By default, the software does not store customer credit card information. Storing credit card information is almost never required when using a live payment gateway, and we STRONGLY recommend against storing card information. The only time this information should need to be saved is if store administrators are processing payment through a manual terminal, or when using recurring products (gateway recurring billing with Authorize.Net and PayPal will remove the need for this).
If you decide to save credit card information, set the StoreCCInDB Setting to true.
Credit card information will only appear to admin accounts that have Can View Credit Card #s: checked. You can check this by looking up the admin account under Contacts > View/Edit Contacts. Be mindful of what administrators you allow this option.
PCI PA-DSS requirements state that customers must be able to decline to store their credit card information. In accordance with that rule, if StoreCCInDB is set to Yes, the customer account page will show a Save My Credit Card Info checkbox. If customers uncheck that box and update their account information, their credit card number will not be stored. This is also true of current and future orders.
If you elect to store credit card information in your database (and please note - we never, under any circumstances, store the security code from a credit card) it is critically important that you should run 'Database Maintenance' at least bi-weekly.