While it complies with PCI standards, knowing first6+last4, plus contact information, you can be much more successful at phishing against the target.
First6 will give you ability to know the issuing bank of the card (so an email can be crafted to look like those banks emails). Plus last4 tends to be used by banks as a "hey, we know who you are!" when they send emails.
You might need them to reverse or refund the transaction with some payment gateways. Or if you are going to settle the funds at a time after authorization when shipping
