I'm using paypal direct and see that "maskedcreditcardnumber" has data in it. I'm assuming that's the users credit card number. Does this data need to be stored? What type of data is it? Is it a one way hash or is it encrypted data that can be stolen?
Am I storing customer credit card info that can be stolen and used in the db when using paypal direct?