Whether you’re ordering dinner from Uber Eats or buying that bestselling embarrassing product you’re too humiliated to get in the store, many of us purchase things online. It’s simply too easy, the convenience too great.
Eventually, the moment comes when the app or website asks for payment information. Unless you have your card memorized (no shame), you may have to dig through your wallet and meticulously type in each random number.
Or you may already have that information saved on your laptop, tablet or phone. Again, why say no to such ease and convenience when it’s available?
Unfortunately, this common timesaving tool is a major no-no, according to cybersecurity experts. They have several concerns.
“Storing your credit card information in your browser might seem convenient, but it exposes you to a number of risks if your device is breached,” said Melissa O’Leary, a chief strategy officer at Fortalice Solutions specializing in impersonation, fraud and cyber scams. “Your saved payment details will be an easy target for cybercriminals to steal.”
Ahead, O’Leary, a former chief adviser to the director of the Office of Administration at the White House, and other experts explain how people can steal your card information, how you can protect yourself and how to delete that data.
The Many Ways Scammers Can Steal Your Card Information
Unfortunately, if you store your financial info, your credit or debit card numbers can be stolen in more ways than you realize. Here are some of the most common scenarios.
They steal your phone, computer or laptop.
No matter how much you keep an eye on your valuables, they can still go missing, unfortunately — and that’s an easy way for people to steal your saved information.
“If an attacker gets access to your computer, they don’t need to be a criminal mastermind to steal your payment details,” said Zulfikar Ramzan, a cybersecurity expert and chief technology officer at Point Wild.
They access your info through public Wi-Fi.
As nice as it is to work in a coffee shop or the library, for example, be aware that public Wi-Fi isn’t as safe. People can gain access to your computer through the public network.
They use malware or spyware.
This can be installed on your laptop without you realizing it through phishing, websites, direct access to your computer and other means.
They steal info through leaks and breaches.
Perhaps two of the scariest words when it comes to data security.
“I’ve seen cases where individuals had their stored credit card data leaked in a breach, only realizing it when fraudulent charges appeared on their statements,” O’Leary said.
“Another unfortunate situation: I’ve seen somebody’s personal banking information leak after they stored it on a breached corporate device. It’s a frustrating and time-consuming process to dispute those transactions and regain control of your accounts.”
They use credential stuffing or account takeovers.
Once hackers gain your credentials — or username, password, email address and the like — they can access your system and accounts, Marlatt explained. Browsers have information stored in multiple places, and it can be fairly easy to access.
FG Trade via Getty Images
How You Can Protect Yourself
Feeling pretty discouraged? That’s understandable. Try to not feel too beaten down, though.
“Cybercriminals rely on convenience to exploit victims, but you have the power to protect yourself,” O’Leary said. “You are not at fault for cybercrime, but being proactive can help keep your accounts secure and prevent unnecessary stress.”
Ahead, experts shared their best tips:
First and foremost, stop saving your card information to your device.
Your simplest and perhaps best option is to not click the “save” button. You can still buy things from your phone or laptop, but type in your card information each time.
“When you type your card details, the stopwatch on risk starts and stops with the transaction,” Ramzan said. “But if you save that information in your browser, the stopwatch is always running.”
Save your information in a more secure way.
Rather than saving the information in your browser, Ramzan recommended a dedicated password manager that encrypts the details in a secure vault.
He added that banks often offer virtual or tokenized card numbers, too. They can be easily disabled if they’re compromised, which protects your main account.
Another option is saving the information on Apple Wallet. “The Apple Wallet stores information locally on your iPhone, iPad or watch with strong encryption,” Maxwell said. “Google [Wallet] does the same thing, but it also stores more information on its cloud, making your data more susceptible to attack.”
But again, if your phone is lost or gets stolen… well, you may be SOL.
Enable two-factor authentication.
Also known as 2FA, this is when a system requires two forms of identification. For example, after entering your password, the system may send a code to your phone that you then have to type in.
O’Leary suggested enabling this wherever your financial information is stored. Usually, programs that have this option will offer it after you enter the info.
Monitor your bank statements.
As O’Leary mentioned above, some people don’t realize their credit card information has been stolen until they see suspect charges on their bank accounts. Make sure you monitor yours regularly — ideally online, since you can do it more often than with a mailed copy. This way, she said, you can catch suspicious transactions early and get ahead of the problem before it worsens.
Install reputable anti-virus software.
This can detect and block malware before it compromises your system, Ramzan explained. A couple of companies that offer this are McAfee and Norton.
As a side note, Ramzan encourages always updating your browser and phone. “Many attacks exploit vulnerabilities that could have been patched with a simple update,” he said.
Be careful when downloading and clicking.
To ensure that software isn’t needed — and to be extra safe — Ramzan recommends being cautious when downloading files and clicking links from unknown sources.
This particularly goes with “pop-ups offering urgent system updates, fixes to supposed problems on your system or free software, which are common ruses that attackers use to compromise your system,” he said.
The real key, he added, is securing your device. “Otherwise, it’s like building a fortress on quicksand — no matter how strong the walls are, the foundation will still bring everything down.”
If You’re Still Going To Store Card Information In Your Browser…
Let’s face it: The temptation to save your card info might just be too strong, especially when many of us lead busy lives and crave convenience. If that sounds like you, consider Ramzan’s advice below.
Only do it for one card.
That way, you only have that one card to worry about, freeze and replace.
“This approach reduces your exposure and makes it much easier to detect suspicious transactions,” Ramzan said. “More so, if you have information on multiple credit cards stored on one device, they can all theoretically be accessed in one fell swoop.”
Do it with a credit card.
“It’s worth pointing out that not all payment cards are created equal when it comes to security and recourse,” Ramzan said.
Credit cards typically have the strongest fraud protections, he continued, and gift cards have the least. Debit cards are in the “middle.”
How To Delete Your Credit Card Information From Your Browser
If you’ve already made this common mistake and want to fix it, the steps are straightforward.
-
Click on the three dots in the top right corner of your browser.
-
Select “Settings.”
-
Select “Autofill and passwords.”
-
Select “Payment methods.”
-
Select the radial button that says, “Save and fill in the payment method” until it is gray (turned off).
-
Under “Payment methods,” click on the three dots to the right of your credit card and select “Delete.”
-
When asked if you want to delete your card, click the “Delete” button.
-
Click on the three dots in the top right corner of your browser.
-
Select “Settings.”
-
Select “Profiles.”
-
Select “Payment info.”
-
Another tab will open for Microsoft Wallet. Under “Payment Methods,” you will see a credit card graphic with the last four digits of your card, the expiration date and the card brand logo. Click the card graphic and, when asked for your password, type it in.
-
You’ll see the option to edit your card details. At the bottom, you’ll have an option to “Remove.” Click that button.
-
You’ll be asked if you want to remove your card. Click the “Remove” button again.
“Additionally, make sure to remove saved credit card information from both your mobile and desktop browsers, as well as from retailer apps like Amazon, food delivery services and any other platforms that store payment details for quick checkout,” O’Leary said.
Taking steps like these might seem tedious, annoying or purposeless. And they’re worth it — even if you don’t see the proof in real time.
“Storing your credit card in a browser is like keeping a spare key under the doormat,” Ramzan said. “Most days, it’s convenient, and nothing happens. But the moment someone knows where to look, your whole house is wide open.”
