Are websites storing my credit card information?
Have you ever purchased an item online and saw that your credit card information popped up in an autofill? Or maybe you saw an option to click on your credit card as your payment method? If so, that website may have stored your credit card information. Knowing this information could be helpful to help keep your credit score protected from potential fraud or theft. You may consider enrolling in free tools like Chase Credit Journey®, which comes with identity monitoring alerts. These alerts will notify you if there’s suspicious activity on your account so you can take action before things escalate.
In this article, we will discuss:
- When credit cards are saved online
- Digital wallets and other storing locations
- What to consider before saving your credit card information on a website
- How to check where your credit card is being stored
- How to remove saved credit cards
When are credit cards saved with an online merchant?
Just about any time you make an online purchase you’ll be prompted to either make an account with that merchant and/or be required to input your credit card information to process your transaction. If you decide to create an account, you may be asked to provide information such as your name, phone number, email address and your payment method. This could include your credit card number, Card Verification Value (CVV)—a three or four-digit number on your credit card designed to add an extra layer of security—and expiration date.
Once you’ve input this information and created an account, the website will save this credit card information. You may notice that the next time you purchase from this merchant your credit card is saved and you can click on it as an option rather than input the information again.
If you checkout as a guest, your credit card information may not be stored on that site—however, it could be saved to your browser instead, in which case you might notice an autofill.
Autofill saved credit cards
Autofill is a function on the computer that will automatically populate fields that have been filled out before. For example, if you’ve had to type in your shipping address, your browser may have saved this information so that when you go to write your address again on another website, you’ll have the option to fill it in with the address you used before.
The same can happen with credit card information. Let’s say you use a credit card to make a purchase on a store’s website. If your browser has this information stored, you may be able to automatically fill in your credit card information on other websites. As a security measure, there may be a pop-up that asks for the CVV and expiration date. These pop-ups can happen either on your computer or your phone/smart device.
Digital wallets and other storing locations
You may notice that your credit card information is also stored in other ways, such as on your phone. For example, you could add your credit card information to your phone’s digital wallet and use your phone to scan like a credit card when you check out in person. Most digital wallets—like ApplePay® and Google Pay®—are encrypted to keep your information safe. However, your information may be more susceptible to theft, especially if your phone gets stolen and hacked into.
You may also notice that your information is stored on certain apps on your phone, including those that have a subscription associated with them. If you’ve used a card to pay for subscriptions or features within an app, you likely have this information saved. These charges may become automatic payments that use this same credit card that you signed up the account with.
What to consider before saving your credit card info on a website
Having your credit card information stored on a website can be convenient because it allows you to you make the checkout process quicker. However, there are a few things you should keep in mind:
- Remember that credit card fraud and theft can occur when your information has been shared online, even when you have a password-protected account with that site.
- There could be possible errors on your credit report (which you can dispute) and potentially hurt your credit score.
- By storing credit card information, you increase your chances of identity theft. While rare, it’s worth noting that sensitive information can be stolen especially when using a public Wi-Fi or device.
Fraud can occur if you use a public device (such as a computer at a library) so try not to share sensitive information including your credit card number on these devices. The same applies to public Wi-Fi networks. If you share this information using an unsecured network, your information could be vulnerable to hackers who can steal your information.
To ensure your information is kept safe, here are a few questions to consider before saving your credit card information on a website:
Is the website secure?
Before making an online purchase with your credit card, be sure that you’re using a secure website. Most secure sites include “https" or “.org” in the URL. Avoid websites that appear to be questionable or ask for even more information, such as your Social Security number (SSN).
You will also want to make sure you are connected to a secure network and not a public one, as someone could obtain your credit card information by accessing your online activity. Hackers can access your traffic through open Wi-Fi hotspots (otherwise known as "rogue hotspots"), collect your information and put malware onto your device. They can also use your information to sell it on the dark web, where criminal activity can occur.
To protect your credit, you can enroll in Chase Credit Journey’s dark web monitoring service, which notifies you if your information—such as your SSN—is found on the dark web. You can also get notifications about changes in activity related to your account to help monitor your credit and make changes as needed.
