So we converted our website from an internally created site to a Magento Cloud environment. In the process, we had to change how we handle credit cards.
We used to redirect the user to the payment processor's site to complete the payment then come back to our site for the final receipt.
Now we have to handle the credit cards on the site because the developers could not get that redirection working with our current payment processor. We still do not store anything other than the token.
Since we are in the Magento Cloud and we have no admin rights to the code for the cart. Isn't that essentially a third party handling the payment process for us?