in reply to
Storing credit card numbers temporarily (OT)
Depends. If you do your credit card processing offline (like my parents' mail order business), the numbers will have to be stored temporarily anyway. Storing them encrypted with an expiration timestamp should be sufficient, since anyone with access to your hosting account will also be able to edit your ordering system to redirect the credit card numbers elsewhere.
If on the other hand your credit card processing is done in real time, just pass the number encrypted in a hidden form field. Part of the key will stay the same and not be passed, and part will be randomly generated and passed in a hidden form field, perhaps encrypted as well. This prevents someone on the user end from easily decrypting the credit card number, and also prevents someone on the outside from somehow cracking one number and then using the same key to crack every other number.