Sorry your browser is not supported!

Can an online company legally store my credit card info after a transaction without me explicitly agreeing they can save my info? To me, that sounds like a breach of PCI compliance, but I can't find a specific clause for this situation.

Not sure what you mean. Wouldn't they need to keep certain details in case you later queried the transaction?

What details are you referring to anyway?

Don't take this as even close to fact, but i believe they can store the card number just as a physical store can run and keep a carbon imprint if say their computers are down. Banks and card issuers actually give brick and mortar stores machines to take such imprints with. (I work with retail point of sale systems for brick and mortar stores)

The requirements to meet pci compliance are that the data must be secured to the degree specified in PCI laws and regulations. For an online company this would involve adequate encryption, firewall, network and server security etc.

Many companies will store only the last 4 digits, and * mask or drop the rest, even if it is adequately secured to further limit PCI compliance liability.

Whether they *should* be able to store it without consent is an entirely different conversation

They only query their server to show you the last 4, but the entire credit card number is in fact stored for future use. To show the entire number, they would have to send the whole number back across the internet to you, which would be a violation of PCI. (at least that's how I understand it) I was an ecommerce developer which is the only reason I've even heard of PCI before.

I've called them up before and had the information store erased, but next time I used my card they stored it again anyway.