Symmetrically encrypted credit cards, OK, I can see it, though it's far from a silver bullet.
Symmetrically encrypting credit card numbers is tough to do within the rules unless you have a hardware security module. Under PCI DSS, the complete key used for decryption is not allowed to be within the control of one person, including the sysadmin. So, you can't have the complete key on one machine because then the sysadmin can get it (except HSMs, which prevent even the administrator from getting at the keys). You can, however, have two physically separately controlled machines, with no overlapping access rights, and use keys in both.
Then, to reduce latency, load, failure risk, etc., you can have a public key on your server and use it for encrypting card numbers during payments, and use a much more expensive and complicated process for decrypting them when you need to make refunds.
If someone has hacked your database layer, they probably have your decryption keys from the app layer too.
That's one reason for the rule. The other is to stop someone (including a sysadmin) running off with the complete key - instead, they'd have to send the encrypted data through the online decryption process. Not only is that logged (and possibly limited), it may be something that you don't have access to if, say, you've stolen a backup or decommissioned disk.