It surprises me how often I see people posting questions about what type of encryption to implement for credit card data. If you are processing credit cards yourself, and storing the data, you need to comply with the PIC regulations that exist. Here's a good place to get started: https://www.pcisecuritystandards.org/.
Actually the place you need to start is with your bank or processing company. They should be able to guide you in what requirements need to be met for safe data storage.
However if you're running some service and perhaps trying to store a credit card for a customer to make it easy to charge them over and over, that doesn't mean you don't need to comply. You are holding financial information about a customer and if something happens to the data, you're at fault. Your company could be liable, and possibly even you personally if you make the recommendation to build something yourself.
Good security isn't magical, and it isn't secret. It involves you using well known algorithms, protecting the keys, and following best practices. There are some great encryption technologies in SQL Server 2005/SQL Server 2008, but don't just implement them without learning a few things about what best practices are and how these technologies work.
