They can't store all of the card information to complete another transaction. That would violate the PCI code. They cannot store data that could be replicated by someone who hacked in to create a counterfeit card. You can keep some information for record-keeping and tax purposes and charge-back adjudication. You don't need all of the data that goes with the transaction, so they shouldn't be keeping anything that can be used to counterfeit a card.
On November 2nd, 2011. See this statement in context.