Hi there,
I've been doing some housekeeping and noticed that recently implemented new features meet the requirements of this request!

WHMCS has always had the option to delete stored card data when it expires: https://docs.whmcs.com/Automation_Settings#CC_Expiry_Notices_Date

The Data Retention Policy Automation features added in v.7.5 can automatically delete client data (including credit card number) after a user-defined period of inactivity: https://docs.whmcs.com/Data_Retention_Policy_Automation