Does Authorize.Net store customer payment information?
For the purpose of risk management and to be able to process certain types of subsequent transactions (e.g., recurring billing, refunds), yes, Authorize.Net will store customer payment information in a highly secured database for a limited period of time. However, all sensitive or personally identifying customer information that is stored by Authorize.Net is masked in the Merchant Interface and in merchant reporting. In addition, in order to maintain compliance with several card association regulated security compliance programs, internal access to customer information is highly restricted. Once customer payment information has been stored for 120 days (from the date it was originally received), the Authorize.Net purges the full information and stores only masked information.
