- I'd strongly encourage not to store credit card details in our own servers unless we really really need.
- Instead, use payment gateway's vault option to create and store credit cards and to use them with API calls
- If it's really necessary to store it in own servers
- Use SSL and HSTS for transport, which ensures the server interacts with client securely
- Encryption, server should provide strong encryption mechanism like AES-256 for encrypting and storing card numbers, and a way to securely store decription keys