Credit card information should be kept in a physical secure location separate from your other servers with armed guards in front of it (I am not kidding)...

I won't tell you exactly how we implement our schemes but to get to Amazon customer credit cards you will need a small army of Marines. Although recently we have been discussing to place physical and electronic booby-traps such that the servers will self-destruct when compromised, to deal with such full physically attack ...

Amazon's CTO Werner Vogels in his blog entry You Guard it With Your Life.

It is good to see that Amazon takes security seriously!