We do this all the time where I work. We use Crypt::OpenPGP to do the encryption server-side, then setup each person who needs to process a credit card with GnuPG (using a Win32 frontend called WinPT) and their own key for their e-mail address. You'll need to walk them through the key generation and how to do the decryption (just send a test order). Then give them a little lecture about how to keep the encryption keys secure.
----
send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.