The convenience is real. So is the risk. Here's the framework for deciding, site by site.
Every checkout asks the same question: "Save this card for next time?". Saying yes saves you sixty seconds the next time you shop. It also means the site keeps your card number on file, which means when (not if) they get breached, your card goes into the leak. Here's how to think about it without becoming paranoid.
If you're shopping at a site once — a one-off birthday gift, a one-time service — never save the card. The thirty seconds of next-time convenience never comes; the breach risk is forever. Default to NOT saving unless the site is one you genuinely use monthly.
Big established retailers (Amazon, eBay, Coles, Woolworths, Apple) hold cards in tokenised form — they don't actually store the card number, they store a one-way reference that only their payment provider can use. Smaller and mid-tier retailers often store the full card number in their own database. The bigger and more established the site, the safer saving the card actually is.
Credit cards have stronger consumer protections than debit cards in Australia. If a credit card is compromised, the bank wears the loss while it's disputed. With a debit card, the money is gone from your account immediately and you spend weeks getting it back. Save credit cards on sites; never save the debit card.
Modern banks (ING, Up, Macquarie, CommBank's Smart Spend) let you generate single-use or merchant-specific card numbers for online checkout. The merchant gets a number that's only valid for that one transaction or that one merchant — if their database leaks, your real card is untouched. Game-changer for online shopping.
When a site you've used emails you about a breach (usually 30+ days late), don't wait for fraudulent charges. Call the bank, ask for a card cancel and reissue. Most banks ship the new card in 3 business days. The hassle of updating saved-card details elsewhere is much less than the hassle of recovering stolen funds.
If you run a business with multiple SaaS subscriptions (Xero, M365, Adobe, AWS, Canva), use ONE dedicated business card for them, separate from the operational card. Lower transaction volume on it means breach detection is easier, and rotating it doesn't disrupt main banking.
Card safety extends into online shopping and fake-store detection.
whedo.it includes a SaaS subscription + card-storage audit in the annual security review for managed clients. Catches dormant subscriptions, weak vendors, and forgotten cards-on-file. Find one savings, the audit pays for itself.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director