Should you store Credit Card data online or in password managers?

Whenever Internet users make purchases online using credit cards, the online shopping sites or payment providers suggest to save the card information.

For the user, it is a convenience feature, as future purchases do not require typing the full credit card number and other requested data anymore. For sites, it also binds the customer, which means that they are more likely to use their services in the future. Information about Internet users is also of importance to many companies.

But the shopping sites and payment providers are not the only ones that may suggest to save the credit card information. The web browser or a password manager may also recommend that. It depends on whether the feature is supported in the browser, the password managers integration and functionality.

At least some Internet users may wonder whether it is a good idea to store credit card information in a password manager, browser or online.

The case for saving credit card information

The main argument for saving credit card numbers and data is convenience. Users do not have to have their credit cards with them to make purchases, once the number is saved. While some sites may request the three digit security code as verification, it is still more convenient than before.

Password managers and browsers encrypt the data and may support additional security features, such as two-factor authentication, to protect the data. These may be favorable over physical use of a credit card in some situations.

The case against saving Credit Card numbers

One strong argument against saving credit card information online, in browsers or in password managers, is that these add another attack vector. Sites may get hacked, and depending on how the information is saved, it may fall into the hands of malicious actors.

Password managers too are not offering 100% security. Last year's LastPass hack showed that high security sites may get hacked, sometimes using indirect ways, and that important user data may fall into the hands of criminals.

Browsers share the issue with online password managers, especially if they sync data to the cloud. Even local password managers are affected, even though it may be less exploitable because data is not stored online.

Apart from security concerns, there are additional reasons for skipping the "save card online" prompts when they are encountered.

The first is often found when companies offer trials of applications or services. Users who sign-up for a free trial may need to provide credit card information before the trial starts. The main issue here is that companies will charge the card automatically, if the user does not end the trial actively. Some may like the service, but some may forget about it and subscribe for a month, year or even longer to a service that they do not want to use.

Sometimes, users may pick different payment options to have better control over the processing of payments.

A second reason is that saved payment information paves the way for impulse purchases. A study in the United States from 2019 suggests that 83% of U.S. adults have already made impulse purchases.

Lastly, a case can also be made that someone with access to the computer, smartphone or tablet may make purchases using the stored payment information.

Closing Words

It is recommended to avoid saving payment information only. Even though that makes purchases online a tad less convenient, it is improving security, reducing the likelihood of erroneous payments and impulse purchases.

Should you store Credit Card data online or in password managers?