The API response includes 10 out of the 16 digits of the card number, the card brand, the expiration month and year. The only thing missing is the CVV and the remaining few digits.
Should I be concerned that this much information about the card is running through my server? I thought one of the benefits here was that I need not worry about risk and liability on my end, that Square would handle it all.
Is there a way I can tell the API not to return this information?