Introduction
Managing how your store handles credit card information is a fundamental part of building a frictionless checkout and securing recurring revenue. When a customer can safely save their payment details, they are far more likely to return for future purchases because the barrier to transaction is significantly lower. Whether you are running a subscription model, managing B2B wholesale orders, or simply trying to speed up the journey for returning shoppers, understanding the "card on file" process is essential.
We developed HidePay to help merchants take this control even further by allowing you to customize which payment options appear based on specific customer data — you can install HidePay to start hiding, sorting, and renaming payment methods at checkout. By combining saved payment methods with smart checkout rules, you can ensure that the most reliable and cost-effective options are always front and center. This article explains exactly how to save, manage, and optimize customer credit card data within the Shopify ecosystem.
You will learn the technical differences between various stored payment methods, how to handle merchant-initiated transactions, and the best practices for maintaining security and compliance. Our goal is to provide you with a clear path to a more efficient, higher-converting checkout experience. For an overview of HidePay and why merchants use it, see our announcement post on the Nextools blog.
Understanding Card on File (COF) Transactions
A card on file transaction occurs when a customer grants a merchant permission to store their payment information for future use. This is common for recurring billing, but it also applies to one-click checkouts where the customer doesn't want to re-enter their sixteen-digit card number every time they buy.
There are two primary ways these transactions are triggered. The first is a Consumer-Initiated Transaction (CIT). This happens when the shopper is actively checking out and chooses to use a previously saved card. The second is a Merchant-Initiated Transaction (MIT). In this scenario, you bill the customer’s saved card without them being present, such as for a monthly subscription or an installment payment.
Both types rely on a secure agreement between your store and the customer. This agreement must be explicit. Customers need to know when they are being charged and for what amount. Clear communication at the point of saving the card prevents disputes and chargebacks later on.
How Customers Save Their Credit Cards on Shopify
Shopify provides several native ways for customers to save their payment information. It is important to note that as a merchant, you never actually "see" or "hold" the raw credit card data. Shopify uses tokenization to replace sensitive details with a secure digital identifier.
Shop Pay
Shop Pay is arguably the most common way customers save their cards across the Shopify ecosystem. When a customer enables Shop Pay, their shipping and billing information is saved on Shopify’s PCI-compliant servers. This data is then available not just on your store, but on any Shopify store that has Shop Pay enabled.
From a merchant perspective, you do not need to do anything to "save" the card. The customer manages their own Shop Pay account. When they return to your store, they receive a verification code via SMS, and their saved card is applied automatically. This process drastically reduces cart abandonment by eliminating the need for manual data entry.
Customer Accounts
If you use New Customer Accounts in your Shopify admin, customers can manage their stored payment methods directly from their profile. When a customer is logged in, they can see their saved cards and choose which one to use as their primary payment method.
To enable this, you must ensure your customer account settings are set to "New Customer Accounts" rather than the legacy version. This transition allows for a more modern interface where customers have more autonomy over their billing data.
Subscriptions and App Integrations
If you offer subscription products, the payment information is saved during the initial checkout. Shopify’s subscription API allows certified apps to store a "payment token" that can be charged on a recurring basis. This is a form of merchant-initiated transaction. Even in this case, the actual card details remain vaulted and secure within Shopify's infrastructure.
Oculte, ordene e renomeie os métodos de pagamento do Shopify usando condições poderosas. Personalize o seu checkout e controle as opções de pagamento com o HidePay.
Managing Stored Payment Methods in the Shopify Admin
There are times when a merchant needs to assist a customer with their saved payment methods. While you cannot see the full card number for security reasons, you can perform several management tasks from the Shopify admin.
Updating a Customer's Card
If a customer contacts you because their card has expired or they want to use a different one, you can initiate an update from the "Customers" section of your admin. After selecting the specific customer profile, you will find a "Payment methods" section.
In this section, you can:
- View the last four digits and the expiry date of the saved card.
- Send a secure link to the customer via email, allowing them to update their card details themselves.
- In some specific configurations (such as certain B2B setups), you may be able to replace the card details if the customer provides them, though sending the update link is always the more secure and recommended route.
Handling Merchant Billing Methods
It is worth distinguishing customer cards from your own billing methods. To manage the card Shopify uses to bill you for subscriptions and app fees, you go to Settings > Billing. Here, you can add multiple payment methods and designate one as a primary and another as a backup. This ensures your store remains active even if your primary card is declined for a temporary reason like a daily spending limit.
The Role of Tokenization and Security
Security is the primary reason why Shopify limits how much card data you can see. All Shopify stores are Level 1 PCI DSS compliant by default. This compliance is maintained through a process called tokenization.
When a customer enters their card, the data is sent directly to a secure vault. The vault returns a "token"—a string of characters that represents the card but contains no sensitive data. This token is what your store uses to process the transaction. If a hacker were to access your store's database, they would only find useless tokens, not actual credit card numbers.
To maintain this security:
- Never ask a customer to send their full credit card number via email or chat.
- Use the "Send update link" feature in the Shopify admin whenever a card needs to be changed.
- Ensure any third-party apps you use for subscriptions or payments are "Built for Shopify" or reputable partners.
B2B and Wholesale Scenarios
For B2B merchants, saving a customer's credit card is often a requirement for doing business. Many wholesale relationships involve "Net 30" terms or recurring bulk orders where the merchant initiates the charge after the goods have shipped.
