In addition to all of the advice given above, let me implore you to look into local security if you plan on storing your users' credit card numbers locally, such as in a database.

There have been multiple other discussions here covering this topic.

It's not enough to just store them unencrypted -- as a matter of fact, down that road lies doom for you and/or your company.

Of course, you don't necessarily mention the need to store them on your system. If that's the case, then so much the better...But also make sure that they don't show up in any kind of server logs, etc.