Most merchants that need to store credit card data are doing it for recurring billing. The best way to store credit card data for recurring billing is by utilising a third party credit card vault and tokenisation provider.

By utilising a vault, the card data is removed from your possession and you are given back a ‘token’ that can be used for the purpose of recurring billing. By using a third party, you move the risk of storing card data to someone who specialises in doing that and has all of the security controls in place to keep the card data safe.

If you need to store the card data yourself, your bar for self-assessment is very high and you may need to have a QSA (Qualified Security Assessor) come onsite and perform an audit to ensure that you have all of the controls in place necessary to meet the PCI DSS specifications.