Is it safe to store credit cards in CiviCRM?
CiviCRM does not store credit card information even when you are using CiviContribute to accept online donations. We generally recommend against storing credit cards unless you are taking appropriate security precautions.
At no time does CiviCRM store the credit card number, if you are using CiviContribute for online donations. A credit card is only entered by the user if you use a payment processor (i.e. PayPal Website Payments Pro) that requires it. The Paypal Express processor option does not require the user to enter a credit card. The credit card is entered by the user, CiviContribute passes it to the payment processor (PayPal) and records the donation as a contribution without the credit card number. The only part of CiviCRM a credit card number field is used in is the online contribution page.