Acquisition of Primary Account Number (PAN) and other sensitive information
is retrieved through a service separate from the order. This conceptual
separation facilitates the physical separation of this sensitive data from
the order. As a result, implementors may host sensitive user account
information in a datastore separate from the datastore housing the order.
This measure goes towards achieving a PCI compliant architecture.