I don't know about what your process is - but all of the built-in encryption functions, even the ones in 2005, are wholely inadequate for storing Credit card info.

You're going to want to invest in some third-party encryption process for that (say - PGP, or some of the higher-end ones).

If your goal is to secure these numbers, then arguably your best bet is for the database to store the encrypted version, and not have any knowledge as to how to decrypt it. In other words - use an external API to decrypt the card numbers. The algorithms built-in are IMO not worthy or strong enough to store that kind of stuff.

Of course- if you're USING that actual info somewhere in the DB (shudder), then obviously this becomes not workable rather quickly....