Storing credit card info just helps make you a bigger target. If your a small company, better let someone else store card info, let them be the target.

Also you're fined by the credit card companies if you lose card information. I believe it's a per card fine, so it get expensive really quickly.

Actually I don't get why any company would choose to store credit card information, when most payment providers will do it for you.

Stripe is amazing... I trust them, someone hacks me, awesome, you got password hashes and stripe customer keys, all worthless.

Not exactly worthless, depending on the hack someone could still charge an awful lot to your customers and make you have a bad day.

But yes, significantly better than other situations.

True, but I'd rather fix the problem that got them in, force reset of passwords, and delete all customer keys and require them to create new ones than be like "uhhhh, our data was hacked and your credit card is safely encrypted... But we had the encryption key on the server too, oops"

But you still might need to consider data residency issues and making your customers aware of where their data is being stored.