Most of the major sites do store cards information and they go through the annoying PCI DSS compliance to be allowed to do just that.