What credit card information am I allowed to store while still being PCI compliant if I am relying on braintree for payment processing?
The reason I am asking is because, as a simple optimization, if a customer has already bought something from my store with a credit card, I can show them the last 4 digits of their credit card, and the card type, without having to make an API call to BrainTree. I'd have to make the call if they wanted to change the card or make a purchase, but for that one page, I wouldn't.
Question is, am I allowed to store:
- the last 4 digits of the credit card
- and the card type
- and possible the cardholder name
Or where is there a list of PCI compliance "do's and don'ts" I can check out?