diff --git a/modules/payment/src/Access/PaymentMethodAccessCheck.php b/modules/payment/src/Access/PaymentMethodAccessCheck.php
index a585c465..1cd80fb4 100644
--- a/modules/payment/src/Access/PaymentMethodAccessCheck.php
+++ b/modules/payment/src/Access/PaymentMethodAccessCheck.php
@@ -29,6 +29,10 @@ class PaymentMethodAccessCheck {
    *   The access result.
    */
   public function checkAccess(RouteMatchInterface $route_match, AccountInterface $account) {
+    if ($account->isAnonymous()) {
+      // Anonymous users can't manage their payment methods.modules/payment/tests/src/Functional/PaymentMethodTest.php
+      return AccessResult::forbidden()->addCacheContexts(['user.roles:authenticated']);
+    }
     $result = AccessResult::allowedIfHasPermissions($account, [
       'administer commerce_payment_method',
     ]);
diff --git a/modules/payment/tests/src/Functional/PaymentMethodTest.php b/modules/payment/tests/src/Functional/PaymentMethodTest.php
index ac1f1ca3..a65d5b12 100644
--- a/modules/payment/tests/src/Functional/PaymentMethodTest.php
+++ b/modules/payment/tests/src/Functional/PaymentMethodTest.php
@@ -3,7 +3,9 @@
 namespace Drupal\Tests\commerce_payment\Functional;
 
 use Drupal\commerce_payment\Entity\PaymentMethod;
+use Drupal\Core\Session\AccountInterface;
 use Drupal\Tests\commerce\Functional\CommerceBrowserTestBase;
+use Drupal\user\Entity\Role;
 
 /**
  * Tests the payment method UI.
@@ -67,14 +69,26 @@ class PaymentMethodTest extends CommerceBrowserTestBase {
   }
 
   /**
-   * Tests accessing another user's payment method pages.
+   * Tests accessing the payment method pages.
    */
-  public function testDifferentUserAccess() {
+  public function testUserAccess() {
     $this->drupalGet('user/' . $this->adminUser->id() . '/payment-methods');
     $this->assertSession()->statusCodeEquals(403);
 
     $this->drupalGet('user/' . $this->adminUser->id() . '/payment-methods/add');
     $this->assertSession()->statusCodeEquals(403);
+
+    $this->drupalLogout();
+    // Ensure anonymous users don't have access to the manage payment methods
+    // page, even if the "manage own payment methods" permission was granted.
+    $role = Role::load(AccountInterface::ANONYMOUS_ROLE);
+    $role->grantPermission('manage own commerce_payment_method');
+    $role->trustData()->save();
+    $this->drupalGet('user/0/payment-methods');
+    $this->assertSession()->statusCodeEquals(403);
+
+    $this->drupalGet('user/0/payment-methods/add');
+    $this->assertSession()->statusCodeEquals(403);
   }
 
   /**