Is there a reason why you can't process your CC payments in real time so that the card is validated and payment collected immediately while the customer is still present? That will cut down on the amount of orders that have to be cancelled because a fake/bad credit card was used or billing address wasn't supplied reliably. Doing it later in your ERP system just means you're forcing someone in your accounting dept to have to manually submit the payment request ... which is a waste if the work had been automated while the customer was online.
Also, does your ERP system have a web-facing access point that could be used to receive new-order transmissions? Or are you only able to pull data into the ERP system by reading the raw database data?
You could probably write a secure-enough encryption tool (complete with Certificates installed on your server for that purpose, etc) to encrypt the sensitive data before storing it and having your ERP system retrieve it and delete it. (But unless that crypto part is rock-solid, you'll still fail PA-DSS / PCI compliance.) Or, you could POST the data to the ERP's web-facing UI and have it receive the CC and other order details as part of the code that runs while the order is getting saved.
But ...
Keep in mind ... for almost all transactions, you'll never need the FULL credit card number again anyway ... Even doing refunds/voids only require partial numbers along with a transaction number. So, if you have a live gateway doing the processing in real time, you won't need any more data than you already have stored in the database.
... which takes us back to stevesh's point.



