lukesc - 6:28 pm on Jul 3, 2009 (gmt 0)
PCI guidelines are well documented. You can store the whole credit card number as long as it is encrypted, firewall protected, etc... The CVV2 must never be stored at all, but last I checked it was only for verification, thus optional. The CVV2 just ensures that the person making the transaction has the card in hand. You can process transactions without it manually.