I'm pretty new to PCI compliance and from what I understand I need to secure a person's credit card info, expiration date and the card holder's name. There's not going to be storage of security codes ever. So in my SQL Server 2008 database, I would need to encrypt these 3 columns? Also, do I need to share one certificate and have 3 symmetric keys or only 1 of each? Thank you!