Storing credit card numbers is completely legal and widely used by businesses, if you've ever been to Wal-Mart in the past 10 years then they have your credit card number on file. It's not a matter of whether or not the business is 'legally secure' there is no such thing other then the actually transmission of the transaction which does have requirements involving the encryption. If you trust a company and/or it's website enough to give them your credit card number then that's up to you. Different countries require different auditing measures when it comes to transaction record keeping, probably even different states but I don't know on that one.