When a member successfully pays on the website it will save a token that can be reused as that method. So it’s a little different (and more secure) than just entering a card number that the database saves to be used later. So security wise that token if it were exposed somehow does absolutely nothing for a hacker . The token itself can only be used to make a payment to your club.
But those tokens are generated after a payment (not before) . So if someone needs to remove one, they should do that, then make a new payment to save the next one.
