Unless you have a lot of experience in this area, and resources/$$ to spend on infrastructure, I wouldn't recommend "storing" credit card info, period.
To just process credit cards you need a merchant account plus an account with an authorization gateway (e.g. Authorize.Net). That's not too hard to set up. The Authorize.Net API is well documented, at least; can't speak to other providers.
HTH,
Thanks for everyone's help. This software is unique in that I have to accommodate return business, because most of our business will be return business. I don't want to make the customer enter their CC info every time they checkout. Amazon, target, etc store credit cards.
Our company has a cabinet in a data center with 5 servers, so I have the infrastructure. I was just trying to figure out why all of it needed to be separated out into another app. To me, if someone compromises our server they can figure out a way to get the CC info. Separating it out is just another hurdle to jump, but doesn't really stop them. I feel like I am just setting up a lot of hurdles but nothing is really fool proof.
Thanks for everyone's help. This software is unique in that I have to accommodate return business, because most of our business will be return business.
Uh, hardly unique. And you don't necessarily have to store card data to handle return business. One example:
<http://www.authorize.net/solutions/merchantsolutions/merchantservices/cim/>
Amazon, target, etc store credit cards.
And if so they've spent lots of bucks, to make sure their systems are as secure as possible (and meet the card-issuing companies' very stringent requirements -- which you'd better be aware of before heading down this road!).
Our company has a cabinet in a data center with 5 servers, so I have the infrastructure.
I was talking about full-time security people, multiple firewalls, etc.;
"5 servers in a data center" ain't it. 
Good luck, though. Hope not to see you in the headlines
Use Authorize.net CIM to store the card info and get back a token you can use for future billing. Use the ActiveMerchant library to talk to the gateway. You don’t need a separate app.
Ditto everything Hassan says, particularly the "5 servers" and "headlines" part.
You may also want to take a look at Active Merchant - http://www.activemerchant.org/ - a Rails plug-in (also gem) for dealing with credit cards and payment processors and shipping. There's even a Peepcode tutorial - http://peepcode.com/products/activemerchant-pdf
-- Bosco
Ben, You may want to look at the ActiveMerchant PDF published by PeepCode. I found it to be the best and most detailed discussion of credit card payment handling.
Hope this helps. Bharat
Ben,
Go with Hassan's and Benjamin's suggestions. I work at the credit card industry and liabilities are just too high to risk...
Cheers, Sazima