But I'm beginning to hear a few disturbing tidbits of information that make me question where the credit card companies are coming from. Think about things from the enforcement side of the equation: The credit card issuers police the merchants for PCI violations and then have the option to levy fines for those violations. Storing full credit card data in an unencrypted format? That's a fine. I think most of you know the drill.