I have a customer who will be using offline credit card processing, so we use the “Credit Card (saved)” payment option to save the CC information to the database. Technically this information should not remain stored anywhere once it is no longer needed. I can imagine a site getting hacked four years down the road and having years worth of credit card numbers.... not good. PCI compliance (and good general practice) require this.
What I want to know is if there is any way to easily clear this data perhaps some time period after the order is marked as Complete or something, or if there might even be a way to do this in Magento by using another configuration method (that doesn’t involve an online gateway).
I imagine it could be cleared with a mysql query on the relevant fields and a cron job, but this could potentially wreck an install on later upgrades, so I wanted to avoid it. Any ideas?