in reply to A question of security
One thing jumps out at me from your description. I'd be wary of storing the credit card information in the database, even temporarily and even encrypted. You haven't said who can see that database, but some of your comments sound like some people can, and that the number is growing.
I'd suggest you get some in-house review of this if you can. We can comment more if you publish the code here, but you should show it to people with some responsibility to your company, too.