Don't Encrypt, Don't Store

If you go with a credit card processor like Verisign or Authorize.Net, you can just reference a previous authorization and tell them to re-bill the customer.

The process works like this:

1. Collect payment information.
2. Authorize the payment through your gateway (Verisign, Authorize.net, etc).
3. Get your authorization number.
4. Store the authorization number.
5. (Time passes, then it's time to re-bill)
6. "Hey credit card company - charge the customer referenced by authorization # XYZ in the amount of $Y.YY"