We notice you are visiting from a U.S. Internet provider. 
08/10/2009 -
Although discouraged by the Payment Card Industry Data Security Standard (PCI DSS) and card brands alike, the practice of storing cardholder information for purposes other than payment processing is not explicitly banned, and many retailers continue to disregard the security risk and do so anyway.In a survey of its readers - the caveat being that the sample size was self-selecting and the survey was unmonitored - StorefrontBacktalk.com reported that 28 percent of respondents "currently use payment card data for anything other than payment processing, such as for CRM or other customer identification purposes."
An additional 14 percent of respondents said they do not currently do so but have in the past, while 48 percent said that they do not do so and never have.
Based on some of the write-in responses, the website concluded that many retailers take measures to encrypt the cardholder information they retain, with strategies such as tokenization.
Although this practice can be valuable for customer loyalty and relationship management purposes, it is risky, and increases the vulnerability of a business to a high-impact security breach.
