Comment Re:Couldn't have happened... (Score 1) 256
Usually the way this works with a company that spends the time to do it right is that the Payment Gateway/Processor will store the card in perpetuity and give you a token you can reauth against. Since the token itself is useless and can be revoked, it's vastly safer, barring any issues with the Gateway/Processor/Token (Heartland....)
It also means you are somewhat locked in to using that gateway.
If you are doing a lot of volume you will also probably want to use multiple gateways and process through whoever can give you the best rate at any point in time.