CISP from Visa has very specific recommendations regarding the storing of credit card data.
Search for November 2002 Operating Guidelines and it should find a PDF that details the requirements you should follow.
Also, if I recall, violation of the statues that they have set forth carries a $50000 USD fine for the first occurrence, a $100000 USD fine for the second occurrence and management can then set the fine level. Terms are based on a 12 month rolling period.
Mastercard and American express have similar recommendations but Visa is by far the most strict.
Basically, if you store the card number, it must be stored on a machine that cannot be directly hit from the internet, and storing the CVV2 number is also not allowed. If I recall, the recommendation is for Triple DES if you must store the card data.
You might check your gateway provider, although I don't believe verisign has any one-click capabilities.
As for the password, what older processes used to do was require manual entry when the server process was restarted -- that way it was only in memory. Storing it anywhere on a filesystem is probably not a good idea.
If you are running linux, you might take a look at some of the SELinux patches with the secure filesystems.