Recently I allowed a customer to make a purchase on our website using our in store computer. Her personal and payment information are linked to ShopPay. Now because she made a purchase one time in my store, her payment credentials autofill on every site on the entire internet that uses ShopPay whenever I browse, meaning that I have the ability to make unlimited purchases using her credit card without her consent. I do not even know how to stop her payment information from autofilling on limitless stores everywhere that offers ShopPay. This is a serious security breach and needs to be fixed.
1 Like
Hi @bowerbirdretail ,
Thank you for reaching out to the Community. I’d be happy to provide some assistance with this request, to ensure it gets resolved.
This can be resolved by Signing Out by selecting Checkout as guest at the bottom of the page. While I can completely understand the impact, we always encourage individuals to access Shop Pay on their own devices due to the sensitive information it holds. If you have any troubles signing out of the account, please feel free to connect with us directly.
Please let me know if you have any other questions.
Right, but this isn’t an inconvenience to me. This is a security threat to my customer. A bad actor could misuse this information, and the customer has no reason to assume that this is ShopPay’s default behavior. Really it should be addressed, and I hope that this can be forwarded along to the appropriate dev team. There is a technical solution to this problem, not a customer service one.
1 Like
Right, but this isn’t an inconvenience to me. This is a security threat to my customer. A bad actor could misuse this information, and the customer has no reason to assume that this is ShopPay’s default behavior. Really it should be addressed, and I hope that this can be forwarded along to the appropriate dev team. There is a technical solution to this problem, not a customer service one.
1 Like
Hi, @bowerbirdretail
Thanks for your response. My name is Skye and I’lll be helping Blair today.
We definitely appreciate your concern regarding the potential for someone to take advantage of your customer. That being said, this is only maintained by your browser’s cache. Once you clear your browser cache the individual’s information will only populate on a Shopify store checkout if their phone number, or email is added.
Instructions on clearing your browser cache vary by browser. However, it is generally done via your browser settings.
This is very concerning to me as a Shop Pay customer. How do I ensure that all browsers I have ever used in the past no longer have my info? I don’t know where I’ve used it before? I’m concerned work computers or phones I’ve used in the past are connected to my account. I need to make sure no one has access. There should be a verification code required at every checkout as a minimum security requirement.
1 Like
Hey, @Kcjefff .
Thanks for joining the thread.
There is a verification code for Shop Pay, and you can learn more about that here: Shop Pay verification code. However, if you have any concerns with your Shop account being logged into browsers on other devices, then you can also Log out everywhere from Shop Pay to protect your account.
If you have any other questions on this topic, then don’t hesitate to let us know.