Protect: secure your bank cards

You don't have to enter your payment details every time you buy something online: you can store your encrypted bank card information in the browser or on the Yandex server. Besides, the Yandex Browser beta version protects your payment data by warning you if you enter your card number on an unsecure website.

  1. Saving your bank card info
  2. Managing your bank cards
  3. Synchronizing cards
  4. Disabling the Bank card manager
  5. Security warning
  6. Disabling card protection

Saving your bank card info

When you enter your bank card details in Yandex Browser for the first time, the browser asks whether you want to save and use them for autofilling online payment forms in the future.

You can also link your card to your Yandex account.

Storing cards in Yandex Browser vs Yandex server
Properties Yandex account Yandex Browser

Where can I pay?

  • In online stores integrated with Yandex.Checkout.
  • In Yandex services.
  • In Yandex mobile apps.
In any online store or online payment service.
How is my data protected?

Your data is protected by the PCI DSS standard developed by VISA and MasterCard.

AES-256-GCM encryption is applied with a key used for password encryption. For better protection, create a master password. A key protected with a master password is almost impossible to decipher.

Can any online stores or other online payment recipients access my card data?

No.

They can access the card data, just like when you enter your card details manually.

Select the storage for your card data:

  1. Click  → Passwords and cards.
  2. Open Settings.
  3. In the Bank cards section in the field Order to save card information by default, select the desired option from the list.

Managing your bank cards

You can manually add, change, or delete your bank card details in the Bank card manager.

Note. We strongly recommend protecting your bank card info with a master password.
  1. Click  → Passwords and cards.
  2. If you have already created a master password, please enter it to access your data storage.
  3. Open Bank cards.
  4. Click Add in the upper-right corner.
  5. Fill in the form fields.
  6. Click Add.

Synchronizing cards

For security reasons, card data is only synchronized if you're using the master password. Card data is securely protected during synchronization.

Bank card data is currently synced only between computers and Android smartphones. When other mobile devices support storing bank card details, you will be able to synchronize your card info across all your devices.

Card syncing will be disabled if syncing is fully disabled. To disable only password and card syncing:

  1. Click  → Save data.
  2. Disable the Passwords and cards option.

Disabling the Bank card manager

Note. Even if you disable the bank card manager on your computer, it will still stay enabled on other devices.
  1. Click  → Passwords and cards.
  2. Open Settings.
  3. In the Bank cards section, click Turn off bank card autofill.

The browser will no longer suggest bank card details in payment forms or offer to save cards. Previously entered card data will remain encrypted on your computer and will become available if you enable the Bank card manager again.

To do this, go to Bank cards and click Turn on bank card autofill.

Security warning

Hackers may try to get your payment information (card number, name, expiration date, and CVV2) and use this data to steal money from your account. Your payment information may be at risk in the following situations:

  • The online payment form is on a fraudulent website.
  • The site accepts payments by card but it doesn't use a secure HTTPS connection.
  • The payment form is hosted on a domain that's different from that of the main site.

When you enter your bank card number, there are two types of warnings that Yandex Browser may display:

  • There is a clear risk that your data could be stolen. In this case, the SmartBox displays the icon and a warning window opens.
  • There is no clear risk of data theft, but there is still a potential security problem. In this case, the SmartBox displays the icon.

When you enter your bank card number, there are two types of warnings that Yandex Browser may display:

Click the card icon in the SmartBox to learn more about the problem. You will see one of the following messages:

Message Description

You are entering card number **** on example.com, which does not use reliable encryption. Your payment details may be intercepted by hackers.

Yandex considers the site to be suspicious or the site uses the non-secure HTTP protocol during payment processing.

Don't proceed with payment, or else your data may end up in the hands of hackers.

“Certificate name” can see your bank card information.

Yandex does not recognize the site certificate (certificates confirm a site's authenticity and are part of the data encryption process over HTTPS).

Check the origin of the certificate and decide if you trust it.

The connection with this site is not encrypted, but your bank card data will be sent to example.com, which is secure.

The form you use to enter your payment information is located on a different site from the one where the payment is actually made. It's likely that you ended up on a phishing page.

Make sure that you trust the site where the payment form is located.

Your bank card data will be sent to a different site, example.com, which is secure.

Disabling card protection

Attention. We do not recommend disabling card protection if you are going to pay for your online purchases in the browser.

Follow these steps if you do want to disable card protection in your browser:

  1. Click  → Settings.
  2. Go to the Security tab at the top of the page.
  3. In the Threat security section, disable the Phishing protection for bank cards option.