If you are a small business the best practice today is to not store CC information at all. Instead use a payment gateway that is certificated, regulated and secure.
If this is not an option, CC information should be stored encrypted. This means that hacking into your application, web server or database without knowing your private key will not compromise any card data.
You should make sure that on it’s path to the DB, the CC numbers leave no traces in logs or any other persistent storage.
This, of course, is in very high level. There is a lot around how to setup the DB encryption, how to manage the keys, how to tighten access control and so on. Those are the basics though.
As for the architecture, I would setup two completely separate environments. One is the application that uses a one-way function to encrypt CC data on the way in.
The second system, will pull the CC data from the database, decrypt the numbers and bill customers. This system should be an internal system that cannot be accessed from the outside. It is the only system that has access to the private key and it pulls data from the database (no data is pushed to it). It has to be very secure from all perspectives (network, access controls, passwords, etc.).
Not sure what you mean in:
“How can I perform auto billing?”
Definitely,I am not interested to store the credit cards.
But by Auto billing, I want to devise a system that charges automatically, the some amount to the customer’s card. The bills are collected for a month. And it notifies the customer and charge their cards immediately. The payments are likely to vary according to the services that customer uses. Reasons are like, change in the price plans or membership types.
But the customer does not have to enter the details again.
Credit card information is not allowed to be stored on servers connected to the internet. What you would need is for your payment processor provider to provide you with a hashed token value for each credit card number you give them that you store with the customers other info. You then pass them the token during the autobilling and let them match it back to the credit card details on their secure server.
You need to get the payment gateway provider to generate the hash for you - otherwise they will have no way to use it to extract the credit card details.