In the Shopify B2B environment, payment information is often tied to a "Company" profile rather than an individual customer profile. This allows different employees of the same company to place orders while using the corporate card on file. Managing these cards requires specific permissions within the Shopify admin, ensuring that only authorized staff can trigger charges or update billing details.
If you are a B2B merchant, you can use rules to ensure that the "Card on File" option is only available to verified wholesale customers. This prevents retail customers from attempting to use payment terms that are not intended for them. For more on bundling payment and shipping controls for B2B flows, see the Nextools post about the HideSuite bundle.
Optimizing Checkout with Custom Rules
Once you have customers saving their credit cards, the next step is to optimize the checkout experience to favor those methods. This is where we see the most significant impact on conversion rates.
Sorting Payment Methods
When a customer has a saved card, you want that to be the easiest option to select. Using our tool, you can sort payment methods so that "Credit Card" or "Shop Pay" appears at the very top of the list. By pushing less efficient methods—like manual bank transfers or cash on delivery—further down the list, you guide the customer toward the fastest path to completion. See our guide on how to sort and rename payment methods in the checkout for step-by-step instructions.
Hiding Redundant Options
If a customer is part of a specific group (like a loyalty program or a B2B tier) where they always use a card on file, you might want to hide other payment methods entirely. For example, you can create a rule in our app to hide PayPal or digital wallets for customers tagged as "Wholesale." This cleans up the checkout interface and reduces decision fatigue. Our help article on how to create a payment customization walks through condition selection and activation.
Geography-Based Rules
Sometimes, the way a card is saved or processed depends on the customer's location. If you know that certain credit card types have high failure rates in specific countries, you can rename or hide those options for customers in those regions. Our app allows you to create these conditions based on the customer's shipping address, ensuring a localized and reliable experience. You can also hide payment methods based on cart currency or other geographic cart attributes using the documented cart-attribute workflow for HidePay.
Key Actions for Merchants
To effectively manage saved cards and improve your checkout flow, consider these steps:
- Switch to New Customer Accounts: This gives your customers a dedicated portal to manage their own saved cards and order history.
- Enable Shop Pay: It is the fastest way to allow customers to save cards across the entire Shopify platform.
- Audit Your Payment List: Look at your checkout and identify any payment methods that might be causing confusion for returning customers.
- Implement HidePay Rules: Use HidePay to sort, rename, and hide payment methods — see the app documentation to get started and follow our guided tutorials.
If you need support while configuring rules, our documentation hub has focused tutorials and troubleshooting guides, including how to retrieve the correct payment method from logs.
Handling Failed Stored Payments
Even with a card on file, transactions can fail. Common reasons include expired cards, insufficient funds, or bank-side blocks on large transactions.
When a merchant-initiated transaction fails, Shopify usually provides a reason code. If you are using a subscription app, the system will typically attempt a "resubmission" automatically after a few days. If the payment fails repeatedly, the most effective solution is to use the Shopify admin to send the customer a "Payment Method Update" email. This puts the responsibility on the customer to provide a valid card and ensures the security of the data remains intact.
For high-ticket items, we suggest sorting credit card options to the top and perhaps hiding "Buy Now, Pay Later" (BNPL) options for certain riskier segments to minimize the chance of long-term payment failures or chargebacks. See our fraud-prevention examples for using cart-total rules to hide risky payment methods.
Conclusion
Saving a customer's credit card is more than a technical convenience; it is a strategy for building long-term loyalty and reducing checkout friction. By leveraging Shopify's native tokenization and tools like Shop Pay, you can offer a world-class payment experience without the security risks of handling raw data.
Remember that the best checkout is one that feels personalized and efficient. Using HidePay to sort, rename, and hide payment methods ensures that your returning customers always see the most relevant options first. Take control of your checkout flow today — get HidePay for your store or consult our full documentation and support resources to configure rules that match your business.
FAQ
Can I see the full credit card number of my customers in Shopify?
No, for security and PCI compliance reasons, Shopify does not display full credit card numbers to merchants. You can only see the last four digits, the expiry date, and the card brand. This information is stored in a secure vault, and Shopify uses tokens to process transactions without exposing sensitive data.
How do I ask a customer to update their saved credit card?
The most secure way to update a card is to go to the customer's profile in your Shopify admin. In the "Payment methods" section, you can click a button to send an automated email to the customer. This email contains a secure link where the customer can enter their new card details themselves.
Does saving a credit card work for B2B customers?
Yes, Shopify supports saving credit cards for B2B customers, often at the company profile level. This allows authorized members of a business to check out using a corporate card on file. You can also set up specific payment terms, such as "Due on Receipt," which allows you to charge the saved card once the order is fulfilled.
What is the difference between Shop Pay and a saved card in a customer account?
Shop Pay is a platform-wide service that allows customers to save their details and use them at any participating Shopify store. A card saved in a customer account is specific to your store's ecosystem. Both use the same high level of security, but Shop Pay typically offers a faster, text-code-verified checkout experience.
Further reading and resources:
- HidePay documentation: "How to create a payment customization" and related tutorials in the Help Center.
- Guide on sorting and renaming payment methods in the checkout.
- Nextools blog: "Introducing HidePay for Shopify" and the HideSuite announcement for combined payment + shipping workflows.
- Nextools Support Center for troubleshooting and live help.