We presently store credit card information in Class for future transactions, etc. However, we were recently informed that we may not need to do this -- that the clearing house can store this information instead: that by referencing a transaction ID, a future transaction or refund could occur.
Is this true?
This would reduce vulnerability as well as reduce PCI compliance level.
Thoughts?