My friend and I are developing a financial software, in turn connect it to a third party credit card company (which would be PCI compliant). As of today, we are not PCI compliant and we're not planning it. However, we want to save the four digits of PAN to help front line staff identity. So if we only have that, do we have to be PCI compliant? Thank you very much!