For PCI compliance, you'll likely need to eliminate the entry of all CC information into the database. If you're on a live site (ie no longer debugging/testing) and do not have any other uses for CC information in the database/admin, make the following changes and your DB and admin will never see/get that information in the first place.

-----------------------------------

Only one file and four lines to modify.

catalog/checkout_process.php

1. Find

'cc_type' => $order->info['cc_type'],

change to:

'cc_type' => '',


2. Find (right below on unmodded osc)

'cc_owner' => $order->info['cc_owner'],

change to

'cc_owner' => '',


3. Find (right below on unmodded osc)

'cc_number' => $order->info['cc_number'],

change to

'cc_number' => '',


4. Find (right below on unmodded osc)

'cc_expires' => $order->info['cc_expires'],

change to

'cc_expires' => '',

----------------

That's it. This will ensure that your OSC system never sees the sensitive CC information. Authorize.net will still function properly.

Zip file attached contains .txt with this same information.

More...