This does make the assumption that the Credit Card number is unencrypted (If stored in the Database) and as the PCI/DSS regulations strictly forbids this, I would be very careful about the use of using any form of un-encrypted credit cards. This will cause you major headaches with PCI DSS - also in practice Credit Card encryption has to be performed to the Payment Card Industry standard (so you can't generally use your own encryption methods)

Reference: Requirements 3 and 4 of the PCI DSS version 1.2

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

The Standards document as a PDF: https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf