As long as it's highly encrypted (never plain text) and secure, and only accessed via HTTPS it's not a big deal but you're better off letting your payment gateway deal with the transaction and you just store whether it was ACCEPTED or DECLINED.
My payment processing company has an admin control panel and/or API where you can do this using the authorization or transaction number only. They are audited verified to be secure and they hold the CC #s so I don't have to worry about it.
The safest way of decrypting the orders is to download them and decrypt them locally as hackers that get into ecommerce servers install (if possible) little scripts that email your decryption password and then they come back and decrypt them all.
Seen it happen muliple times on servers that weren't maintained well, cheap web hosting and not my sites, it's not pretty, which is why I *DO NOT* recommend storing or decrypting credit cards on a server whatsoever as it's just a carrot being dangled taunting the hacker to try until they get the loot.
If you must store CCs on the server purge them the minute the transaction is completed on a daily basis which greatly limits your exposure to theft.
FWIW, think of ecommerce hackers more in the organized crime areas these days as it's low hanging low risk fruit if they can get it. They order a ton of merchandise from all sorts of places and have it shipped to all sorts of locations, then collect it and fence it on the black market.
P.S. Change your ecommerce encryption code and password regularly like once a week and keep an eye on the code in your server that decrypts passwords for a sudden date change.