The autofill function speeds up online shopping by permanently storing credit card information in the browser. While this sounds convenient, it has a big security-related downside. Storing payment data in the browser or on numerous shopping websites significantly increases the risk of attack. Security experts therefore recommend a different strategy.
Why browsers are not a secure place for payment data
Modern browsers such as Google Chrome come with built-in functions for storing passwords and payment information. The problem is that browser memory is relatively easy to attack. Malware, manipulated browser extensions or security vulnerabilities can be enough to read stored credit card data.
Browsers store credit card details to speed up the payment process. This makes them an attractive target for hackers.
PC-Welt
If the device is stolen or compromised, payment and address data can fall into the wrong hands. Even though credit card numbers are encrypted, names, addresses, telephone numbers and email addresses often remain usable. Experts therefore recommend not storing payment information in the browser, but instead using dedicated, better-secured solutions.
Secure alternatives for online payments
Before you completely banish payment data from your browser, it’s worth taking a look at your browser settings first. Browsers such as Chrome now offer protection mechanisms that significantly reduce the risk of automatic filling.
Check first: these two browser settings should be active
1. Confirm identity before auto-fill
When this feature is enabled, you must first confirm your identity before saved payment methods are automatically filled in. This includes fingerprint, facial recognition or other display locks. This additional hurdle ensures that payment data cannot simply be used in the background. For example, by malware or when the device is accessed without supervision.
2. Disable card verification number (CVC) storage
Equally important: in the settings, you can specify that the card verification code (CVC) should not be stored. This removes a crucial piece of the puzzle for complete card misuse. Even if the card number and expiry date were compromised, in many cases a payment would not be possible without the CVC.
Step 1: Open the autofill settings under “Passwords and autofill” > Payment methods (Chrome). In other browsers, the names are similar or identical.
Step 2: Enable identity verification and disable the saving of CVCs
Sam Singleton
There are also several alternatives that are at least as convenient but significantly more secure than the autofill function in your browser.
1. Password managers
Dedicated password managers are a robust solution. They store payment data in encrypted form in a separate vault that is only released after active authentication, for example via a master password or biometrics.
The advantage: payment information is not provided automatically, but only used in a targeted and controlled manner. In addition, password managers work across browsers and devices, including smartphones and tablets. This reduces the need to store data multiple times and thus also the attack surface.
Read here to find out more about the best password managers that we trust.
2. Paying with Apple Pay, Google Pay & Co.
Digital wallets follow a different security principle than traditional credit card payments. Instead of transferring the actual card number, they use “tokenization” which is when a unique transaction code is generated for each payment.
The actual card details remain hidden from both the merchant and potential attackers. In addition, payments are usually linked to biometric confirmation. Even in the event of a data leak, any information that is intercepted is practically worthless.
3. Temporary virtual credit cards (one-time cards)
Temporary virtual credit cards are considered the most secure form of online card payment. This model uses changing or one-time card details, so that the actual credit or debit card does not appear in the payment process.
Technically, the provider generates a separate digital card number with a separate expiry date and verification number for each payment or for a specific merchant. After the transaction, this number loses its validity or is automatically replaced. Even if payment data is intercepted, it cannot be reused.
Services such as Revolut and Klarna offer such one-time or disposable cards, which automatically expire after purchase. These cards are particularly suitable for one-time purchases and orders from unknown online shops.
Note: Temporary cards are not suitable for recurring payments.
