Alternative to storing CCs is to do reference transactions if your payment
gateway supports these types of transactions. This would be where you do a
authorization only on the card for a very small amount. If the return is
successful, subsequent charges to the credit card can be done just using the
authorization and/or transaction #, usually up to the expiration of the CC on
the original charge. Alot of vendors, even ones that do subscription based
services are moving to this model. And at some point I would say the industry
will require this. PayFlowPro supports this.

Other than that I would recommend Triple DES since this would be 2 way
encryption, then use some sort of salting to make it a bit harder to decrypt if
someone gets the raw data. Something like encrypt CC+secret key, then
encrypted value+secret key 2, encrypt+order total. Keep the 2 keys in
different locations.

Keep the keys, salting scheme and data in different, minimize the access level
to the bare minimum. Also don't keep code and the encrypted data on the same
server, and they should if possible be firewalled off from each other with
minimum access.

I would agree with Byron that you really should look for other ways to do this.
You should be sure to review the PCI Compliance regulations for storing card
data....what is required is very extensive and requires more than most small
merchants can afford to do. For instance, you can't just use CF
encryption....the encryption key itself needs to be encrypted (key encryption
key) and that has to be saved somewhere apart from the web server (typically a
separate appliance is used). The security policies that must be in place and
the hardware needed to fulfill PCI compliance at this level is quite extensive.
Be really careful about doing this kind of thing in terms of protecting your
own interests as well, because you don't want to get stuck with a lawsuit when
the merchant gets fined by their bank for failing to comply. Should there be a
breach and card data stolen, fines can be quite hefty.