If they got the dll file any they knew anything about .net framework it would not take them long (if any time) to get the key and from there the credit card information.

--------------

Then i would suggest using pubic key encryption:

The asp.net application would know only the public key to store the credit card information in the database. this way even if your web application is compromised, all they can do is add/edit information.

But this has a drawback. Orders that are automatcially processed would have to be processed by another application that knows the private key. This application would need access to the sql transaction rescords (this could work via internet or internal network).

You would also now need an application to allow your manual data entery ppl to get the credit card information (this may have security issues).

If you are hosting this application yourself i would take extra caution to make sure that it is impossible(or nearly) for them to backtrack to the applications that know the private key.