We are a wholesale distributor struggling to solve this issue: We have customers who tell us to charge their orders to their credit card and expect us to have their credit card numbers on file for this purpose. We obviously want to be PCI compliant, so keeping the numbers in a passworded spreadsheet on our server is probably not a legitimate option. We don't really need the ability to have customers enter their credit cards via a web site or anything. In fact, we are still charging the cards via a dialup card terminal. We just need to be able to securelty keep the card numbers and names somehow.