Is your password strong?
Using a weak password or using the same password for multiple sites can increase your chances of identity or credit card theft. To avoid this, be sure to use a strong password for accounts that also save your credit card information. Your browser may want to try and save your credit card information to help populate the forms but securing this information with a password manager is much safer than saving it on the site.
Some tips for creating a strong password include:
- Never use personal information—including your name, birthday or email address
- Use a longer password—try to use at least 6 characters, more is better
- Diversify—include numbers, symbols and both uppercase and lowercase letters
- Consider using a passphrase—a passphrase uses a series of words and generally contain more characters than most passwords, but is easier to remember
You may also want to consider using a secure password manager to help store your information in case you forget your passwords.
Remember, in case your information is found or there’s potential fraud, you can enroll in Chase Credit Journey’s identity monitoring and dark web monitoring services. The sooner you’re made aware of this activity, the quicker you can take action to help protect your credit.
Who has access?
If you’re using a website or platform that multiple people use, such as video or music streaming services, keep in mind that other people could be making purchases using your credit card information without you realizing it. With an autofill or saved password, it’s easy to mistakenly use someone else’s credit card information. Keep track of who uses which accounts and check in with the users to make sure any additional purchases are accurate.
How many websites have your credit card information?
It can be relatively easy to have your account information stored online, and many people use online payments. Studies have shown that, as of 2018, 3 out of 4 Americans have shopped online. Additionally, a report by the Federal Deposit Insurance Corporation (FDIC) shows that in 2021, 46.4% of all households were using nonbank online payment services, including PayPal, Venmo and Cash App.
Are you using a public Wi-Fi or device?
If you make a purchase using a computer at a public library for example, it’s possible for someone else to tap into that computer and steal your information. Other locations where Wi-Fi environments are accessible, and thus pose a risk, include cafes, airports, restaurants, grocery stores and entertainment venues.
How to check where your credit card is being stored
If you want to see where your credit card is being stored, here are a few steps you can take.
Account login
First go to the website that you recently purchased from. You may need to log in if you have an account associated with that site. Then, see if you can find your information by going to a profile tab or payment settings. You may find your credit card information stored there.
Check your browser
Another way to check where your credit card is stored is by looking into your browser’s settings. You could find that your browser automatically saves information like your credit card (as well as your name or address). You can change your browser’s settings to remove this information or to no longer save it.
To ensure your information has been removed, look into your browser's settings and extensions. You can clear and update settings by going to your browser's privacy settings. From there, you can make updates for autofill and saving information. You can also clear your browser’s cache and empty cookies to avoid your information from being saved in the future.
Check your subscriptions and apps
You may want to go through the applications on your phone as well and check your subscriptions with various platforms (for example, music or video streaming services). You could find that you’ve subscribed for a free trial for an app but are now getting charged for the service once the trial ended. By monitoring your purchases, you can build better money habits and adjust your budget to meet your needs.
You can also use tools like Chase Stored Cards, which helps you to track online purchases, review repeat payments and link your card to merchants. This tool can also help you keep track of where you have your credit cards stored and notify you if there’s been suspicious activity.
How to remove saved credit cards
Some sites will allow you to remove your credit card information while others may only allow you to replace that card with an alternative payment option. To do this, go to your profile on that website or try accessing your settings. There could be a tab for “payment method” as well, where you can choose to use another payment platform to make your purchase rather than your credit card information being stored. Finally, be sure to check your browser’s settings to make sure future information isn’t saved.
In conclusion
Storing your credit card number with your favorite online stores can make the checkout process much easier. It can also be useful to have your credit card saved to your phone, especially if you forget to bring your physical card with you. However, keep in mind that storing sensitive information like this can put you at greater risk for fraud, theft and stolen identity.
Being mindful of where and how you save your credit card information can help you better manage your purchases and protect your credit score. To help monitor, manage and protect your credit score, enroll in Chase Credit Journey. This free online tool will update your score regularly so you’re aware of changes and how they affect (or may affect) your score.