I did an mortgage site that swiped the card off line as fees would be outrageous online.
For this kind of operation, I wouldn't store credit card numbers. It's (I think) not like people drop in once or twice a week to get a new drum?
You would have to use ssl to cover cc's in transit from them to you. For the email side of things, your host probably already has PGP or some other encryption mechanism in place. You'll need to generate sender and recipient keys, distibute the recipient key to the people who get copies, perhaps set up separate email accounts for them on their client email program, and encrypt the message using the sender/server key.
You may also want to look at encrypting as much of the header as you can. It can be difficult with some email servers and anti-spam measures. To be VERY secure, you can encrypt the email for storage on the mail server and have the client access via a VPN but that'll cost more $ and most shared hosts don't support VPN's.
Your exposure here is an inside job by one of the hosting company employees. Of course that applys to storing CC's on a db as well. If they have access to your mail/db server and access to your code, they can pinch the encryption keys and apply them.