You're shopping online. You find the perfect item, proceed to checkout, and pay. Your browser remembers your username. It might even remember your password, based on what you've entered in the past.

But then it asks whether you want it to save your credit card information. Can you trust your browser with keeping that secure? Should you avoid Autofill altogether? And how can your browser keep your financial data safe when you're visiting websites?

What Exactly Is Autofill?

We trust our browsers with a huge amount of data, mostly because we feel we have to. You must have confidence that your browsing history, for instance, won't be leaked en masse. Yet many of us are wary of the private information collected and used for advertising.

Nonetheless, we become complacent and let Autofill (a feature in web browsers like Google Chrome) and Autocomplete do the hard work for us.

No one likes filling in forms, and so Autofill will add in your email, phone number, and address for you if you want. Most mainstream browsers do this, notably Google Chrome, Safari, and Microsoft Edge, the three that boast the lion's share of the market. You can also use Autocomplete on Opera and Mozilla Firefox, both of which are especially well-known for their focus on maintaining your privacy.

You might think this is all done through cookies stored automatically, but implementation is more complex than that. It's not simply a case of storing information: it's also about presenting it in the appropriate fields.

There's a section devoted to Auto-fill on your browser, so you can add in your credit or debit card information and rely on that in future. On Chrome, all you need to do is visit "chrome://settings/autofill"and enter payment methods.

But can you trust your browser with your payment details?

Should You Use Autofill for Payment Methods?

man typing on his laptop while he is holding and looking at a credit card

The problem with using Autofill for credit card information isn't about trusting your browser. It's about hackers gaining access to this through phishing sites.

Phishing is simply a fraudulent means of obtaining personal information. Websites set up by cybercriminals may have text boxes for basic information which we regularly give up anyway. Despite the value of personal data, we often submit our names and email addresses. They don't feel like a valuable commodity anymore because we use them to sign up for social networks, online shops, and newsletters.

If you've got Autofill turned on, these text boxes can be automatically filled in. But some phishing sites have hidden elements. These won't be seen by users, but dig into a page's script, and malicious code reveals secret intents. These trick your Autofill function into adding private data which you've not approved of on the site but have within your browser.

Not all browsers do this. Chrome and Firefox only add credit card details into boxes you specifically click on. If a form element isn't visible, then you don't click in the box, so Autofill doesn't relinquish any further data.

That's not the only concern, though. Your main worry should be: what happens if someone else gets access to your browser?

This is possible in a couple of notable ways. The first is simple. Someone uses the same device. You probably trust the people you share a computer with, but junked or recycled hardware can be a serious security threat. Ideally, you'll clean all data from any devices you're passing on.

Another means is, once more, through phishing. Malware can spread through an email or social media campaign and collect details stored within browsers like Chrome and Firefox, i.e. cookies and credentials used for Autofill.

You store data locally, but that doesn't mean a third-party can't access it.

Can You Trust Your Browser to Transmit Data?

Online stores Google Chrome Autofill credit card options

If you can't entirely trust your browser to Autocomplete your financial details, how can you trust it with payment details at all?

Browsers recognize that they have a duty of care. If they don't look after users, those disgruntled customers will switch to one of their competitors.

Data sent between your device and a site's server should be encrypted. This means private information is rendered unreadable to anyone without the correct decryption key, i.e. your password. Check a site is secure by looking at the URL; if it reads "HTTPS", that extra "S" stands for "Secure".

You could also use a Virtual Private Network (VPN), which acts as an enclosed link between two destinations. Picture a tunnel between your PC and the website you're using. No other parties can look at what's going through that tunnel unless they're at either end-point. VPNs even protect your data when your device is connected to a public network.

VPNs are typically a regular expense. Opera claims it has one built-in, but there's some debate as to whether Opera's VPN is actually a proxy. Most browsers don't boast this feature. This is partly because VPNs stop the collection of cookies, which many consider enhance your online experience (even though they can be exploited). If you're looking to encrypt data properly without the expense, you can check out some free VPNs; however, we recommend a paid-for one instead.

Let's not forget that you have no choice but to trust your browser to some degree. If you shop online, you must have confidence that your browser takes the necessary security measures. Otherwise, you're reduced to solely visiting bricks-and-mortar stores.

What Are the Benefits of Using Autofill?

storing password credit card details browser

There's a lot to like about Autofill too. For one, it's generally offered by browsers for free. Considering that means it's a password manager you don't have to pay for, that's certainly a positive as these services can otherwise be costly.

The obvious benefit is that you don't need to remember all your login and payment details for every site you visit. Nonetheless, some merchants will still ask for the CVV, i.e. the three-digit number on the back of your credit or debit card which some Autofill functions don't store, to verify that you're in possession of the card itself.

And there is a security benefit to using Autofill. If your device is infected by a keylogger, Autofill may stop cybercriminals from getting hold of some of your details. A keylogger is a piece of spyware that can track every keystroke you make and can often go unnoticed. If you're not actually typing in your passwords or card details, keyloggers can't collect that data.

How Do You Turn Off Autofill?

If you've decided Autofill isn't for you, you can turn it off. The process is different depending on the browser you use. Still, it's easy to do. On Chrome, for example, click on the vertical ellipsis in the top right-hand corner then go on Settings > Auto-fill. Or take a shortcut by going to "chrome://settings/autofill".

From there, you can turn Autofill off completely, or just instruct Chrome not to collect payment methods.