Storing your credit card information on a retailer’s site, especially one you visit often, seems like a matter of convenience, but it can also lead to credit card theft. It gives you a reason to come back, as you won’t have to fill out a bunch of info fields every time. This also means that it’s more convenient for a hacker to steal a treasure trove of information.
The short answer is that no, it is not entirely safe. Let’s look at why, and how you can make your online shopping safter.
What Information is Stored?
On the bright side, not all of your credit card information is usually stored. Information is stored under the Payment Card Industry’s Digital Security Standard (PCI DSS). The standard is that, if a company stores the information at all, it should end with the cardholder’s name, primary account number (PAN) — the actual credit card number — along with the expiration date and service code.
What they cannot store is the three- or four-digit security code on the back of the card, or a PIN. Doing so can result in hefty fines for the retailer. Storing credit card numbers is well-regulated, but that alone should not give you peace of mind.
It should be noted that the PCI DSS applies to both brick-and-mortar stores as well as their websites. There’s specifications for the online portion, which includes a lot of jargon and sounds safe, which begs the question…
Is My Information Safe?
If the massive data breaches that seem to punctuate the news every few months are anything to go off of, the short answer is no, it’s not, and it’s safe to assume that if you have ever stored personal information — including credit card information — online at any point, it’s compromised. Target, for instance, saw 40 million customers’ credit card information stolen back in 2013. While this was from point-of-sale machines, and not their website, it still shows that you should be cautious. Four years later, security analyst Brian Krebs notes that targets for credit card theft are smaller chains, such as casual dining restaurants.
While your information might be more secure on the bigger online-centric retailers, such as Amazon, Netflix, or iTunes, it’s still wise to keep an eye out for any problems. Check your credit card statements regularly for any inconsistencies, as it could be a sign of fraud.
Storing credit card information on your browser and using autofill is not any more safe than the above discussed storage methods. The only benefit is that it can circumvent keyloggers. Since the credit card numbers still need to be used by the retailer, it doesn’t make them any more safe against a data breach. If you use them as guest credentials, however, and opt not to save the numbers to the website, you are slightly more secure. It’s harder to hack information saved to your browser than a big-name website. Virtual Credit Cards
A bit of a preface: If you are going to store information on a retailer’s site, make sure to use a credit card instead of a debit card. It’s much, much easier to recover from someone using your credit card number than from your debit card.
The best way to store your credit card is to instead use a virtual credit card, which will give you a number to use that’s tied to your credit card but isn’t your actual credit card. It’s another layer of security, and often the virtual credit card number isn’t for long-term use.
Unless you insist on keeping your card information on file, the best security practice is to use guest credentials or not click the box to “save” your payment information. It may be a hassle to plug in the card information every time, but it’s far more of a hassle to deal with credit card fraud. While it’s convenient storing credit card numbers on the retailers’ sites you visit most often, it’s a risk you need to weigh against the store’s ability to keep your information safe and the ingenuity of hackers.