There two ideas as to credit card info encryption.
1. Using ECB block mode (as mode of MySQL AES_Encrypt() / AES_Decrypt()) for credit card number encryption is not good idea . See
http://bugs.mysql.com/bug.php?id=16714 and
http://bugs.mysql.com/bug.php?id=16890 for more details. Literature proposes CBC block mode as more secure instead. It can be applied client-side (PHP, MS Access, C, ...) - GPL or BSD-licensed libraries are acceptible into the Net.
2. Encryption_password can be stored encrypted by user password for any user who need it. When user logon, Encryption_password is decrypted by user-logon-password and stored into the RAM. Encryption_password when stored into the memory can be additionally encrypted by session_password for current session (this is protection from Windows swap-file problem). Last case we get "nested" decryption: key for data decryption previously decrypted by session_password.
Protected connection to the server (SSL, SSH) is default thing.
I think, this schema is enough secure.