My recommendation is always to have the application handle encryption and decryption. If you use encryption builtin to SQL Server it makes it easier for people with access to the database to decrypt it.
I'd also be interesting in knowing why you are storing Credit Card information instead of using a service (there are few out there) to handle credit card transactions so you don't have to store that information.
+1000 to that. It also means that the transmission between the database and the GUI will also be encrypted to help seriously reduce any line sniffers.