If you are a small business the best practice today is to not store CC information at all. Instead use a payment gateway that is certificated, regulated and secure.
If this is not an option, CC information should be stored encrypted. This means that hacking into your application, web server or database without knowing your private key will not compromise any card data.
You should make sure that on it's path to the DB, the CC numbers leave no traces in logs or any other persistent storage.
This, of course, is in very high level. There is a lot around how to setup the DB encryption, how to manage the keys, how to tighten access control and so on. Those are the basics though.
As for the architecture, I would setup two completely separate environments. One is the application that uses a one-way function to encrypt CC data on the way in.
The second system, will pull the CC data from the database, decrypt the numbers and bill customers. This system should be an internal system that cannot be accessed from the outside. It is the only system that has access to the private key and it pulls data from the database (no data is pushed to it). It has to be very secure from all perspectives (network, access controls, passwords, etc.).
Not sure what you mean in:
"How can I perform auto billing?"