What are some best practices for handling sensitive information?

Question

I'm currently creating an application for a customer that will allow them to automatically bill their customers credit cards.

I'm curious as to what are some best practices to safely store and access the credit card information, and for that matter, any other sensitive information, like social security numbers, account numbers and so on.

I'm assuming encryption of some type will be employed, but before I dig in too deep I wanted to see how others are handling these types of requirements.

Not that it matters, but we are designing the software using Microsoft SQL Server for the database, and using C# and ASP.NET.

Answer 1

Read the PCI requirements. Everything will be there.

Actually, you must follow them.