Protect: secure your bank cards

You don't have to enter your payment details every time you buy something online: you can store your encrypted bank card information in the browser or on the Yandex server. Yandex Browser protects your payment data by warning you if you enter your card number on an insecure website.

  1. Saving your bank card info
  2. Managing your bank cards
  3. Synchronizing cards
  4. Disabling the Bank card manager
  5. Security warning
  6. Disabling card protection

Saving your bank card info

When you enter your bank card details in Yandex Browser for the first time, the browser asks whether you want to save and use them for autofilling online payment forms in the future.

You can also link your card to your Yandex account.

Differences in storing bank card details in Yandex Browser and on the Yandex server
Features Yandex account Yandex Browser

Where can I pay?

  • In online stores integrated with Yandex.Checkout.
  • In Yandex services.
  • In Yandex mobile apps.
In any online store or online payment service.
How is my data protected?

Your data is protected by the PCI DSS standard developed by VISA and MasterCard.

AES-256-GCM encryption is applied with a key used for password encryption. For better protection, create a master password. A key protected with a master password is almost impossible to decipher.

Do online payment services have access to my bank card details?

No

Yes

Managing your bank cards

You can manually add, change, or delete your bank card details in the Bank card manager.

Note. We strongly recommend protecting your bank card info with a master password.
  1. Click  → Passwords and cards.
  2. If you have already created a master password, please enter it to access your data storage.
  3. Go to Bank cards.
  4. Click Add in the upper-right corner.
  5. Fill in the form fields.
  6. Click Add.

Synchronizing cards

For security reasons, card data is only synchronized if you're using the master password. Card data is securely protected during synchronization.

Bank card data is currently synchronized only between computers. When mobile devices are able to store bank card details, you will be able to synchronize your card info across all your devices.

Disabling the Bank card manager

To disable card info saving, follow these steps:

  1. Click  → Passwords and cards.
  2. Go to Settings.
  3. In the Bank cards block, click Turn off bank card autofill.

The browser will no longer suggest bank card details in payment forms or offer to save cards. Previously entered card data will remain encrypted on your computer and will become available if you enable the Bank card manager again. To do this, in the Bank cards block, click Turn on bank card autofill.

Security warning

Hackers may try to get your payment information (card number, name, expiration date, and CVV2) and use this data to steal money from your account. Your payment information may be at risk in the following situations:

  • The online payment form is on a fraudulent website.
  • The site accepts payments by card but it doesn't use a secure HTTPS connection.
  • The payment form is hosted on a domain that's different from that of the main site.

When you enter your bank card number, there are two types of warnings that Yandex Browser may display:

  • There is a clear risk that your data could be stolen. In this case, the SmartBox displays the icon and a warning window opens.
  • There is no clear risk of data theft, but there is still a potential security problem. In this case, the SmartBox displays the icon.

When you enter your bank card number, there are two types of warnings that Yandex Browser may display:

Click the icon in the SmartBox to learn more about the problem. You will see one of the following messages:

Message Description

You are entering card number **** on example.com, which does not use reliable encryption. Your payment details may be intercepted by hackers.

Yandex considers the site to be suspicious or the site uses the non-secure HTTP protocol during payment processing.

Don't proceed with payment, or else your data may end up in the hands of hackers.

“Certificate name” can see your bank card information.

Yandex does not recognize the site certificate (certificates confirm a site's authenticity and are part of the data encryption process over HTTPS).

Check the origin of the certificate and decide if you trust it.

The connection with this site is not encrypted, but your bank card data will be sent to example.com, which is secure.

The form you use to enter your payment information is located on a different site from the one where the payment is actually made. It's likely that you ended up on a phishing page.

Make sure that you trust the site where the payment form is located.

Your bank card data will be sent to a different site, example.com, which is secure.

Disabling card protection

Attention. We don't recommend disabling card protection if you plan on making payments in your browser window.

Follow these steps if you do want to disable card protection in your browser:

  1. Click  → Settings.
  2. Go to the Security tab at the top of the page.
  3. In the Threat security section, disable the Phishing protection for bank cards option.