Encrypting a credit card number for database storage in c#
I want to encrypt credit card numbers I get from web surfers for storage in my sql server with c# and asp.net.
Where should I store the key? How should the system access the key when it wants to decrypt a number from a return visitor? If the key is stored in the database or web.config wouldn't that make for a not so secure system?