, we advise against storing payment information in the browser. A data-stealing Trojan or a compromised browser extension could give hackers access to your data. And if the device is stolen, all bets are off. At least with a password manager, there's another level of security between the user and your credit card number.
You run into a different problem when you let a shopping website retain your payment card details. Yes, it’s convenient to have credit card information populate automatically on your next visit, but most password managers let you accomplish the same convenience with better security. Your private details are encrypted in the password manager and autofilled only after you’ve authenticated with the password app. That’s a lot better than having the information scattered all around the web, on sites that you may have forgotten.
It’s conceivable, though unlikely, that a shopping site could go rogue and sell your payment details on the dark web. A much more likely scenario involves the site getting hacked. Depending on how secure the site is (or isn't), attackers might be able to obtain full credit card information.
How to Reclaim Your Payment Data
If you left the default settings active, your browser may already be stuffed with saved payment details. And if you’ve accepted the suggestion to sync your browser data across all your devices, that data is accessible from any of the devices. Yes, the same is true when you store that data in a cross-platform password manager, but third-party apps offer significantly better security. It’s their business, after all.
So how do you know what your browser is doing, and what data it has stored? For each browser you use regularly, check the settings. Turn off capture and replay of payment methods and delete any that may already be stored.
(Credit: Google/PCMag)In Chrome, open the settings page and click Autofill and passwords in the left-side menu. Open the Payment methods panel and check if any items appear at the bottom, where it says Saved payment methods will appear here. If so, delete them. Now turn off every setting related to payment methods.
Those using Firefox will start by opening Settings and clicking Privacy & Security in the menu on the left. Scroll down past the section on saving and replaying passwords until you reach the Payment methods heading. There’s just one main item to disable, titled Save and autofill payment info. Don’t forget to click Manage payment methods and delete any cards that may already be stored.
(Credit: Microsoft/PCMag)In Edge, you start by clicking Passwords and Autofill from the menu on the left side of the Settings page. When you choose Payment methods, you get a goodly handful of settings. Turn them all off and, as with the other browsers, delete any saved cards.
If you’re using Brave, DuckDuckGo, Opera, or another browser, the process should be similar. Open the settings page and search for “payment” for starters. Finding the needed configuration options shouldn’t be difficult.
When "Remember Me" Means "Remember Everything"
The first time you make a purchase on a new website, you can’t avoid filling in a lot of information. Email, phone number, shipping address, credit card details...it’s a lot. When the site offers to save that information for next time, the offer seems tempting.
(Credit: Tulku Jewelry/PCMag)The problem is that you have no control over the security of the data you’ve just given away. A data breach could put your address, phone number, and credit card details in jeopardy. Even if the credit card data is protected, your other personal details could wind up profiled by data brokers, a blow to your privacy. And, as noted earlier, a less scrupulous site might sell your data to pick up a little extra cash.
Cleaning up this sort of exposure after the fact isn’t nearly as easy as wiping out your payment details from the browser. For sites you’re still using, erasing existing details may not even be possible. You may find that the only way to remove a payment method is to replace it with another. In such a case, consider switching to PayPal or another supported service.
As for those accounts you’re not using, well, your data is just as exposed as ever. Your best bet is to close those accounts. Which accounts? If you’re using a password manager, try sorting the list of saved credentials by most recently used, then start examining the accounts that have been idle the longest. Yes, it’s a DIY task, and it's tedious.
(Credit: McAfee/PCMag)Some security suites and related products recognize the danger of forgotten accounts and include features to help you clean them up. The Online Account Cleanup feature in McAfee+ is a shining example. You give it full access to your email account (Gmail, Yahoo, or Microsoft) and it combs through messages to identify your accounts. At its top pricing tier, it even helps you with canceling those accounts.
Smarter Ways to Pay Online
I’m not saying that every time you want to make an online transaction, you must drag the old wallet out of your pocket or purse and laboriously enter the credit card details. All the best password managers include the ability to store payment card information in a secure, encrypted vault and automatically fill it in as needed. Typically, they’ll also fill in data like your shipping address, saving you that trouble.
You could also eschew using credit cards altogether, at least for online purchases. Many websites accept mobile payment apps like Apple Pay, Cash App, Google Pay, or Samsung Pay. Despite the name, these aren’t just for mobile devices. When you pay with an app, there’s no credit card number involved, just a one-time transaction code.
Your credit card issuer may offer a similar option: a one-time code instead of exposing the actual credit card number. American Express, Capital One, and Citibank are among the issuers that make using virtual cards simple. Each transaction uses a unique ID, so even if a hacker intercepts it, they’re left with nothing useful.
If your favorite credit card doesn’t offer this service, you can seek help from a third party. With IronVest, for example, you can shop online using what it calls a masked credit card, which works just like a virtual card. IronVest can also mask your email and phone number, and fill web forms with your address and other needed information.
Letting your browser store payment information is convenient but risky. Having dozens of individual websites randomly holding that information for your next visit is likewise problematic. Your best bet is to have a password manager store and fill that information for you, or to use an alternative to regular credit cards online.