It is very hard for a individual business to retain credit card numbers with strict PCI compliance on their own.
We use Moneris as our credit card clearing service - and they provide a subscription service that is complaint. (They call it their 'vault'). I imagine that other card processing services also offer something similar.
Essentially this service allows you to store and charge to CC numbers without being able to fully see them. So no chance of external theft or internal misuse.