Bascially, you need to use a reversable encryption alogarithm to store your CC data. I would strongly recommend using some form of public key encryption (this is the type of encryption used by PGP).
The main benefit of this is that it can be an extremely strong form of reversable encryption. Also, due to it's nature, it can be very secure. You use a 'public' key to encrypt the data and a seperate 'private' key to decrypt the data. Each key can only be used for it's specific funtion. Which brings us to the second main benefit: If you only keep the public key on your DB server, then even if your DB server is compromised, the CC data will still be secure. This is because the public key is useless for decrypting the data. By keeping the private key secure on the server you ftp the data to, then only that server will be able to decrypt the info.
The other common types of reversable encryption generally depend on a secret password that both parties know (ie, the DB server and the FTP server). This type of encryption is far easier to break via a brute force attack, and if your DB server is hacked, all of the CC data can be quickly and easily decrypted.
Also to transfer the data, I would strongly advise that you not use FTP. It is unsecure and a weak link in the chain. Secure Copy (scp) is a far more secure method of transfering the data. It encrypts all the data which is transferred across it with SSL encryption and can be set up to use key files instead of passwords (making it much harder to attack).
If you must store and transmit this info, then I would take the above recommendations as an absolute minimum. You should definately spend a good deal of time understanding exactly how all of these pieces fit together, what each is used for, and the strengths and weakness of the alternatives. Also, it is equally important to tightly secure each of the servers you plan to use and any other machines on the same LAN as either server.
A better option, although it may not be possible, would be to avoid storing and transmitting CC data altogether. If that's not possible, then please take all due care and precaution to protect this data. While many Credit Card companies have some method of disputing false charges, it can be a very big problem for the unlucky victim. What's even worse is that with Debit Cards (bank draft cards tied to checking accounts), the victim simply loses all of the money in their checking account until they can prove their card was stolen and used without their knowledge and then they still have to wait to get reimbursed. Just imagine if all the money in your checking acct were to vanish the day before you sent your mortgage payment in. Then imagine having to wait a month to that money back...
Sorry to ramble, but please be careful.
