Obviously, by default we would be discussing US restrictions.
Having said that, don't post rumors that you may have read on forums as fact. People that don't know will read it and think it's true as you do.
I can find quite a few conversations which state (quite correctly) that it is illegal to store CVS (the 3 security digits) but clearly not credit card info. E-commerce would grind to a halt if what you claim is true.
...which one would take to mean that you saw people on message boards or forums stating that storing credit card information is fine. You also specifically state that the e-commerce industry would grind to a halt if this weren't so.
Most online vendors use gateways. The information is never stored on their server. The client's computer makes a secure connection with the payment gateway, and it's sent directly.
Some people do store credit card information and don't do it legally. They then possibly post on a forum that this is fine to do. It's not.
Amazon, etc hold credit card information and are PCI compliant. Amazon does not hold your data permanently, you must authorize them to do so.
Having said that, there are e-commerce/shopping cart systems out there which will capture credit card information and store it in your database. If you use one of these, and the data encrypted, isn't securely transmitted to your database, which is encrypted and secure to certain standards, and the securely shown to you when you need to view it, you are allowing the possibility for someone to steal that information.
There are so many ways for this data to be vulnerable. Obviously, the data needs to be submitted through an SSL connection. But what about when it's in the database? Is the information first encrypted? What about the database itself? Is the database secure? Is this on a shared server? What about the sys admins for the server? Linux recently had a vulnerability that allowed users with SSH access the ability to become root (admin) on the server. What about retrieving the information? Is the data securely sent back to your screen?
You may not feel that you should have any issues with storing credit card data, and I can't speak for the UK, but American Express, Visa U.S.A., MasterCard International, Discover, JCB, and Diners Club, the United States federal government, mosts state governments, and many countries don't agree with you and certainly require that you comply with the Payment Card Industry standards.
In fact, many gateways, such as Paypal, require you to be PCI compliant if you store the data temporarily before sending it to them.
So, before saying things like, "e-commerce would grind to a halt" and "you're lost and confused," please follow my and Boober's advice and do your homework (not on other forums). PCI standards are readily available to vendors and consumers, and thank Hammurabi that relevant laws are as well.