Protect: Security for bank cards

You don't have to enter your card details every time you make an online payment. You can store your card data encrypted in the the Yandex Browser beta version or on the Yandex server. Yandex Browser protects your payment data by warning you if you enter your card number on an unsafe website.

  1. Saving your bank card info
  2. Managing your bank cards
  3. Card syncing
  4. Disabling the Bank card manager
  5. Security warning
  6. Disabling card protection

Saving your bank card info

When you enter your bank card details in Yandex Browser for the first time, the browser asks whether you want to save this information and use it for autofilling online payment forms in the future.

You can also link your card to your Yandex ID.

Storing cards in Yandex Browser and Yandex ID
Properties Yandex ID Yandex Browser

Where can I pay?

  • In online stores that are integrated with Yandex Checkout.
  • In Yandex services.
  • In Yandex mobile apps.
In any online store or online payment service.
How is my data protected?

Your data is protected by the PCI DSS standard developed by VISA and MasterCard.

AES-256-GCM encryption is applied with a key used for password encryption. For better protection, create a master password. A key protected with a master password is almost impossible to decipher.

Can any online stores or other online payment recipients access my card data?

No.

Yes, just like when you enter your card details manually.

Select the storage for your card data:

  1. Click   → Passwords and cards.
  2. Open Settings.
  3. Under Bank cards, select the option from the list in the Offer to save card information by default field.

Managing your bank cards

You can manually add, change, or delete your bank card details in the Bank card manager.

Note. We strongly recommend protecting your bank card info with a master password.
  1. Click   → Passwords and cards.
  2. If you have already created a master password, enter it to access your vault.
  3. Open Bank cards.
  4. Click Add in the upper-right corner.
  5. Fill in the form fields.
  6. Click Add.

Card syncing

For security reasons, card data is synced if you're using a master password. Card data is securely protected during synchronization.

Card syncing stops if syncing is fully disabled. To disable only password and card syncing:

  1. Click   → Settings → Sync settings.
  2. Deselect the Passwords and cards option.

Disabling the Bank card manager

Note. Even if you disable the bank card manager on your computer, it still stays enabled on other devices.
  1. Click   → Passwords and cards.
  2. Open Settings.
  3. Under Bank cards, click Turn off bank card autofill.

The browser will no longer suggest bank card details in payment forms or offer to save cards. Previously entered data will remain encrypted on your computer and will become available if you enable the bank card manager again.

To do this, go to Bank cards and click Turn on bank card autofill.

Security warning

Hackers may try to get your payment information (card number, name, expiration date, and CVV2) and use this data to steal money from your account. Your payment information may be at risk in the following situations:

  • The online payment form was published on a fraudulent website.
  • The site accepts payments by card but it doesn't use a secure HTTPS connection.
  • The payment form is hosted on a domain that's different from that of the main site.

When you enter your bank card number, there are two types of warnings that Yandex Browser may display:

  • There is a clear risk that your data could be stolen. In this case, the SmartBox displays the  icon and a warning window opens.
  • There is no clear risk of data theft, but there may be a potential security problem. In this case, the SmartBox will display the  icon.

When you enter your bank card number, there are two types of warnings that Yandex Browser may display:

Click the card icon in the SmartBox to learn more about the problem. You will see one of the messages:

Message What it means

You are entering card number **** on example.com, which doesn't use reliable encryption. Your payment details may be intercepted by hackers.

Yandex considers the site to be suspicious or the site uses the non-secure HTTP protocol during payment processing.

Don't proceed with payment, otherwise hackers may get access to your payment data.

“Certificate name” can see your bank card information.

Yandex does not recognize the site certificate (certificates confirm a site's authenticity and are part of the data encryption process over HTTPS).

Check the origin of the certificate and decide if you trust it.

The connection with this site is not encrypted, but your bank card data will be sent to example.com, which is secure.

The form you use to enter your payment information is located on a different site from the one where the payment is actually made. It's likely that you ended up on a phishing page.

Make sure that you trust the site where the payment form is located.

Your bank card data will be sent to a different site, example.com, which is secure.

Disabling card protection

Attention. We don't recommend disabling card protection if you are going to pay for your online purchases in Yandex Browser.

If you want to disable card protection in Yandex Browser, follow these steps:

  1. Click  → Settings.
  2. Go to the Protect tab at the top of the page.
  3. In the Threat security section, deselect Phishing protection for bank cards.