This, you don't even need to be PCI compliant to store the last 4 digits and the expiration date. This way you can show this info to the user and email the user before the card expires (in case of recurring payments).
If you work with external payment gateways sometimes you are provided with this information even if the card processing is done directly on the processor page (you only have access to limited information about the card and the transaction)
If you work with external payment gateways sometimes you are provided with this information even if the card processing is done directly on the processor page (you only have access to limited information about the card and the transaction)