The reason I'm using public key encryption is unavoidable. I want the order processing script to enter the card numbers into a database, but I don't want a useful decryption key (which would be the case in symmetrical encryption) stored in the script in case it is compromised. In fact, I don't want a useful decryption key stored anywhere on the server. With assymetric encryption, I can still allow the script to encrypt information before it is entered into the database, but give the hacker no useful information if it is compromised. In this way, the decryption key is stored somewhere physically (i.e. in my brain) and is out of the reach of hackers.
