Can VPN Steal Credit Card Info? 8 vital steps to take


Using a VPN to protect yourself against data theft is a good idea, especially when credit card numbers are involved.

Can a VPN Steal Credit Card Info? A quality VPN won’t steal credit card info, as the VPN will not be able to see your credit card info when you use secure HTTPS connections. Or will they install any malicious software to capture credit card info as it is typed into online forms either.

The following tips are a must to protect your credit card info online when using VPNs:

VPNs can look perfect on the surface, but on closer inspection they can be an absolute data protection and security disaster. As you will see below VPNs can steal your private data such as credit cards numbers by install hidden tracking on your device and by infecting your computer with malware. 

1. FREE VPNs can use malware to steal credit card info

Protecting yourself from spyware and other online threats that target your valuable personal information like credit card details becomes a problem with some free VPNs. As sometimes hackers are able to craft VPNS to access private data and sensitive information such as credit card details, bank account numbers and passwords.

You can protect yourself from specialized malware designed to steal your personal information by logging keystrokes and snooping on your browsing sessions by using a quality VPN.

If hackers get your information, they can sell it (the dark web has many sites offering credit card numbers for sale), or they can spend your money by buying untraceable items like bitcoin.

2. Be careful with smartphone VPN apps

A study of Android VPN apps[1,2] has found that 84% will reveal your IP address, 82% of them will try to access sensitive data, 75% will use third-party tracking and 18% will not even encrypt the data, leaving you completely exposed.

VPN can be used on desktop and mobile devices, including laptops, phones and tablets, so be careful when downloading the VPN app to your mobile device.

Wi-Fi Protector VPN was directly identified in a scientific paper for injecting JavaScript code into iframes used for advertising and tracking purposes, as well as in its own app, Archie VPN, which was listed as one of the malware – infected Android VPN apps.

3. Use a quality VPN

Quality VPN providers (check latest list of quality VPNs here) are highly recommended when it comes to VPN providers.

They not only provide VPN for desktop computers, but also for tablets and smartphones, ensuring all your devices are protected against malicious eavesdropping. These quality VPN providers have built their businesses on their reputations in providing a VPN service that not only protects your identity but doesn’t steal anything from you.

Malware Protection

Some quality VPNs have malware protection as a preventive measure to prevent malicious programs from reaching your device. The best VPNs offer built-in malware protection, such as the CyberSec protection feature of NordVPN, one of the highest rated VPNs.

It’s still highly advisable to keep an updated antivirus program on your computer, mobile phone, tablet and other mobile devices just to make sure you are fully protected.


It’s best to always make sure your firewall is up and running, as a firewall in combination with an updated antivirus and a VPN gives you the best possible protection against malware and other threats to your computer, mobile phone, tablet or other mobile device.

Firewalls stop any attempts to hack into devices, where hackers can then install malicious software to monitor people’s activities. Able to see all the information they enter into the payment forms of websites and capture the credit card information.

4. Avoid TOR

My biggest beef with Tor is it’s decentralized nature, meaning that anybody can get their hands on Tor and operate nodes on it. This has serious implications as they are then able to collect traffic running through the Tor nodes and also determine your IP address.

Worst still, there is potential to spread malware and viruses[3], as was the case in 2014, when a Russian hacker was able to alter a Tor node. This allowed them to ensure everything downloaded by the Tor users would be wrapped in malware and viruses.

Malware including key loggers and spying software could then easily be used on the user’s computer to steal their credit card info. As these will be looking for website forms where information like credit card is entered and it’s easy for this malware to be able to detect this, as the fields in the payment site forms are normally labelled with easy to identify names, ‘credit card number’, ‘expiry date’ and ‘CVC code’.

Armed with these credit card details, along with the name and postal code of the user, there’s enough information to be able to use the credit card and steal your money.

5. Avoid Plug-in VPNs

Web browser plug-in VPNs can be a problem, especially if they have been maliciously designed to steal credit card info. As they are installed into the web browser, they can end up being given rights to see what you’re seeing as you browse the internet.

So, if you go and visit a payment page, they will be able to see this and slurp the credit card info entered, sending it off to a pre-configured destination.

Some quality VPNs do offer plug-in VPNs, but I avoid these and use the smartphone, tablet or desktop computer versions of the VPN software. I want to be able to encrypt all the traffic leaving my device using the VPN and the web browser plugin VPNs don’t do this as they are only capable of encrypting the web traffic sent from your web browser.

6. Remember to still use HTTPS connections

Connecting to websites using a secure connection (HTTPS) has become the norm these days, as this provides end to end encryption. Doing so over a VPN is still highly recommended, as the VPN only itself provides encryption from your computer to it’s VPN server.

Beyond which, the connection will be based on whether it’s a secure HTTPS connection or whether it’s a clear HTTP connection, that’s has no encryption.

Always check the security of the payment page you are using to see if it’s encrypted (uses HTTPS rather than HTTP). Otherwise you’ll leave yourself open to credit card info theft.

7. Avoid Fake Credit Card stealing public Wi-Fi hotspots

When connecting to public Wi-Fi hotspots like those in coffee shops, take extra care to ensure you’re connecting to a legitimate Wi-Fi hotspot and not one set up by a hacker to delude you into accidentally installing malware or visiting a malicious website.

These fake Wi-Fi hotspots could inadvertently install malware which could be used to steal credit card numbers as you type them into real websites.

I’ve read about some of these fake Wi-Fi hotspots redirecting users to fake login pages that look like genuine websites but are just set up to steal information like login details to Facebook for example. Once armed with this information, the hackers can log into Facebook and steal personally identifiable information.

8. Avoid VPNs with Fake DNS

Some malicious VPNs can set up their own fake websites, so when someone connects make a payment, the VPN’s fake DNS server sends them to a fake website. Which for all intents and purposes looks like the real payment website but isn’t. The fake website only has one purpose, to capture the credit card information entered.

Some payment sites may not have the levels of security other sites have, so it may be possible to use an inline frame (iframe) attack, whereby certain aspects of the payment site appears with other parts like the where the credit card information is entered being substituted from another website. Making the website look like the real deal when in facts it’s actually a really good lookalike that steals your information.


VPNs do have the power to steal credit card data especially if their applications are built with malicious tools to do the stealing. But on the whole, a quality VPN from a reputable supplier will provide protection against any theft as it’s not in their business model to steal data.

To protect your identity when shopping online, make sure you shop on private Wi-Fi networks, take as many steps as possible and use credit cards instead of direct debits. By encrypting your traffic and forwarding it to a remote server, a VPN establishes a private connection to the Internet that keeps your data secure even when you are in the public Wi-Fi network.


Recent Posts