Salesforce B2C Commerce 24.7 > B2C Commerce Security Guide > Security Best Practices for Administrators > Secure Storage

Credit Card Encryption

Credit card encryption, key generation, and re-encryption is automatic in B2C Commerce. B2C Commerce provides the ability to monitor this process for merchants undergoing a PCI audit.

Payment instruments, such as debit and credit cards, are not removed from B2C Commerce but are masked after a data retention period that you can configure. The default retention period is 12 months. While B2C Commerce masks credit card payment instrument types based on credit card validity, it masks payment instruments of other types after the data retention period expires. It masks payment instruments assigned to orders after the data retention period expires.

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.