Should you be storing Credit Card numbers online for auto-debit transactions?

In today’s fast-paced world, the ‘remember me’ feature is common across email services, online retailers, telecom service providers, and other utility or services alike. Similarly, companies that charge you on a recurring basis (or offer a subscription) often ask you to store your Credit Card information on their respective websites for instant payment. By doing this, you no longer have to scurry for your Credit Card each time you need to make a transaction.

However, while this might be a matter of convenience for you, it also offers hackers a way to steal your information.

How much information is stored online?

Information is stored online under the Payment Card Industry’s Digital Security Standard (PCI DSS) whereby websites (of both online and offline retailers) can store the cardholder’s name, Credit Card number, and the expiry date. However, they cannot store the security code (CVV); failure to adhere to this rule can result in a hefty fine. Overall, storing Credit Card information is regulated by the RBI but this shouldn’t be enough reason for you to not worry.

Why shouldn’t I save my Credit Card details?

It is undeniably convenient to store your card details on the browser and use the Autofill option for future purchases. However, the problem arises if your account gets compromised. Once that happens, nothing stops cyber criminals from misusing your details, which can potentially result in financial loss. In the recent past, massive data breaches have come to light, putting the security of thousands of account holders at risk.

In 2013, Target suffered a Credit Card data breach that affected more than 40 million customers. Even though the larceny occurred from a point-of-sale machine and not their website, one can imagine the risks involved in storing Credit Card details online. More recently, in January 2018, Google OnePlus was targeted in a similar fashion and information related to 40,000 customers was compromised.

Using the Autofill option on sites like Amazon and Netflix is different from saving your card details on a site without strict security protocols. Making that extra effort to enter your card details each time you make an online purchase can go a long way in keeping your money safe.

Alternative means

A good alternative to storing Credit Card information is to opt for a virtual Credit Card. It affixes another layer of security to your online payments by giving you a unique number that’s tied to your Credit Card but isn’t your original card number.

While the safest measure would be to avoid using the ‘Save Details’ option on a website, you can store your card information using guest credentials.

Another viable option is a payment gateway. It is safer to share your financial information with a site that provides you with safe checkout options by letting you pay through trusted gateways – Amazon Pay, PayPal, WePay, Stripe etc. – than a site which does not guarantee the encryption of your card details.

A final safety measure

The more you make recurring purchases online, the more cautious you need to be about data security. Check your Credit Card issuer’s website or your bank’s website at least once a week for any unauthorised deductions. If you see anything out of the ordinary, contact your bank immediately. Banks usually reverse any unauthorised transactions however the extent of liability depends on how soon the fraud activity was brought to their notice. Also, you will need to contact your card issuer to enable your Credit Card for international transactions with effect from 1st October, 2020. As per RBI guidelines, international transactions will no longer be possible otherwise. This measure is meant to add an extra layer of security to Credit Card accounts.

Looking to apply for an HDFC Bank Credit Card? Click here to get started!

Unsure how to use your Credit Card? Read more on how to use your card wisely!

*Terms and conditions apply. Credit Card approvals at the sole discretion of HDFC Bank limited. Credit Card approvals is subject to documentation and verification as per Banks requirement.