We use a "tokenisation" system called 1Click provided by the good people over at Wirecard to make credit card payments suck less.
This means that they keep your credit card on file. And that is one super secure file. We, on the other hand, only keep the data you can see on the checkout page: the name, part of your credit card number, and the expiry date: not nearly enough for us (or anyone else) to replicate your card.
By the by, this is in line with international standards.