I would look at what your credit card processing system offers as well. I am not an expert in this area, but I know that some (Sage Payments for one) offers a Secure vault. What that allows you to do is to store the credit card information on the payments gateway securely and then obtain a GUID that references that. So, someone would have to get the GUID as well as your Payments Gateway logon to do any damage. This is great if you have staff. It allows them to process the payments information without actually ever seeing the credit card details.
Your credit card processing system may actually offer similar features.
Of course, if you are doing manual credit card processing, you can create the fields, but I would not just look at ACT! Security (make sure you have strong password etc) but also at physical security of your computer.
Last disclaimer, I lived most of my life overseas, so I am not familiar with the USA laws around this. Some countries and states have laws about what you are allowed to store and not store.