Card details are only required if applying for membership or it making a donation, we will never ask for these details any other time.
All Card fields are encrypted and payment information is not stored on Salesforce, it is stored via tokenisation on the Payment Gateway (Windcave). The token is used for recurring payments.
Both Salesforce and Windcave (Payment Express) are PCI compliant:
The payment form is securely hosted by Salesforce.com. Salesforce is PCI Level 1 compliant. Click Salesforce PCI Attestation of Compliance to view details or see trust.salesforce.com for more details about other related security certificates and security measures taken.