No I don't shop at Amazon! As I said I will NOT give CC info if they are storing it.
I do not live in a fantasy world where humans need to bring up my CC info on a screen. Unless it is at one of the said payment gateways that everyone on here is telling people to use.
So many people are giving reason to store it in the DB and how it can be safe, no-one is address the forms that call that data to repopulate things to be read by humans. This is a big deal. If I stole your computer and start typing in a webform and a drop down box appears with the 100 last CC you looked at in it then lucky day for me. It isn't just about the DB being safe it is about the data being retrevable by a machine that simply has viewed the data. Anyone who has done data retieval from re-formated boxes will tell you what data can be found just because it was called to the screen.
I am sure that the big companies terminals are safer then Joe Blows terminal at some small company which may be in his basement. Seeing as I worked at one for 3 years designing webforms and interfacees and making sure that the default settings on the CC human processors cahce settings was set to not cache and to store 0 bytes of data.
Does that get it all?
No but at least the preform population doesn't return a bunch of CC numbers that were called into the form. Not to mention the secured area that the terminals lived requiring securty passes to access and all the goodies.
I would bet this years pay that what the original poster's computer, that will be grabbing the CC info to process manually has none of this. And that is the point here, if you aren't a data protection expert then you have no business storing anything CC related in a DB, or calling that data into forms on unprotected PCs. Especially webforms read by browsers.
In fact in some countries including the USA I would even wager that if you do, and CC info is harvested by someone who is looking for that stuff then you may be liable for being so careless with that data.
Is it worth saving a few bucks? NO! So don't do it. The original question is how do I do it in a cost effective manner and the answer is.
Have them call into a 1-800 number to complete their online order by giving their CC info over the phone and you punching it into your machine for auth. You cn store their order info in the db and call it up when they call in with some lookup number you email them
Get a western union account that people can transfer funds to and hold shipping until payments recieved.