Currently my company gets credit card transactions through verisign (we pass the info on to verisign and they take the credit card and do the rest). However, we are thinking about switching to taking credit cards ourselves. I'm a little nervous as the programmer to take credit card numbers and store them in our database. I have SSL enabled on my website and understand that should make passing the credit card to us very secure. Is that all I need to do when capturing that information or is there some additional encryption I need to use? Also, how should I store the credit cards, just in my database or is there a certain method I should follow to make sure John Q Hacker cant just log into my system and have a field day with cards? Any and all feedback is greatly apprechiated.

Thanks